433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Raspberry Pi OS 6.2 disables passwordless sudo by default

Raspberry Pi OS 6.2, based on the Trixie version, introduces small changes, bug fixes, and disables passwordless sudo by default for new installations. Screenshot of password prompt (Source: Raspberry Pi) “We continually review the security of Raspberry Pi OS to ensure it is sufficiently robust to withstand potential attacks. This is always a balance, as anything that makes the operating system more secure can inconvenience legitimate users to some extent, so we try to keep … More → The post Raspberry Pi OS 6.2 disables passwordless sudo by default appeared first on Help Net Security.
http://news.poseidon-us.com/TS33YP

What changed in nginx 1.30.0 and what it means for your upstream config

nginx 1.30.0 brings together features accumulated across the 1.29.x mainline series. The release covers a broad range of changes, from protocol support additions to security-relevant fixes and new configuration options. Keepalive to upstreams is now on by default One of the more operationally significant changes is that keepalive connections to upstream servers are now enabled by default, with the proxy HTTP version set to 1.1. Previously, operators had to configure this explicitly. The change affects … More → The post What changed in nginx 1.30.0 and what it means for your upstream config appeared first on Help Net Security.
http://news.poseidon-us.com/TS2tC6

This simple change stops robot swarms from getting stuck

In crowded environments, more robots don’t always mean faster results—in fact, too many can bring everything to a standstill. Harvard researchers discovered a surprising fix: adding a bit of randomness to how robots move can actually prevent gridlock and boost efficiency. By allowing robots to “wiggle” slightly instead of marching in straight lines, they can slip past each other and keep tasks flowing smoothly.
http://news.poseidon-us.com/TS2slw

OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers

Defending critical software has long depended on the ability to find and fix vulnerabilities faster than attackers can exploit them. OpenAI is expanding a program designed to give professional defenders prioritized access to AI tools built for that purpose. The company is scaling its Trusted Access for Cyber (TAC) program to thousands of verified individual defenders and hundreds of teams responsible for defending critical software. Alongside that expansion, OpenAI is releasing GPT-5.4-Cyber, a version of … More → The post OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers appeared first on Help Net Security.
http://news.poseidon-us.com/TS2pkJ

The exploit gap is closing, and your patch cycle wasn’t built for this

The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers on Anthropic’s Claude Mythos, which autonomously found thousands of zero-day vulnerabilities across major operating systems and browsers, generated working exploits without human guidance, and achieved significant exploit success rate in internal testing. Asymmetry in offense and defense The structural … More → The post The exploit gap is closing, and your patch cycle wasn’t built for this appeared first on Help Net Security.
http://news.poseidon-us.com/TS2pkH

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time

In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure infrastructure. He outlines how EU regulations, including the Cyber Resilience Act and NIS2, are creating stronger accountability for vendors and organizations. ENISA is building out European vulnerability services to support member states. Carvalho also addresses how practitioners navigate conflicting … More → The post Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time appeared first on Help Net Security.
http://news.poseidon-us.com/TS2pjw

Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab

Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub and GitLab environments and reporting policy violations across organizations, repositories, members, and CI/CD runner groups. What it checks Legitify evaluates configurations across five namespaces: organization-level settings, GitHub Actions configurations, member accounts, repositories, and runner groups. … More → The post Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab appeared first on Help Net Security.
http://news.poseidon-us.com/TS2l2B

Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian

AI coding assistants are quickly becoming part of everyday development. Tools like Cursor, Claude Code, and GitHub Copilot can now do more than suggest code. They can read files, run shell commands, and call external tools during a session. That makes them useful, but it also creates a new risk: secrets can be exposed long before code reaches a repository or CI pipeline. A developer might paste an API key into a prompt while debugging. … More → The post Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian appeared first on Help Net Security.
http://news.poseidon-us.com/TS2jtn