Open-source password manager
POPULARITY
Passwords were built for a different era of the internet. It's time to move past shared secrets to close your organization's largest threat vector for good.Traditional passwords and legacy Multi-Factor Authentication (MFA) are no longer enough to protect your business. Automated, scaling phishing toolkits easily intercept shared secrets, leaving small and medium businesses highly vulnerable to credential breaches.In this episode, Jen sits down with Nishant Kaushik, Chief Technology Officer at the FIDO Alliance, to translate complex cryptographic standards into an actionable, resource-light deployment plan. Learn how to transition away from legacy authentication and close the hidden operational loopholes that hackers actively exploit.What You Will Learn:The Flaw in Basic MFA: Why SMS codes and standard one-time passwords (OTPs) are failing, and what true "phishing-resistant" security means.The Account Recovery Trap: Why a weak "Forgot Password" workflow accidentally gives hackers their primary attack vector back—and how to fix it.The Bottom-Line Benefit: How moving to passkeys drastically reduces internal IT helpdesk tickets, manual password resets, and overhead costs.Right-Sizing Your Passkey Deployment: How to easily segment your workforce strategy:Standard Users: Synced passkeys via platform credential managers (Apple, Google, 1Password, Bitwarden).Privileged Users: Dedicated hardware keys (YubiKeys) for root admins and high-sensitivity infrastructure.The 1-Week Action Plan: How to leverage the identity infrastructure you already own (like Google Workspace or Microsoft Entra ID) to deploy passkeys today.Resources Mentioned:Learn more about modern identity standards: FIDO Alliance WebsiteReview baseline federal security recommendations: CISA Guidance on Phishing-Resistant MFADiscover SecurityMetrics compliance resources: SecurityMetrics Official SiteThreat Intelligence Data: Read the data behind credential exploitation in the latest Verizon Data Breach Investigations Report (DBIR). Federal Passkey Standards: Review the updated identity and passkey frameworks via the NIST SP 800-63 Digital Identity Guidelines. Enterprise Identity Platforms: Learn how modern stacks integrate passwordless via Okta Verify and Microsoft Entra ID. About the Guest: Nishant Kaushik is the Chief Technology Officer at the FIDO Alliance, bringing over 25 years of leadership in digital identity and access management (IAM). He holds nine patents, frequently serves on the advisory committees for the RSA Conference and Identiverse, and is a founding member of IDPro.A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place But if you just want to learn how to protect yourself for free, start here: https://academy.securitymetrics.com/
Leave the farm without killing the chickens, or losing remote access? We dig into how we pulled it off: Frigate, local automation, sun-tracking coop doors, and a network that shrugged off an ISP outage.Sponsored By:Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.Support LINUX UnpluggedLinks:ConnecTen Internet — Get $35 off your order total with Jupiter35
Adieu les codes : Comment la biométrie comportementale va tuer le mot de passe en 2026 Par Régis BAUDOUIN Se souvenir d’une majuscule, d’un chiffre, d’un caractère spécial, et changer le tout tous les trois mois… Cette corvée mentale, vestige des débuts de l’informatique, vit ses toutes dernières heures. En ce mois de juin 2026, le déploiement mondial des standards de connexion de nouvelle génération marque une bascule historique. Menée par l’alliance des géants de la tech, la sécurité ne repose plus sur ce que vous connaissez (un mot de passe), ni même uniquement sur ce que vous êtes (votre empreinte digitale), mais sur la façon dont vous vous comportez. Bienvenue dans l'ère de la biométrie comportementale décentralisée. Le coût de l’oubli : Selon les dernières données du cabinet Gartner, les demandes de réinitialisation de mots de passe représentent encore 20% à 30% de l’ensemble des tickets d’assistance informatique en entreprise, pour un coût moyen estimé à 15€ par intervention. Comment votre téléphone sait que c'est vous La biométrie traditionnelle (Iris, FaceID, empreinte) cartographie des caractéristiques physiques figées. La biométrie comportementale, elle, analyse la dynamique de vos actions en temps réel. C'est une science algorithmique qui transforme vos habitudes inconscientes en une signature mathématique unique. Lorsque vous saisissez votre smartphone, plusieurs dizaines de capteurs physiques s’activent en arrière-plan : L'accéléromètre et le gyroscope : Ils mesurent l’angle exact et la micro-oscillation de votre main. Le capteur de pression tactile : Il évalue la surface de contact de votre pouce et la force exercée sur la dalle en verre. Le rythme de frappe : L’algorithme calcule au millième de seconde près le temps de pression sur chaque touche et l’intervalle de transition entre deux lettres. Les publications de la IEEE Biometrics Council démontrent qu’en analysant seulement 30 à 40 frappes consécutives, un algorithme de notation comportementale atteint un taux de précision supérieur à 99% pour identifier le véritable propriétaire de l’appareil. Pour l’Intelligence Artificielle locale de votre téléphone, votre manière de taper ou de balayer votre fil d’actualité est aussi unique qu’une empreinte génétique. Si un tiers subtilise votre téléphone déverrouillé, le système détecte le changement de rythme en moins de 1,5 seconde et reverrouille l’appareil automatiquement. Source Le standard Passkeys 2.0 de l’alliance FIDO La question légitime que pose une telle innovation est celle de la vie privée. Hors de question que nos rythmes de frappe ou nos données de marche soient envoyés sur des serveurs Cloud pour y être analysés. C’est ici que la prouesse technique prend tout son sens : tout reste en local. Cette révolution s’appuie sur l’évolution des Passkeys, un protocole mondial développé par la FIDO Alliance. Les statistiques d’adoption de la FIDO Alliance pour 2026 révèlent que plus de 12 milliards de comptes en ligne dans le monde supportent désormais cette technologie. Métrique de SécuritéMots de Passe ClassiquesPasskeys + Biométrie ComportementaleSensibilité au Phishing (Hameçonnage)100% (Vulnérable)0% (Immunisé)Temps moyen de connexion~15 secondes~2,5 secondesTaux d’échec à l’authentification~14% (Erreurs de saisie)Moins de 0,5% Le principe repose sur la cryptographie asymétrique. Lorsque vous créez un compte, votre téléphone génère une paire de clés : une clé publique émise au site internet, et une clé privée, jalousement gardée dans l’enclave matérielle sécurisée de votre processeur (le Secure Element). La biométrie comportementale sert uniquement de déclencheur physique pour “libérer” cette clé privée locale. Le site distant ne reçoit jamais vos données comportementales ; il reçoit simplement une validation mathématique. Focus sur les Passkey Le principe fondamental d’un Passkey est qu’il n’existe aucun secret partagé entre vous et le service en ligne (Netflix, votre banque, Amazon). Contrairement à un mot de passe classique, qui est stocké sur les serveurs de l’entreprise (et donc vulnérable aux fuites de données), le Passkey sépare la sécurité en deux éléments mathématiques distincts et indissociables. [ Votre Appareil ] [ Serveur Web ] Clé Privée (Secrète) ── Chiffre le défi ──> Clé Publique (Connue) (Reste dans le SE) (Ne sert qu'à vérifier) Comment se déroule une connexion passkey ? 1.La génération de la paire de clés :Lors de l’inscription. Le gestionnaire de Passkeys de votre appareil génère une clé privée (qui reste enfermée dans la puce physique sécurisée de votre téléphone) et une clé publique (qui est envoyée au serveur du site). 2.L’envoi du défi (Challenge) :Lors de la connexion. Lorsque vous voulez vous connecter, le site web envoie un “défi” (un message aléatoire chiffré) à votre appareil. 3.Le déverrouillage biométrique :Validation locale. Votre appareil vous demande de valider votre identité (via FaceID, empreinte ou la fameuse biométrie comportementale). Cette action locale sert d’autorisation pour réveiller la clé privée. 4.La signature mathématique :Finalisation. La clé privée signe le défi envoyé par le site et renvoie la réponse. Le serveur utilise votre clé publique pour vérifier la signature. Si le calcul correspond, vous êtes connecté. Aucun mot de passe n’a voyagé sur le réseau. Les deux grandes familles de solutions Passkeys L’écosystème de 2026 se divise en deux approches techniques pour gérer ces clés cryptographiques. Elles répondent à des besoins de mobilité ou de sécurité informatique différents. 1. Les Passkeys Synchronisés (Multi-appareils / Synced Passkeys) C’est la solution grand public par excellence, intégrée nativement dans nos systèmes d’exploitation. La clé privée est stockée dans le trousseau Cloud du constructeur (Apple iCloud Keychain, Google Password Manager, Microsoft Account). Le fonctionnement : Si vous créez un Passkey sur votre iPhone, il est automatiquement disponible sur votre Mac ou votre iPad via iCloud. Le mécanisme de secours : Si vous perdez votre smartphone, vos Passkeys ne sont pas perdus : ils sont restaurés dès que vous vous reconnectez à votre compte cloud principal avec une authentification forte. Le cas du cross-platform : Si vous êtes sur un PC Windows et voulez vous connecter à un site avec le Passkey de votre iPhone, le PC affiche un QR Code. Votre iPhone le scanne, vérifie via une liaison Bluetooth de proximité que les deux appareils sont dans la même pièce, et valide la connexion. 2. Les Passkeys Matériels Liés (Single-device / Hardware-bound Passkeys) Cette approche est privilégiée par les entreprises, les banques ou les profils à haute visibilité (journalistes, politiciens). La clé privée est générée à l’intérieur d’un composant matériel dont elle ne pourra jamais sortir, interdisant toute copie dans le cloud. Les clés de sécurité physiques : Les clés USB/NFC (comme les YubiKeys de Yubico) matérialisent ce principe. La clé privée est scellée dans la puce de l’objet. Pour se connecter, il faut impérativement insérer la clé ou la badger contre son téléphone. Le niveau de sécurité supérieur : Même si votre compte iCloud ou Google est piraté, personne ne peut voler vos Passkeys matériels car ils n’existent nulle part sur internet. Les acteurs du marché des passkey en 2026 Le marché des solutions s’est considérablement structuré autour de trois grands types d’acteurs : Les natifs (Les OS) : Apple, Google et Microsoft fournissent l’infrastructure de base gratuite. C’est transparent pour l’utilisateur mais cela tend à verrouiller ce dernier dans leur écosystème respectif. Les gestionnaires indépendants (Cross-platform) : Des logiciels comme 1Password, Dashlane ou l’alternative open-source Bitwarden permettent de stocker et de synchroniser vos Passkeys de manière agnostique (fonctionne aussi bien entre un téléphone Android et un navigateur Safari sur Mac). Les solutions d’infrastructure (B2B) : Des plateformes comme Okta ou Ping Identity déploient ces architectures au sein des réseaux d’entreprises pour supprimer définitivement le risque de piratage interne. Le Passkey résout définitivement la faille numéro un de la sécurité informatique : l’erreur humaine. Un algorithme ne peut pas se faire berner par un faux site d’hameçonnage (phishing), car la clé publique est mathématiquement liée au nom de domaine exact du site. Si l’URL change d’une seule lettre, l’appareil refuse tout simplement de signer le défi. Sécurité absolue et friction zéro Pour l’utilisateur comme pour l’économie numérique, les bénéfices de cette numérisation invisible de la sécurité sont colossaux. Immunité totale contre le Phishing : Le rapport annuel de Verizon sur les fuites de données rappelle que 74% des cyberattaques impliquent encore un facteur humain (vol d’identifiants ou ingénierie sociale). N’ayant plus de mot de passe à taper, vous ne pouvez plus vous le faire voler par un faux email ou un site miroir. L’accessibilité universelle : Pour les personnes âgées ou en situation de handicap, la fin des barrières de saisie de codes complexes supprime la principale cause de l’exclusion numérique. La rentabilité pour les plateformes : Les géants du e-commerce constatent déjà une hausse de 5% à 7% des taux de conversion lors de l’étape de paiement depuis que les processus d’authentification contraignants ont été remplacés par la validation passive en arrière-plan. L’authentification invisible Le mot de passe était une anomalie ergonomique, une interface artificielle qui forçait l’humain à parler le langage de la machine. En 2026, la technologie est enfin devenue assez mature pour s’adapter à l’humain. En observant nos mouvements et nos rythmes sans jamais les trahir, nos appareils transforment nos gestes du quotidien en la plus sûre des clés. La haute sécurité n’est plus une contrainte, elle est devenue une seconde nature. Références et publications scientifiques pour approfondir : Le standard industriel et statistiques d’adoption : Pour comprendre l’architecture des clés d’accès décentralisées, consultez le portail officiel de la FIDO Alliance sur la technologie Passkey. Recherche en informatique et taux de précision : Pour les fondements scientifiques de l’analyse du rythme de frappe, voir les études indexées par le IEEE Xplore Digital Library sur les Keystroke Dynamics. Statistiques sur les cyberattaques : Consultez les rapports d’analyse des menaces sur le Verizon Data Breach Investigations Report pour les données liées au vol d’identifiants. The post Quand le mot de passe c'est vous first appeared on XY Magazine.
Te hablo aquí de una funcionalidad poco conocida de Bitwarden, pero muy útil. Permite enviar texto y archivos de forma segura con encriptación punto a punto.
rsync's founder came back, patched real security bugs with AI help, and triggered an open source meltdown. Plus, two more projects reject AI-generated code as the community's newest fault line cracks wide open.Sponsored By:Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.Support LINUX UnpluggedLinks:ConnecTen Internet — Get $35 off your order total with Jupiter35
It looks like Bitlocker had a back door in it, how a listener accidentally broke Gitea for users of the snap version, Google accidentally published an unpatched exploit for Chromium-based browsers, why people are starting to ditch Bitwarden, and moving a tech stack away from large corporations. Plugs Support us on patreon and get an ad-free RSS feed with some early episodes How Klara and TrueNAS fixed ZFS's longest standing limitation Webinar: June 25th @ 11am EDT: Understanding AnyRAID with Jon from HexOS News/discussion YellowKey Bitlocker Bypass Vulnerability Microsoft shares mitigation for YellowKey Windows zero-day How I Broke Gitea for Everyone Google publishes exploit code threatening millions of Chromium users The Quiet Renovation at Bitwarden Free consulting We were asked about moving a tech stack away from large corporations. See our contact page for ways to get in touch.
It looks like Bitlocker had a back door in it, how a listener accidentally broke Gitea for users of the snap version, Google accidentally published an unpatched exploit for Chromium-based browsers, why people are starting to ditch Bitwarden, and moving a tech stack away from large corporations. Plugs Support us on patreon and get an ad-free RSS feed with some early episodes How Klara and TrueNAS fixed ZFS's longest standing limitation Webinar: June 25th @ 11am EDT: Understanding AnyRAID with Jon from HexOS News/discussion YellowKey Bitlocker Bypass Vulnerability Microsoft shares mitigation for YellowKey Windows zero-day How I Broke Gitea for Everyone Google publishes exploit code threatening millions of Chromium users The Quiet Renovation at Bitwarden Free consulting We were asked about moving a tech stack away from large corporations. See our contact page for ways to get in touch.
Brent's been hacking smart speakers, Wes has a surprise, and Chris gives up on OpenClaw.Sponsored By:Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.Support LINUX UnpluggedLinks:ConnecTen Internet — Get $35 off your order total with Jupiter35
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Here's how Johny Srouji plans to speed up Apple's product development: report Apple Music shares what it is doing to ‘keep music fair' in an AI world Apple Sports app launches World Cup support, expands availability worldwide Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Here's how Johny Srouji plans to speed up Apple's product development: report Apple Music shares what it is doing to ‘keep music fair' in an AI world Apple Sports app launches World Cup support, expands availability worldwide Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Apple announces AI-powered accessibility features and eye-control of wheelchairs Apple announces return of popular MagSafe iPhone stand and grip Apple Watch Ultra 4 getting two major new upgrades, per report Apple Watch could soon gain new high blood pressure feature Apple might replace aluminum with titanium in future iPhones again, per leak Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: DOJ reportedly demands Apple and Google identify over 100,000 users of car app iOS 27 to add new custom wallpaper feature, more: report Apple sends invites for WWDC26 keynote, iOS 27 and more coming soon Apple unveils 30+ Apple Design Award app finalists Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Standalone Siri app to offer auto-deleting chat history, launch with beta label: report Report: Apple to upgrade Genmoji in iOS 27 with new automatic suggestions Upcoming Apple Card promo will basically give you free AirPods Pro 3 Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
What would you do if ransomware told you not only that your data was gone — but that it was encrypted with a quantum-safe algorithm and you have 72 hours to pay? That's not a hypothetical anymore. In this live news episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum are joined by IT Audit Labs member Bill Harris for a rapid-fire breakdown of the week's most important cybersecurity stories — and a few conversations that went places nobody expected.
Elon Musk perde la causa contro OpenAI. Eric Schmidt fischiato all'università. La backdoor di Bitlocker. Bitwarden cancella la licenza gratuita. ChatGPT e il conto in banca. Recupera i bitcoin grazie a Claude AI. Queste e molte altre le notizie tech commentate nella puntata di questa settimana.Dallo studio distribuito di digitalia:Franco Solerio, Michele Di MaioProduttori esecutivi:Jose, Mario Giammona, Simone Podico, Marco Grechi, Jacopo Conti, Manuel Giannatempo, Calogero Augusta, Michelangelo Rocchetti, Andrea Guido, Vito Astone, Davide Tinti, Alessandro Morgantini, Daniele Bastianelli, Andrea Malesani, Silvio Mariuzzo, Fabio Brunelli, Jean Dal Bo, Gabriele Marinelli, Enrico, Fiorenzo Pilla, Luca Ubiali, Umberto Marcello, Alessio Ferrara, Edoardo Volpi Kellerman, Beconsulting, Ivan, Cristian De Solda, Donato Gravino, Enrico Carangi, Giorgio Puglisi, Emanuele Libori, Davide Porta, Paolo Tegoni, Denis Grosso, Paolo Bernardini, Vincenzo Ingenito, Nicola Grilli, Andrea Giovacchini, Carlo Tomas, Riccardo Famà, Manuel Zavatta, Cristian Pastori, Diego Arati, Andrea Picotti, Mario Cervai, Giuliano ArcinottiSponsor:Squarespace.com - utilizzate il codice coupon "DIGITALIA" per avere il 10% di sconto sul costo del primo acquisto.Links:Elon Musk loses court battle against Sam Altman and OpenAIFabricated citations: an audit across 25 million biomedical papersLIA non ha rotto la scienza. Lha smascherataSecurity researcher says MS secretly built a backdoor into BitLockerBitwarden scrubs 'Always free' from its websiteConcerns Over Bitwarden Moving Away from Open SourceI see 1Password is stepping on the rake againWhat we learned using AI agents to refactor a monolithFBI remotely scrubs Russian malware from compromised devicesChatGPT Wants Access to Your Bank AccountOpenAI now wants ChatGPT to access your bank accountsOpenAI seals deal in Malta to give all Maltese access to ChatGPT PlusDigitalia DistillataChatbots at the drive-thru are just the beginningAI vigilante trap snares alleged paedophile ex-teacher in FranceAnthropic blames dystopian sci-fi for training AI models to act evilBitcoin trader recovers $400,000 using Claude AIGoogle's Android-powered laptops are called GooglebooksWill I be OK? Teen died after ChatGPT pushed deadly mix of drugsThe funniest thing about the Trump arcade game is how good it isTeam America: World Police Theme SongGingilli del giorno:Pro-level travel tips - consigli per i viaggi per geekPaperless AI Assist - automatizza Paperless-ngx con l'AISupporta Digitalia, diventa produttore esecutivo.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Apple has won a prestigious award for iOS 26's Liquid Glass design Intel is now making iPhone chips for Apple, per report OpenAI preparing ‘legal action' against Apple over Siri partnership: report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Netflix says that ads will start appearing in more parts of its app More than 10% of iPhone owners eyeing a folding phone – survey Smartphone Owners Aren't Convinced to Upgrade for Foldable Designs and AI Integrations, CNET Finds - CNET Apple is working to incorporate AI agents on the App Store, per report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Apple has reportedly rejected Touch ID for the Apple Watch for two reasons iOS 27's upgraded Camera app will be ‘fully customizable,' per report iOS 27 to make key design changes to ‘streamline' Liquid Glass: report Apple Plans Customizable iPhone Camera App, Siri Overhaul: iOS 27 - Bloomberg iOS 27's ‘completely rebuilt' Siri will include a new system-wide search gesture: report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Apple releases iOS 26.5 with 3 key features including new wallpapers for your iPhone iOS 26.5 adds end-to-end encryption for RCS messaging, rolling out now Wireless carrier support and features for iPhone in the United States and Canada - Apple Support macOS 26.5 now available, here's everything new macOS 26.5's new setting might solve Mac mini power button complaints visionOS 27 will bring these new Vision Pro upgrades: report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: iOS 27 adding new way to manage your Safari tabs, per report Report: macOS 27 to feature UI tweaks to address some Tahoe design complaints Apple and Intel have reached a deal to produce future chips: report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Apple pressed by lawmakers over closure of first unionized store Apple now requires verification for Education Store, adds Apple Watch with discounts Apple hits milestone in development of AirPods with cameras: report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: OpenAI's new phone being fast-tracked to launch next year, per report Report: Apple kicks off new run of A18 Pro chips as MacBook Neo demand exceeds expectations Apple says watchOS 26.5 fixes two key Apple Watch bugs Here's the next Apple Watch face coming in watchOS 26.5 and how to customize it Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
פרק מספר 515 של רברס עם פלטפורמה - באמפרס 91. רן תבורי, דותן ואלון מתכנסים לפרק באמפרס עמוס בחדשות טכנולוגיות, AI, שינויים בשוק התעסוקה, כלים חדשים למפתחים, והדילמה הנצחית של "אש או בוץ" בפרויקטים של קוד פתוח. [00:51] השקיעה של Stack Overflow רן פותח עם גרף שמראה את צניחת כמות השאלות הנשאלות ב-Stack Overflow לאורך השנים. האפקט ברור: מרגע שהבוטים שלנו מיצו את התוכן והחלו לתת לנו תשובות מיידיות, הטראפיק לאתר התרסק. דותן מציין שהירידה הכללית החלה עוד קודם, אך קפצה זמנית בתקופת הקורונה. [04:10] כולם מדברים על סקילים עולם סוכני הפיתוח (Agents) לא זז היום בלי סקילים (Skills). מקום מעולה להתחיל בו הוא האתר https://skills.sh/. דוגמה כיפית ושימושית מתוכו: סקיל לספריית Manim (של ערוץ היוטיוב 3Blue1Brown) שמאפשר ליצור אנימציות מתמטיות בקלות. הנה ציוץ הדגמה בטוויטר, והקישור לסקיל עצמו ב-Skills.sh. בעקבות הביקוש, נוצרה ממש תעשייה של מנועי חיפוש וספריות של סקילים: http://skills.sh (למקרה שפספסתם) https://context7.com/ https://skillsmp.com/ ריפו מעניין בגיטהאב: https://github.com/mhattingpete/claude-skills-marketplace [07:44] העתיד של ממשקי המשתמש ו-MCP Apps הסטנדרט החדש, MCP-apps, מאפשר להעביר רכיבי HTML אינטראקטיביים ישירות בתוך MCP (ולא רק טקסט). הפרויקט מובל בין היתר על ידי ליעד ועידו, מי שהקימו בעבר את https://mcpui.dev/. שווה לראות את סרטון ההדגמה ביוטיוב. ליעד השיק לאחרונה כלי מעניין נוסף בשם https://ora.run/ שמאפשר לכם לבדוק עד כמה האתר או הביזנס שלכם מותאם לקריאה על ידי סוכני AI (Agent-Ready). דיון פילוסופי קצר: איך ייראה עתיד ה-UX? חברות ענק כמו סיילספורס (Salesforce) כבר עברו להציע חוויית Headless מלאה שפונה קודם כל לאייג'נטים. [13:35] דונלד קנות', קלוד, והסקפטיות שנשברה פרופסור דונלד קנות' (Donald Knuth), מאבות מדעי המחשב, פרסם לאחרונה מאמר מרתק תחת הכותרת Claude Cycles. המסר המרכזי: קנות' התחיל כסקפטי מוחלט בנוגע ליכולות של כלי AI לכתוב קוד איכותי, אבל לאחר סדרת ניסויים, הוא מודה שהופתע לטובה. [15:52] פלטפורמות ניהול והרצה לאייג'נטים לכתוב סוכן זה קל, להריץ אותו בסביבה מאובטחת בסקייל ללקוחות זה סיפור אחר לגמרי. הפתרון? פלטפורמות Agent Hosting שצצות עכשיו בכל מקום: אנתרופיק (Anthropic) מציעים Managed Agents. גם OpenAI חזק במשחק עם פלטפורמת Frontier. ואמזון (AWS) הציגה את Bedrock AgentCore. [23:14] פיטורי AI ועתיד שוק התעסוקה התעשייה עוברת שינויים כואבים. חברות כמו Block ו-Coinbase מקטינות את מצבת כוח האדם ומצמצמות צוותים כפועל יוצא מהתייעלות מבוססת AI. למרות זאת, נשמעים גם סיפורים על חברות שמעדיפות כרגע לשכור מפתחים ג'וניורים זולים במקום לשלם על עלויות תפעול גבוהות של כלי AI. אז מה העתיד טומן בחובו? אולי לפחות נוכל לתת לרובוט לקפל לנו את הכביסה. [25:54] כלים לטרמינל (ההמלצה של אלון) כשהטרמינל עמוס באייג'נטים שרצים ברקע, כדאי לעשות סדר. אלון ממליץ בחום על https://cmux.com/, כלי טרמינל נוח במיוחד שמבוסס על Ghostty, עם תמיכה בטאבים ורטיקליים שמאוד מקלים על העבודה עם סוכנים מרובים (למרות שרן טוען אצלו זה קצת "התעייף" ונהיה אטי). [31:11] הפריצה לורסל (Vercel) ורסל סבלה לאחרונה מפריצת אבטחה (ההודעה הרשמית כאן), שבמהלכה כנראה דלפו מפתחות (API Keys) של לקוחות ונמכרו ברשת האפלה. אם עדיין לא עשיתם רוטציה למפתחות שלכם שם – זה הזמן. [32:41] פינת הקוד הפתוח של דותן: "אש או בוץ" (
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Report: iPhone 17 ranked as world's top-selling smartphone in Q1 2026 iPhone users could get up to $95 per device as Apple reaches $250M settlement over Siri delays iOS 27 will let you choose between Gemini, Claude, and more for AI features: report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Researchers are raising concerns about a new cybersecurity risk emerging from the systems that regulate electrical power inside modern electronics and infrastructure.Japan's financial sector is responding to concerns around Anthropic's new AI model, Claude Mythos, which some officials believe could significantly impact cybersecurity.Docker and Socket researchers discovered that malicious images were pushed to the official checkmarx/kics Docker Hub repository, indicating a supply chain compromise affecting the KICS infrastructure-as-code scanning tool.JFrog security researchers identified a malicious npm package published as @bitwarden/cli version 2026.4.0 that impersonates the legitimate Bitwarden command-line client.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Apple highlights 3 enhancements coming to iPhone with iOS 26.5 Apple considers Intel and Samsung to diversify chip manufacturing away from TSMC iOS 27: Apple Wallet adding new ‘Create a Pass' feature, per report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Apple to seek tariff refunds, plans to reinvest money in the US Apple unveils Pride Edition Sport Loop for Apple Watch, order today iOS 26.5's new Pride wallpaper revealed, plus Apple Watch face Apple discontinues base Mac mini, now starts at $799 with 512GB storage Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Apple reports Q2 2026 earnings Apple says supply constraints for Mac mini and Mac Studio to persist for several months Apple says iPhone 17 lineup is officially the ‘most popular' in its history John Ternus joins Apple's Q2 2026 earnings call, touts ‘incredible roadmap ahead' Apple's R&D spending hits new record as AI investment ramps up Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: OpenAI is making its own phone to compete with the iPhone: report Camera in iOS 27 to feature Siri mode with enhanced Visual Intelligence, per report Apple might ditch MagSafe on future iPhones, per bizarre rumor Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Warren Buffett once said it's only when the tide goes out that you discover who's been swimming naked. This week, the tide went out on several fronts simultaneously, and what it revealed was uncomfortable, instructive, and in some cases, long overdue.France opened the week with a breach that should trouble every government running centralised identity infrastructure. Up to 19 million records tied to passports, ID cards, and driver's licenses are now circulating on criminal forums. What makes this worse than a typical data leak is the context: a similar dataset from the same agency surfaced in 2025. This wasn't a surprise attack on a hardened target. It was a recurring failure wearing the face of a solved problem.The Bitwarden supply chain story carried a similar energy. No vaults were cracked, no passwords were stolen, and most users never noticed a thing. But a malicious package briefly moved through npm as part of the Checkmarx campaign, targeting the developers who build the software everyone else depends on. The lesson isn't technical — it's structural. Your security posture now extends to every build pipeline, every dependency, and every automation script upstream of your product.Then came FAST16.SYS, and the week shifted into something darker. This rootkit, which appears to predate Stuxnet, didn't steal data or trigger alarms. It quietly altered precision calculations in memory while leaving every file on disk untouched. Systems looked healthy. Outputs looked reasonable. The only thing wrong was the answer. It is the most patient form of sabotage imaginable, and it reframes what advanced threats are actually capable of when detection, not damage, is the real objective.AI brought its own escalation this week. Researchers are now using AI systems to attack other AI systems at machine speed — probing, learning, and refining exploits far faster than any human team. At the same time, agent browsers like Interceptor are quietly repositioning the browser itself as an autonomous actor, raising legitimate questions about oversight when software is doing the clicking, typing, and deciding on your behalf.Anthropic's Mythos model access story tied several threads together neatly. Contractor credentials, open-source reconnaissance, and data exposed in a third-party breach combined to give a small group access to a restricted model. The intent was curiosity, not sabotage — but the mechanism was a textbook illustration of how third-party access chains create exposure that principal organisations rarely see coming.Apple closed out the privacy section with a rare win, patching a logging bug that had been silently retaining Signal message fragments for up to a month — long after deletion, long after the app was removed. The FBI had already used it in court. The patch is clean and the fix is automatic, but the episode is a pointed reminder that ephemeral and permanent are closer together than most people assume.The week closed on strategy. OpenAI and Microsoft have restructured their foundational partnership, removing exclusivity and capping revenue payments. The AI infrastructure layer is becoming contested ground, and this deal confirms that no single partnership, however dominant it once appeared, is permanent.This week's stories didn't shout. They accumulated. And that, more than anything, is the point.
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: iOS 27 will add three new features to Apple's Photos app, per report John Ternus faces critical decisions on iPhone pricing and US manufacturing Apple introduces monthly subscriptions with a 12-month commitment on the App Store Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Bitwarden's CLI got hit by the Checkmarx supply-chain campaign, TypeScript 7.0 beta lands with the Go-rewritten compiler running ~10x faster than 6.0, and pgBackRest lost its maintainer of thirteen years leaving anyone running production Postgres with a real dependency-trust task this week. We've also got Ubuntu 26.04 LTS shipping with TPM-backed full-disk encryption, and Matz dropping Spinel as an AOT path that takes Ruby to native binaries. This week was a good reminder that the tools we depend on are all moving at once. Security, performance, and maintenance aren't isolated threads.
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
Bitwarden's CLI got hit by the Checkmarx supply-chain campaign, TypeScript 7.0 beta lands with the Go-rewritten compiler running ~10x faster than 6.0, and pgBackRest lost its maintainer of thirteen years leaving anyone running production Postgres with a real dependency-trust task this week. We've also got Ubuntu 26.04 LTS shipping with TPM-backed full-disk encryption, and Matz dropping Spinel as an AOT path that takes Ruby to native binaries. This week was a good reminder that the tools we depend on are all moving at once. Security, performance, and maintenance aren't isolated threads.
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
Bitwarden's CLI got hit by the Checkmarx supply-chain campaign, TypeScript 7.0 beta lands with the Go-rewritten compiler running ~10x faster than 6.0, and pgBackRest lost its maintainer of thirteen years leaving anyone running production Postgres with a real dependency-trust task this week. We've also got Ubuntu 26.04 LTS shipping with TPM-backed full-disk encryption, and Matz dropping Spinel as an AOT path that takes Ruby to native binaries. This week was a good reminder that the tools we depend on are all moving at once. Security, performance, and maintenance aren't isolated threads.
EP 289. Let's climb to the top of this week's stories:France's most trusted identity infrastructure has become its biggest liability, and nineteen million citizens are now paying the price.The real lesson from Bitwarden's close call isn't about passwords it's about how quietly an attack can move through the software you never see being built.A newly uncovered rootkit predating Stuxnet has rewritten what we thought we knew about state-level sabotage and its most dangerous feature was making everything look perfectly normal.The arms race in AI security has hit a new threshold machines are now the ones probing for weaknesses, and they don't need sleep to do it.The browser is no longer just a window to the web it's becoming an autonomous actor, and that changes everything about who's actually in control.A restricted AI model, a contractor's borrowed credentials, and a private Discord channel Anthropic's Mythos access story is a case study in how third-party trust becomes a front door.A logging bug quietly turned one of the world's most trusted encrypted messaging apps into an inadvertent evidence locker and it took an FBI courtroom testimony to bring it to light.OpenAI and Microsoft have redrawn the map of AI's most consequential partnership, and the shift from exclusivity to optionality signals a new phase in who controls the infrastructure layer.Tighten your shoelaces, and let's get to the bottom of this.Find this week's transcript here.
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: Leaker details next year's ‘iPhone 20' display features John Ternus says Apple has ‘so much' opportunity to expand services iPhone Ultra and MacBook Ultra are coming this year, per report Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode: The base model $599 Mac mini is now completely out of stock iOS 26.4.2 fixes bug that allowed deleted notifications to be retrieved John Ternus is an Apple TV fan, but wants to make it ‘more competitive': report Report shares new details from Tim Cook's town hall, including career highs and missteps Listen & Subscribe: Apple Podcasts Overcast RSS Spotify TuneIn Google Podcasts Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock: Ad-free versions of every episode Bonus content Catch up on 9to5Mac Daily episodes! Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.
After 26 years, we return to our roots and reflect on why LinuxFest Northwest is still a special event.Sponsored By:Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.Support LINUX UnpluggedLinks:
On this episode, I cover news on the latest LLMs by DeepSeek and OpenAI, I also provide an update on the UK case against Microsoft over Windows Server licensing for cloud providers and much more! Reference Links: https://www.rorymon.com/blog/bitwarden-security-incident-new-apple-ceo-announced-employee-buyout-expected-at-microsoft/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Apple Patches Exploited Notification Flaw https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Notification%20Flaw/32922 Bitwarden CLI Compromised https://socket.dev/blog/bitwarden-cli-compromised https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127 Microsoft Security Advisory CVE-2026-40372 ASP.NET Core Elevation of Privilege https://github.com/dotnet/announcements/issues/395
You’ve got quick tips galore this week: if your iPad battery’s draining mysteriously, your Apple Pencil might be the culprit, so pop it off when you’re not using it. Want custom emoji? Now you can create your own. LaunchBar fans, there’s a slick way to jump straight into System Settings, and if you’re self-hosting Bitwarden, the guys walk you through adding a local server with Cloudflare Tunnels. Pilot Pete also breaks down getting your digital ID working at TSA — and makes a compelling case that it’s actually more secure than handing over your physical license — plus there’s a look at TSA’s new Touchless ID system. On the AI side, if agentic browsing still makes you nervous, Dave and Pete have practical advice for easing in, and they dig into why the app you use matters just as much as the LLM behind it — including a look at Claude’s upcoming Mythos model. You’ll hear how to tighten your AI agent’s security awareness (Don’t Get Caught slipping on that one), use Comet to become the ultimate “Reply Guy,” let your LLM tell you which apps are available in Setapp, and even have your chatbot generate QR codes . Wrapping up, there’s a fix for Mail not seeing updated Contacts Groups, a cost breakdown of building your own 2026 27-inch iMac, and an honest conversation about whether Plex is getting worse. Press play and enjoy learning at least five new things, folks! 00:00:00 Mac Geek Gab 1137 for Monday, April 13th, 2026 April 13th: National Scrabble Day The MGG Merch Store is Live! MGG Monthly Giveaway – Enter to win a Plex Pass for a year! Congrats to March's SoundSource winners: Ian, Robert, and Jeff Quick Tips 00:00:01 Ian-QT-1136-Apple Pencil can drain an iPad battery 00:03:37 PilotPete-QT-Create Your Own Emoji 00:06:24 Ben-1136-CSF-Use LaunchBar to launch System Settings 00:08:22 Adding a local Bitwarden server Cloudflare Tunnels Cloudflare Workers Uplock app for Apple Passwords 00:21:39 PilotPete-QT- getting digital ID to work at TSA & why it's likely more secure than your license 00:25:59 TSA Touchless ID Sponsors 00:30:28 SPONSOR: CleanMyMac. Get Tidy Today! Try 7 days free and use our code MACGEEK for 20% off at clnmy.com/MACGEEK 00:32:01 SPONSOR: Pocket Hose. For a limited time, you can get a FREE pocket pivot and their 10-pattern sprayer with the purchase of ANY size Copper Head hose. Just text MGG to 64000. AI Side Quest 00:33:40 The Flora-Bama Club 00:35:59 Andy-What can I do if I'm not yet comfortable with agentic browsing? 00:41:20 Your AI app matters as much as the LLM 00:45:08 What's up with Claude's new Mythos LLM? 00:48:42 Jason-QT-Tighten Your AI Agent’s Security Awareness! 00:51:32 Using Comet to help you be “Reply Guy” 00:53:46 Todd-QT-Let your LLM tell you which apps you can get in Setapp 00:55:49 Roy-QT-Let your chatbot create QR codes iQR for QR Codes Your Questions Answered and Tips Shared! 00:58:33 Joe-Why is Mail not seeing my updated Contacts Group? 01:04:12 Brent-Cost breakdown of the 2026 27″ iMac 01:06:16 Matt-Is Plex getting worse? If so, can it get better? Emby Jellyfin 01:19:31 MGG 1137 Outtro MGG Monthly Giveaway Bandwidth Provided by CacheFly Pilot Pete's Aviation Podcast: So There I Was (for Aviation Enthusiasts) The Debut Film Podcast – Adam's new podcast! Dave's Business Brain (for Entrepreneurs) and Gig Gab (for Working Musicians) Podcasts MGG Merch is Available! Mac Geek Gab iOS app Mac Geek Gab YouTube Page Mac Geek Gab Live Calendar This Week's MGG Premium Contributors MGG Apple Podcasts Reviews feedback@macgeekgab.com 224-888-GEEK Active MGG Sponsors and Coupon Codes List BackBeat Media Podcast Network
“The simple believe everything, but the prudent give thought to their steps.” — Proverbs 14:15 In a world where scams are increasingly sophisticated, Scripture reminds us that precaution is not paranoia—it's stewardship. Protecting the resources God has entrusted to us isn't just practical; it's spiritual. Today's threats may come through phone calls, emails, text messages, or even impersonations of people we trust. But as followers of Christ, we are not called to live in fear—we are called to walk in wisdom. So what does wise, faithful stewardship look like in a digital age? 1. Slow Down and Verify Scammers thrive on urgency. They want you to act before you think. If someone pressures you—claiming to be your bank, a government agency, or even a loved one—pause. Hang up. Verify the source using official contact information. Remember: Pressure is a red flag. Wisdom takes a breath. 2. Be Wise About How You Send Money One of the clearest warning signs of fraud is how payment is requested. Never send money via wire transfer, gift cards, or peer-to-peer apps (like Zelle or Venmo) to someone you don't personally know. Legitimate organizations will not demand payment this way. If something feels off, trust that instinct and walk away. 3. Use Tools That Protect You Not all payment methods are created equal. Use credit cards when shopping online—they typically offer stronger fraud protection than debit cards. Enable two-factor authentication (2FA) on financial accounts—it's like adding a deadbolt to your digital front door. Use an authenticator app when possible instead of text-based codes. These simple steps dramatically reduce your vulnerability. 4. Strengthen Your Passwords Weak or reused passwords are one of the easiest entry points for thieves. Use a password manager like Bitwarden or NordPass to create and store strong, unique passwords. Avoid reusing the same password across multiple accounts. Think of your passwords as keys—each door should have its own. 5. Monitor and Lock Down Your Accounts Staying alert can help you catch problems early. Set up bank alerts for large transactions or unusual activity. Freeze your credit with all three major bureaus—it's free and highly effective against identity theft. This is like installing an alarm system for your finances. 6. Be Cautious Online and in Public Convenience can sometimes come at a cost. Avoid accessing financial accounts on public Wi-Fi unless you're using a VPN. Only log into accounts on your personal devices. Limit what you share on social media—details like birthdays, family names, or locations can be used against you. Not everything needs to be public. 7. Protect Your Physical Information Digital security matters—but so does what's on paper. Shred documents containing sensitive information like bank statements, tax forms, or medical records. Be cautious of phishing emails or messages—even if they appear to come from someone you know. When in doubt, verify before you click. 8. Make It a Family Conversation Scammers often target the most vulnerable—especially older adults and teenagers. Take time to: Talk with your family about common scams Share what you're learning Stay informed together Stewardship is not just personal—it's communal. 9. Use Caution After Data Breaches If a company offers identity theft protection after a breach: Take advantage of it—but verify first Contact the company directly through their official website or number Don't trust links or instructions in unsolicited messages. Faithful Stewardship Without Fear There's no question that in today's world, financial faithfulness includes digital awareness. Guarding your data, protecting your family, and staying alert to fraud are essential parts of stewardship. But this isn't about fear—it's about faith expressed through wisdom. With a few intentional steps, you can protect what God has entrusted to you and live with peace—not panic. If you're looking for a simple way to manage your money and grow in faithful stewardship, the FaithFi app can help. It's designed to help you handle God's resources with clarity and purpose. You can download it today at FaithFi.com/App. On Today's Program, Rob Answers Listener Questions: I've been helping a friend financially while he's unemployed, but it's starting to strain me. He has no credit and doesn't know where to start. How can he build a financial foundation—and how can I help without hurting myself? I need to update my will and mainly want to pass my home to my children. I've heard a trust might be better. Can I set that up without an attorney? I'm working to rebuild my credit after medical debt, but I want to avoid taking on new debt. What are my options—and would borrowing against my paid-off home help or hurt? I was told I could pay off my $125,000 mortgage faster by moving it to a HELOC and running my income through it. Is that strategy legitimate? Resources Mentioned: Faithful Steward: FaithFi's Quarterly Magazine (Become a FaithFi Partner) Bankrate | NerdWallet Experian Boost Our Ultimate Treasure: A 21-Day Journey to Faithful Stewardship by Rob West Wisdom Over Wealth: 12 Lessons from Ecclesiastes on Money Look At The Sparrows: A 21-Day Devotional on Financial Fear and Anxiety Rich Toward God: A Study on the Parable of the Rich Fool Find a Certified Kingdom Advisor (CKA) FaithFi App Remember, you can call in to ask your questions every workday at (800) 525-7000. Faith & Finance is also available on Moody Radio Network and American Family Radio. You can also visit FaithFi.com to connect with our online community and partner with us as we help more people live as faithful stewards of God's resources. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.