Latest ☀️SolCyber Managed Security podcast episode is out: LISTEN 🔈 or READ 📖 (full, carefully-edited transcript provided) 𝗦𝟭 𝗘𝗽 𝟬𝟭𝟰: 𝗦𝗢𝗖 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 - 𝗛𝗼𝘄 𝗺𝘂𝗰𝗵 “𝗼𝘂𝘁” 𝗶𝗻 𝗼𝘂𝘁𝘀𝗼𝘂𝗿𝗰𝗲? solcyber.com/tales-from-the…

Thinking of using a VPN because of new age verification rules? Well, VPNs can be double-edged swords ⚔️. Here’s a must-read explainer in plain English, and advice on what to do about it. Please like and share: solcyber.com/when-vpns-go-r…

Use an iPhone? Apple’s latest security fixes are out in version 18.6. Possible remote code execution, security bypasses, data leakage - all the usuals. The recent zero-day in Chrome (CVE-2025-6558, a bug in the ANGLE library) turns out to affect Apple too.

Please read this article before your sense of humour lures you into using this website for real 😀🤔 Look if you must, laugh if you like, but don’t do anything stupid with the IDs it makes! (Would you want to get sued by an MP?) solcyber.com/fake-id-genera…

LISTEN NOW 🔈(or 📖 the transcript): experts Gabriel Gonzalez of IOActive, Inc and Joe Saunders of RunSafe Security confront automotive hacking, now and in the future… (Also, an awesome and well-informed host. If I do say so myself 😬) runsafesecurity.com/podcast/securi…

𝟲𝟬 𝗦𝗲𝗰𝗼𝗻𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆: Rootkit treachery on Linux, LOLBIN style! Learn both attack and defense in just 60 seconds. Hire me to work for you: pducklin.com/about Visit the ☀️SolCyber Managed Security blog: solcyber.com/blog

Chrome 139 has landed with 12 security fixes, including two use-after-frees. Use-after-free bugs are common vehicles for remote code execution, because one part of the program trusts data it shouldn’t. Look for 139.0.7258.66 (or .67 on Win and macOS).

𝗔𝗺𝗼𝘀'𝘀 𝗔𝗹𝗺𝗮𝗻𝗮𝗰: Rootkits - When cybercriminals come up with tricks to hide their tricks. Find lots more human-friendly, plain-English advice from Amos and the team on the ☀SolCyber Managed Security blog: solcyber.com/blog #AtAA #AmosAlmanac

OpenSSL’s latest update is out: 3.5.2. None of the bug fixes are tagged as “security fixes,” so no CVEs this time. There is a runtime change if you use “FIPS mode,” so that asymmetric crypto keys are explicitly tested when imported.

Firefox just pushed out 141.0.3 to fix a weird bug! “Strict mode” was supposed to block cryptominers but didn’t. Browser-based cryptomining isn’t much of a thing these days, which is probably why the bug went unnoticed. But it’s been fixed now anyway.

𝗔𝗺𝗼𝘀'𝘀 𝗔𝗹𝗺𝗮𝗻𝗮𝗰: Remote Code Execution - the cyber-attacker's favored partner-in-crime. Lots of plain-English advice from Amos and the team on the ☀️SolCyber Managed Security blog: solcyber.com/blog #AtAA #AmosAlmanac

Apple’s latest iOS update just arrived. The security notes say only that 18.6.1 “has no published CVE entries.” There is “a new Blood Oxygen experience for users in the United States,” whatever *that* means… Auto-FTP boost? Dial-your-own VO2 Max?