Podcasts about secure boot

robots vulnerability hunting accidentally arista secure boot

Play Episode Listen Later Feb 12, 2026 124:05

In the security news: Viral AI prompts Things to do in your home security lab I can open your garage door They call me DKnife Beyondtrust RCE Cool AI device Robots need your body Meta is just full of scams, phishing, and malware Claude Opus 4.6 found more than 500 high-severity vulnerabilities Arista next gen firewalls and command injection Secure Boot updates The RCE AMD won't fix and why the article went away End of support means get it off the network Accidentally giving away $44 billion of Bitcoin Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-913

Windows Weekly 970: Token Kill!

Radio Leo (Audio)

Play Episode Listen Later Feb 12, 2026 153:12 Transcription Available

After years of ignoring and maligning Windows, Microsoft has finally woken up and is making some happy noises. Last week, we discussed how Microsoft plans to improve the quality of Windows and that there are already many signs of that work in various security features and new OneDrive Folder Backup changes - plus those two new direct reports to Nadella. Then, Microsoft announced its Windows Baseline Security Mode and User Transparency and Consent initiatives with questions about the timing. And now, Microsoft just explained Windows 11 version 26H1, and it's not like 24H2 at all despite being tied to Snapdragon X2 silicon.Something happened ... and that something is tied to 26H1 26H1: Only for Snapdragon X2, a "scoped release," based on a "different core" from 24H2 and 25H2 You cannot upgrade 24H2 or 25H2 to 26H1 You cannot upgrade 26H1 to 26H2 (!) - instead, those on 26H1 "will have a path to update in a future Windows release." - Is that future Windows release Windows 12? Probably 24H2, 25H2, and 26H1 will all have the same user-facing features, this has been the case with all support Windows (11) versions for 2+ years (Remember, this is not what happened with 24H2. Shipped early on Snapdragon X1, but was made available to all Windows 11 PCs later that year) So why is this happening now? Fortune 500/corporate customer pushback on AI is one guess This is GOOD news, however it all unfolds More Windows 11 Yesterday was Patch Tuesday, so get to work. Updates this month include: Agent in Settings (Copilot+ PCs only) improvements. Settings improvements, cross-device Resume improvements, Windows MIDI Services improvements, Narrator improvements, Smart App Control improvements, Windows Hello New ESS improvements, and File Explorer improvements Somewhat related to the quality/security push noted above, Microsoft is rolling out new Secure Boot certificates this year for older (pre-2024/25) PCs Microsoft announces a Store CLI that does (almost) nothing new compared to winget New Dev and Beta builds with minor changes: Emoji 16.0, camera improvements, various fixes More earnings Amazon hits $213.4 billion in revenues, will spend $200 billion CAPEX/AI infrastructure this fiscal year, more than Google ($175/$185 billion) or Microsoft (estimated $150+ billion) Qualcomm $12.25 billion in revenues, up 5 percent Alphabet/Google - Up 18 percent (!) to $113.8 billion - 750 million MAUs on Gemini, 74 percent of revenues come from advertising Spotify - somehow has over 750 million MAUs now AI and dev OpenAI and Anthropic release dueling agentic AI coding models that do more than agentic AI coding within minutes of each other Ads appear in ChatGPT Free and Go as threatened Duck.ai adds private, anonymous real-time AI voice chat NET 11 Preview 1 arrives, but there's nothing major here Xbox & games Microsoft announces the 2025 Xbox Excellence Awards Celebrate 35 years of Id Software - Castle Wolfenstein 3D was a wake-up call for PC gaming, but DOOM was a miracle, and Quake was a real WTF moment Sony sold 8 million PlayStation 5s (down 16 percent YOY) in the holiday quarter, 92 million (!) overall Valve predictably delays the vaporware Steam Machine Epic Games is having a winter sale - for example, Silent Hill 2, GTA V Enhanced are 50 percentR These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/970 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: threatlocker.com/twit helixsleep.com/windows trustedtech.team/windowsweekly365 cachefly.com/twit

spotify amazon ai google microsoft fortune security sony pc doom agent playstation xbox windows preview wtf beta duck gemini openai consent resume ads valve silent hill token pcs settings emoji maus copilot narrators quake qualcomm anthropic satya nadella windows 11 yoy onedrive shipped leo laporte nadella patch tuesday richard campbell secure boot file explorer paul thurrott windows weekly windows insider program

WW 970: Token Kill! - What Version 26H1's Scoped Release Implies

Windows Weekly (Video HI)

Play Episode Listen Later Feb 12, 2026 153:12 Transcription Available

After years of ignoring and maligning Windows, Microsoft has finally woken up and is making some happy noises. Last week, we discussed how Microsoft plans to improve the quality of Windows and that there are already many signs of that work in various security features and new OneDrive Folder Backup changes - plus those two new direct reports to Nadella. Then, Microsoft announced its Windows Baseline Security Mode and User Transparency and Consent initiatives with questions about the timing. And now, Microsoft just explained Windows 11 version 26H1, and it's not like 24H2 at all despite being tied to Snapdragon X2 silicon.Something happened ... and that something is tied to 26H1 26H1: Only for Snapdragon X2, a "scoped release," based on a "different core" from 24H2 and 25H2 You cannot upgrade 24H2 or 25H2 to 26H1 You cannot upgrade 26H1 to 26H2 (!) - instead, those on 26H1 "will have a path to update in a future Windows release." - Is that future Windows release Windows 12? Probably 24H2, 25H2, and 26H1 will all have the same user-facing features, this has been the case with all support Windows (11) versions for 2+ years (Remember, this is not what happened with 24H2. Shipped early on Snapdragon X1, but was made available to all Windows 11 PCs later that year) So why is this happening now? Fortune 500/corporate customer pushback on AI is one guess This is GOOD news, however it all unfolds More Windows 11 Yesterday was Patch Tuesday, so get to work. Updates this month include: Agent in Settings (Copilot+ PCs only) improvements. Settings improvements, cross-device Resume improvements, Windows MIDI Services improvements, Narrator improvements, Smart App Control improvements, Windows Hello New ESS improvements, and File Explorer improvements Somewhat related to the quality/security push noted above, Microsoft is rolling out new Secure Boot certificates this year for older (pre-2024/25) PCs Microsoft announces a Store CLI that does (almost) nothing new compared to winget New Dev and Beta builds with minor changes: Emoji 16.0, camera improvements, various fixes More earnings Amazon hits $213.4 billion in revenues, will spend $200 billion CAPEX/AI infrastructure this fiscal year, more than Google ($175/$185 billion) or Microsoft (estimated $150+ billion) Qualcomm $12.25 billion in revenues, up 5 percent Alphabet/Google - Up 18 percent (!) to $113.8 billion - 750 million MAUs on Gemini, 74 percent of revenues come from advertising Spotify - somehow has over 750 million MAUs now AI and dev OpenAI and Anthropic release dueling agentic AI coding models that do more than agentic AI coding within minutes of each other Ads appear in ChatGPT Free and Go as threatened Duck.ai adds private, anonymous real-time AI voice chat NET 11 Preview 1 arrives, but there's nothing major here Xbox & games Microsoft announces the 2025 Xbox Excellence Awards Celebrate 35 years of Id Software - Castle Wolfenstein 3D was a wake-up call for PC gaming, but DOOM was a miracle, and Quake was a real WTF moment Sony sold 8 million PlayStation 5s (down 16 percent YOY) in the holiday quarter, 92 million (!) overall Valve predictably delays the vaporware Steam Machine Epic Games is having a winter sale - for example, Silent Hill 2, GTA V Enhanced are 50 percentR These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/970 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: threatlocker.com/twit helixsleep.com/windows trustedtech.team/windowsweekly365 cachefly.com/twit

spotify amazon ai google microsoft fortune security sony pc doom agent playstation xbox windows preview wtf beta duck gemini openai consent resume ads valve silent hill token pcs settings emoji maus copilot narrators quake qualcomm anthropic satya nadella windows 11 yoy onedrive shipped leo laporte implies nadella patch tuesday richard campbell secure boot file explorer scoped paul thurrott windows insider program

Patch Tuesday News! Azure Outage Impacted Windows Updates! Win11 26H1 Info!

5bytespodcast

Play Episode Listen Later Feb 12, 2026 30:40

On this episode, I go into an update on the Secure Boot certificate update, the upcoming Windows 11 26H1 release, recent Azure outage, signs Microsoft will be focusing on quality and more! Reference Links: https://www.rorymon.com/blog/patch-tuesday-news-azure-outage-impacted-windows-updates-wom11-26h1-info/

microsoft windows impacted azure outage windows updates patch tuesday secure boot

AI Vulnerability Hunting - PSW #913

robots vulnerability hunting accidentally arista secure boot

Play Episode Listen Later Feb 12, 2026 124:05

In the security news: Viral AI prompts Things to do in your home security lab I can open your garage door They call me DKnife Beyondtrust RCE Cool AI device Robots need your body Meta is just full of scams, phishing, and malware Claude Opus 4.6 found more than 500 high-severity vulnerabilities Arista next gen firewalls and command injection Secure Boot updates The RCE AMD won't fix and why the article went away End of support means get it off the network Accidentally giving away $44 billion of Bitcoin Show Notes: https://securityweekly.com/psw-913

Windows Weekly 970: Token Kill!

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Feb 12, 2026 153:12 Transcription Available

After years of ignoring and maligning Windows, Microsoft has finally woken up and is making some happy noises. Last week, we discussed how Microsoft plans to improve the quality of Windows and that there are already many signs of that work in various security features and new OneDrive Folder Backup changes - plus those two new direct reports to Nadella. Then, Microsoft announced its Windows Baseline Security Mode and User Transparency and Consent initiatives with questions about the timing. And now, Microsoft just explained Windows 11 version 26H1, and it's not like 24H2 at all despite being tied to Snapdragon X2 silicon.Something happened ... and that something is tied to 26H1 26H1: Only for Snapdragon X2, a "scoped release," based on a "different core" from 24H2 and 25H2 You cannot upgrade 24H2 or 25H2 to 26H1 You cannot upgrade 26H1 to 26H2 (!) - instead, those on 26H1 "will have a path to update in a future Windows release." - Is that future Windows release Windows 12? Probably 24H2, 25H2, and 26H1 will all have the same user-facing features, this has been the case with all support Windows (11) versions for 2+ years (Remember, this is not what happened with 24H2. Shipped early on Snapdragon X1, but was made available to all Windows 11 PCs later that year) So why is this happening now? Fortune 500/corporate customer pushback on AI is one guess This is GOOD news, however it all unfolds More Windows 11 Yesterday was Patch Tuesday, so get to work. Updates this month include: Agent in Settings (Copilot+ PCs only) improvements. Settings improvements, cross-device Resume improvements, Windows MIDI Services improvements, Narrator improvements, Smart App Control improvements, Windows Hello New ESS improvements, and File Explorer improvements Somewhat related to the quality/security push noted above, Microsoft is rolling out new Secure Boot certificates this year for older (pre-2024/25) PCs Microsoft announces a Store CLI that does (almost) nothing new compared to winget New Dev and Beta builds with minor changes: Emoji 16.0, camera improvements, various fixes More earnings Amazon hits $213.4 billion in revenues, will spend $200 billion CAPEX/AI infrastructure this fiscal year, more than Google ($175/$185 billion) or Microsoft (estimated $150+ billion) Qualcomm $12.25 billion in revenues, up 5 percent Alphabet/Google - Up 18 percent (!) to $113.8 billion - 750 million MAUs on Gemini, 74 percent of revenues come from advertising Spotify - somehow has over 750 million MAUs now AI and dev OpenAI and Anthropic release dueling agentic AI coding models that do more than agentic AI coding within minutes of each other Ads appear in ChatGPT Free and Go as threatened Duck.ai adds private, anonymous real-time AI voice chat NET 11 Preview 1 arrives, but there's nothing major here Xbox & games Microsoft announces the 2025 Xbox Excellence Awards Celebrate 35 years of Id Software - Castle Wolfenstein 3D was a wake-up call for PC gaming, but DOOM was a miracle, and Quake was a real WTF moment Sony sold 8 million PlayStation 5s (down 16 percent YOY) in the holiday quarter, 92 million (!) overall Valve predictably delays the vaporware Steam Machine Epic Games is having a winter sale - for example, Silent Hill 2, GTA V Enhanced are 50 percentR These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/970 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: threatlocker.com/twit helixsleep.com/windows trustedtech.team/windowsweekly365 cachefly.com/twit

spotify amazon ai google microsoft fortune security sony pc doom agent playstation xbox windows preview wtf beta duck gemini openai consent resume ads valve silent hill token pcs settings emoji maus copilot narrators quake qualcomm anthropic satya nadella windows 11 yoy onedrive shipped leo laporte nadella patch tuesday richard campbell secure boot file explorer paul thurrott windows weekly windows insider program

AI Vulnerability Hunting - PSW #913

robots vulnerability hunting accidentally arista secure boot

Play Episode Listen Later Feb 12, 2026 124:05

In the security news: Viral AI prompts Things to do in your home security lab I can open your garage door They call me DKnife Beyondtrust RCE Cool AI device Robots need your body Meta is just full of scams, phishing, and malware Claude Opus 4.6 found more than 500 high-severity vulnerabilities Arista next gen firewalls and command injection Secure Boot updates The RCE AMD won't fix and why the article went away End of support means get it off the network Accidentally giving away $44 billion of Bitcoin Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-913

Windows Weekly 970: Token Kill!

Radio Leo (Video HD)

Play Episode Listen Later Feb 12, 2026 153:12 Transcription Available

After years of ignoring and maligning Windows, Microsoft has finally woken up and is making some happy noises. Last week, we discussed how Microsoft plans to improve the quality of Windows and that there are already many signs of that work in various security features and new OneDrive Folder Backup changes - plus those two new direct reports to Nadella. Then, Microsoft announced its Windows Baseline Security Mode and User Transparency and Consent initiatives with questions about the timing. And now, Microsoft just explained Windows 11 version 26H1, and it's not like 24H2 at all despite being tied to Snapdragon X2 silicon.Something happened ... and that something is tied to 26H1 26H1: Only for Snapdragon X2, a "scoped release," based on a "different core" from 24H2 and 25H2 You cannot upgrade 24H2 or 25H2 to 26H1 You cannot upgrade 26H1 to 26H2 (!) - instead, those on 26H1 "will have a path to update in a future Windows release." - Is that future Windows release Windows 12? Probably 24H2, 25H2, and 26H1 will all have the same user-facing features, this has been the case with all support Windows (11) versions for 2+ years (Remember, this is not what happened with 24H2. Shipped early on Snapdragon X1, but was made available to all Windows 11 PCs later that year) So why is this happening now? Fortune 500/corporate customer pushback on AI is one guess This is GOOD news, however it all unfolds More Windows 11 Yesterday was Patch Tuesday, so get to work. Updates this month include: Agent in Settings (Copilot+ PCs only) improvements. Settings improvements, cross-device Resume improvements, Windows MIDI Services improvements, Narrator improvements, Smart App Control improvements, Windows Hello New ESS improvements, and File Explorer improvements Somewhat related to the quality/security push noted above, Microsoft is rolling out new Secure Boot certificates this year for older (pre-2024/25) PCs Microsoft announces a Store CLI that does (almost) nothing new compared to winget New Dev and Beta builds with minor changes: Emoji 16.0, camera improvements, various fixes More earnings Amazon hits $213.4 billion in revenues, will spend $200 billion CAPEX/AI infrastructure this fiscal year, more than Google ($175/$185 billion) or Microsoft (estimated $150+ billion) Qualcomm $12.25 billion in revenues, up 5 percent Alphabet/Google - Up 18 percent (!) to $113.8 billion - 750 million MAUs on Gemini, 74 percent of revenues come from advertising Spotify - somehow has over 750 million MAUs now AI and dev OpenAI and Anthropic release dueling agentic AI coding models that do more than agentic AI coding within minutes of each other Ads appear in ChatGPT Free and Go as threatened Duck.ai adds private, anonymous real-time AI voice chat NET 11 Preview 1 arrives, but there's nothing major here Xbox & games Microsoft announces the 2025 Xbox Excellence Awards Celebrate 35 years of Id Software - Castle Wolfenstein 3D was a wake-up call for PC gaming, but DOOM was a miracle, and Quake was a real WTF moment Sony sold 8 million PlayStation 5s (down 16 percent YOY) in the holiday quarter, 92 million (!) overall Valve predictably delays the vaporware Steam Machine Epic Games is having a winter sale - for example, Silent Hill 2, GTA V Enhanced are 50 percentR These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/970 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Sponsors: threatlocker.com/twit helixsleep.com/windows trustedtech.team/windowsweekly365 cachefly.com/twit

spotify amazon ai google microsoft fortune security sony pc doom agent playstation xbox windows preview wtf beta duck gemini openai consent resume ads valve silent hill token pcs settings emoji maus copilot narrators quake qualcomm anthropic satya nadella windows 11 yoy onedrive shipped leo laporte nadella patch tuesday richard campbell secure boot file explorer paul thurrott windows weekly windows insider program

AI Vulnerability Hunting - PSW #913

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Feb 12, 2026 124:05

In the security news: Viral AI prompts Things to do in your home security lab I can open your garage door They call me DKnife Beyondtrust RCE Cool AI device Robots need your body Meta is just full of scams, phishing, and malware Claude Opus 4.6 found more than 500 high-severity vulnerabilities Arista next gen firewalls and command injection Secure Boot updates The RCE AMD won't fix and why the article went away End of support means get it off the network Accidentally giving away $44 billion of Bitcoin Show Notes: https://securityweekly.com/psw-913

robots vulnerability hunting accidentally arista secure boot

SANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Feb 11, 2026 7:54

Microsoft Patch Tuesday - February 2026 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20February%202026/32700 Refreshing the root of trust https://blogs.windows.com/windowsexperience/2026/02/10/refreshing-the-root-of-trust-industry-collaboration-on-secure-boot-certificate-updates/ Fake 7-Zip downloads are turning home PCs into proxy nodes https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes FortiNet Vulnerabilities https://fortiguard.fortinet.com/psirt/FG-IR-25-093 https://fortiguard.fortinet.com/psirt/FG-IR-25-1052

trust business internet news microsoft fake network security computers root cybersecurity cyber hacking boot patch pcs trojan zip infosec fortinet secure boot stormcast microsoft patch tuesday

Risky Business #824 -- Microsoft's Secure Future is looking a bit wobbly

Risky Business

Play Episode Listen Later Feb 11, 2026 56:13

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Microsoft reshuffles security leadership. It doesn't spark joy. Russia is hacking the Winter Olympics. Again. But y tho? China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products An unknown hero blocks 23/tcp on the US internet backbone And James Wilson pops into talk about Claude's go at a C compiler This week's episode is sponsored by Ent.AI, an AI startup that isn't quite ready to tell us all what they're doing. But nevertheless, founder Brandon Dixon joins to discuss AI's role in security. Where does language-based understanding take us that previous methods couldn't? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft Blog Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog Microsoft prepares to refresh Secure Boot's digital certificate | Cybersecurity Dive Microsoft Patch Tuesday matches last year's zero-day high with six actively exploited vulnerabilities | CyberScoop Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore's Telecommunications Sector | Cyber Security Agency of Singapore How Intel and Google Collaborate to Strengthen Intel® TDX Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News BeyondTrust warns of critical RCE flaw in remote support software Rapid7 Analysis of CVE-2026-1731 Building a C compiler with a team of parallel Claudes Anthropic (1) Post by @ryiron.bsky.social — Bluesky What AI Security Research Looks Like When It Works | AISLE South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

ai china building zoom russia office russian microsoft record singapore dutch norway secure ent gop winter olympics campaigns risky business solarwinds wobbly cve rce ivanti secure boot patrick gray beyondtrust brandon dixon adam boileau

Google gets EU Wiz approval, Microsoft secures Secure Boot certificates, North Korean hackers target crypto exec

Cyber Security Headlines

Play Episode Listen Later Feb 11, 2026 7:11

EU grants Google approval for Wiz Microsoft rolls out Secure Boot certificates before expiration North Korean hackers target crypto exec Get the show notes here: https://cisoseries.com/cybersecurity-news-google-gets-eu-wiz-approval-microsoft-secures-secure-boot-certificates-north-korean-hackers-target-crypto-exec/ Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

google european union microsoft target crypto hackers approval certificates exec north korean zero trust cisos secure boot ciso series

Digging For Vulnerability Gold - PSW #909

gold microsoft threats vulnerability digging hacking llm hipaa breaching flipper zero secure boot

Play Episode Listen Later Jan 15, 2026 127:03

In the security news: KVMs are a hacker's dream Hacking an e-scooter Flipper Zero alternatives The best authentication bypass Pwning Claude Code ForiSIEM, vulnerabilities, and exploits Microsoft patches and Secure Boot fun Making Windows great, again? Breaching the Breach Forum Congressional Emails unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform? LLMs are HIPAA compliant? Threat actors target LLM honeypots Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-909

Digging For Vulnerability Gold - PSW #909

gold microsoft threats vulnerability digging hacking llm hipaa breaching flipper zero secure boot

Play Episode Listen Later Jan 15, 2026 127:03

In the security news: KVMs are a hacker's dream Hacking an e-scooter Flipper Zero alternatives The best authentication bypass Pwning Claude Code ForiSIEM, vulnerabilities, and exploits Microsoft patches and Secure Boot fun Making Windows great, again? Breaching the Breach Forum Congressional Emails unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform? LLMs are HIPAA compliant? Threat actors target LLM honeypots Show Notes: https://securityweekly.com/psw-909

Digging For Vulnerability Gold - PSW #909

gold microsoft threats vulnerability digging hacking llm hipaa breaching flipper zero secure boot

Play Episode Listen Later Jan 15, 2026 127:03

In the security news: KVMs are a hacker's dream Hacking an e-scooter Flipper Zero alternatives The best authentication bypass Pwning Claude Code ForiSIEM, vulnerabilities, and exploits Microsoft patches and Secure Boot fun Making Windows great, again? Breaching the Breach Forum Congressional Emails unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform? LLMs are HIPAA compliant? Threat actors target LLM honeypots Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-909

Is Your System Vulnerable to the Latest Windows Bug?

GREY Journal Daily News Podcast

Play Episode Listen Later Jan 15, 2026 3:07

Microsoft and the US Cybersecurity and Infrastructure Security Agency have issued an urgent call to patch a Windows vulnerability, CVE-2026-20805, which is currently being exploited and allows attackers to leak memory addresses that could lead to code execution. CISA has added the flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply the fix by February 3. The vulnerability is part of a January security update that addresses 112 Microsoft issues, including a Secure Boot certificate expiration problem and an elevation of privilege flaw in Agere Modem drivers. Security experts recommend immediate patching and reviewing Secure Boot certificates to maintain protection.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

system microsoft security acast windows vulnerable cisa cve infrastructure security agency secure boot

Digging For Vulnerability Gold - PSW #909

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Jan 15, 2026 127:03

In the security news: KVMs are a hacker's dream Hacking an e-scooter Flipper Zero alternatives The best authentication bypass Pwning Claude Code ForiSIEM, vulnerabilities, and exploits Microsoft patches and Secure Boot fun Making Windows great, again? Breaching the Breach Forum Congressional Emails unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform? LLMs are HIPAA compliant? Threat actors target LLM honeypots Show Notes: https://securityweekly.com/psw-909

gold microsoft threats vulnerability digging hacking llm hipaa breaching flipper zero secure boot

Patch [FIX] Tuesday – January 2026 [New Year, New Vulns, New Certs], E27

Autonomous IT

Play Episode Listen Later Jan 13, 2026 14:01

Happy New Year! In this episode, Automox cybersecurity experts Ryan Braunstein and Seth Hoyt break down the security vulnerabilities you need to know heading into 2026.First up: a ticking time bomb. Microsoft's 2011 Secure Boot certificates expire in June and October 2026, making this your top patching priority for the year. If your BIOS and OS aren't both updated, you're leaving the door wide open for rootkit attacks. Start auditing your hardware now. You have six months.Next up: a Windows Installer Elevation of Privilege Vulnerability that exploits a time-of-check to time-of-use (TOCTOU) race condition. Think of it like swapping wristbands after the bouncer checks you at the door.Finally, an actively exploited flaw in Desktop Window Manager that can leak sensitive information and even break out of sandboxes.Patch your systems. Patch your BIOS. See you next month.

new year happy new year microsoft os cybersecurity patch bios windows 11 infosec cve it security certs vulnerability management uefi patch tuesday endpoint security security podcast secure boot rootkit patch management vulns automox

098. From Mauritius to Modular Miners: Open-Source Bitcoin Mining, Direct-DC Solar, and Hydra Pool

POD256 | Bitcoin Mining News & Analysis

Play Episode Listen Later Dec 13, 2025 118:56 Transcription Available

In this episode, eco & Tyler welcome back Skot who was at the African Bitcoin Conference, this year hosted in Mauritius, where he spoke on open-source Bitcoin mining. We swap travel tales (including Scott's chaotic Paris layover) and impressions of Mauritius, the conference venue, and side events focused on Bitcoin education. We dig into mining headlines: Bitdeer's missed ASIC roadmap and investor lawsuit, Bitmain's history (Antbleed) and why open-source mining matters, and MicroBT's M70-series lineup pushing industrial-scale, three-phase miners. Skot explains the theory behind Bitdeer's hyped “adiabatic charge recovery logic,” why it's hard to scale, and how thermal and power density realities define miner design. We go deep on open hardware and firmware progress: Braiins' open control board, Secure Boot obstacles, and Mujina's modular path to safe, customizable, dev-fee-free mining; plus Skot's BitCrain control board concept for USB‑controlled fleets. We share shop-floor lessons building AddIt boards and Ember One prototypes (solder paste, tombstoning, reflow profiles) and celebrate practical innovation like Gridless's open-source JuaKali direct-DC solar mining kit. On home-mining UX, Tyler demos new Home Assistant integrations for Canaan Avalons and WhatsMiner, and we preview Hydra Pool deployments (Grafana/Prometheus dashboards) for the upcoming Telehash. Finally, we update the community on the Samourai Wallet case: Keonne's facility designation, the continuing push for a presidential pardon, and how to support via petition and donations. #PardonSamourai.

dc bitcoin pool solar ux usb open source miners hydra modular mauritius bitcoin mining asic home assistant bitmain skot secure boot samourai wallet juakali

Noticias linux: Firmware vulnerable, Linux se refuerza, y distros que evolucionan

Podcast de tecnología e informática

Play Episode Listen Later Oct 19, 2025 6:03

En este episodio repasamos lo más destacado de la semana en el mundo de Linux y la tecnología informática:

vulnerable ia noticias linux propuesta gpus avances descubrimiento tuxedo firmware debian refuerza secure boot

AI, EDR, and Hacking Things - PSW #896

Play Episode Listen Later Oct 16, 2025 124:54

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

AI, EDR, and Hacking Things - PSW #896

Play Episode Listen Later Oct 16, 2025 124:54

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Show Notes: https://securityweekly.com/psw-896

AI, EDR, and Hacking Things - PSW #896

Play Episode Listen Later Oct 16, 2025 124:54

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-896

Paul's Security Weekly (Video-Only)

AI, EDR, and Hacking Things - PSW #896

Play Episode Listen Later Oct 16, 2025 124:54

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the security news: Your vulnerability scanner is your weakest link Scams that almost got me The state of EDR is not good You don't need to do that on a phone or Raspberry PI Hash cracking and exploits Revisiting LG WebOS Hardening Docker images Hacking Moxa NPort Shoddy academic research The original sin of computing Bodycam hacking A new OS for ESP32 The AI bubble is going to burt Mobile VPNs are not always secure Show Notes: https://securityweekly.com/psw-896

windows framework risky reaches end of life bulletin windows 10 cisa secure boot

Risky Bulletin: Windows 10 reaches End-of-Life

Risky Business News

Play Episode Listen Later Oct 15, 2025 8:39

Windows 10 reaches End-of-Life, CISA cyber personnel avoided last week's layoffs, the US seizes $15 billion dollars from a cyber-scam-compound operator, and a Secure Boot bypass impacts 200,000 Framework computers. Show notes Risky Bulletin: Windows 10 reaches End-of-Life

Are Your Windows Devices Vulnerable to These New Zero-Day Exploits?

GREY Journal Daily News Podcast

Play Episode Listen Later Oct 15, 2025 4:12

Microsoft released a security update fixing 183 vulnerabilities, including two zero-day flaws affecting all Windows versions and a Secure Boot bypass in IGEL OS. The vulnerabilities enable privilege escalation and remote code execution, with one flaw present in a default Windows driver and another in the Remote Access Connection Manager. Microsoft plans to remove the legacy driver rather than patch it. Additional critical vulnerabilities impact Windows Server Update Service, TPM 2.0, and Microsoft Graphics Component. Other major vendors, including Adobe, AWS, Apple, Cisco, Dell, Google, IBM, Lenovo, NVIDIA, Oracle, Salesforce, Samsung, and multiple Linux distributions, also released recent security patches.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

google apple microsoft acast windows ibm oracle vulnerable samsung salesforce adobe nvidia cisco devices aws linux lenovo tpm secure boot zero day exploits

Radiogeek 2767: El Fin del Soporte para Windows 10 y la Encrucijada de Windows 11

Radiogeek

Play Episode Listen Later Oct 9, 2025 10:12

Con el inminente fin de soporte para Windows 10, muchos usuarios se encuentran en una encrucijada tecnológica: ¿actualizar a Windows 11 o buscar alternativas? Esta decisión no es trivial y conlleva considerar una serie de pros y contras, así como los requisitos técnicos y herramientas disponibles para facilitar el proceso. Requerimientos Mínimos: Es fundamental recordar los requisitos mínimos oficiales para instalar Windows 11: • CPU: 1 GHz (2 núcleos) • RAM: 4 GB • Almacenamiento: 64 GB • TPM: 2.0 • Secure Boot Estos requisitos son clave para determinar si tu equipo es oficialmente compatible. Rufus como Opción para Bypass: Para aquellos equipos que no cumplen con todos los requisitos mínimos, especialmente el TPM 2.0 y Secure Boot, herramientas como Rufus han emergido como una solución popular. Rufus permite crear medios de instalación de Windows 11 y, en el proceso, ofrece opciones para omitir (bypass) estas verificaciones. Acceso a la web oficial de Rufus:⁠https://rufus.ie/es/⁠

windows ram gb el fin rufus cpu acceso opci windows 10 windows 11 tpm soporte ghz encrucijada almacenamiento secure boot

A+ Fundamentals: Boot to Brains Chapter 4

Technology Tap

Play Episode Listen Later Oct 7, 2025 24:14 Transcription Available

professorjrod@gmail.comA dead PC at the worst moment is a gut punch—unless you have a roadmap. We walk through the exact thinking that turns “no lights, no fans, no display” into a calm, step‑by‑step recovery, starting where every system truly begins: firmware. BIOS and UEFI aren't trivia; they decide how your machine discovers drives, validates bootloaders, and applies security like Secure Boot and TPM. That's why a simple post‑update check of boot order, storage mode, and firmware toggles can rescue a lab full of “no boot device” errors in minutes.From there, we get brutally honest about power. PSUs age, rails sag, and idle tests lie. You'll learn the outside‑in “power ladder,” why a line‑interactive UPS prevents ghost errors, and how unstable XMP profiles masquerade as OS problems. We demystify boot and drive failures—wrong boot entries, NVMe lane conflicts, cloning driver mismatches—and show how SMART data, free space, cooling, and firmware updates revive sluggish SSDs. Then we cut through RAID mythology: 0 for speed, 1 for uptime, 5 for read‑heavy with risk, 6 for double‑parity safety, and 10 for fast resilience. And we repeat the rule that saves careers: RAID is not backup. Verify restores, keep copies offsite or offline, and schedule tests before disaster strikes.Video issues get the practical treatment too. No display? Check inputs and connect to the discrete GPU, not the motherboard. Blurry or artifacting under load? Validate refresh rates, cables, thermals, and PSU capacity. We close with a field checklist and a case study where a quality PSU upgrade stabilized 3D renders instantly—proof that systems thinking beats screen-chasing every time. If you want a technician's mindset—evidence over assumptions, one variable at a time—this guide will sharpen your process and speed your fixes.If this helped you think like a tech, follow the show, share it with a teammate who's on call this week, and leave a quick review so more builders and troubleshooters can find it.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

video smart 3d os pc fundamentals brains ups boot raid coma gpu validate ssd bios verify psu blurry tpm showif nvme uefi secure boot psus xmp

631: Endorphin Rush

BSD Now

Play Episode Listen Later Sep 25, 2025 36:53

Secure Boot for FreeBSD, Systems lie about their proper functioning, Teching the tech and rushing the endorphins, Passing a Device Into A FreeBSD Jail With A Stable Name, ZFS snapshots aren't as immutable as I thought, due to snapshot metadata, Let's write a peephole optimizer for QBE's arm64 backend, Migrate a Peertube instance from Debian to FreeBSD, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Secure Boot for FreeBSD (https://forums.FreeBSD.org/threads/how-to-set-up-secure-boot-for-freebsd.99169/) The Fundamental Failure-Mode Theorem: Systems lie about their proper functioning (https://devblogs.microsoft.com/oldnewthing/20250716-00/?p=111383) News Roundup Teching the tech and rushing the endorphins (https://vulcanridr.mataroa.blog/blog/teching-the-tech-and-rushing-the-endorphins) Passing a Device Into A FreeBSD Jail With A Stable Name (https://blog.feld.me/posts/2025/09/passing-device-freebsd-jail-with-stable-name/) ZFS snapshots aren't as immutable as I thought, due to snapshot metadata (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSSnapshotsNotFullyImmutable) Let's write a peephole optimizer for QBE's arm64 backend (https://briancallahan.net/blog/20250901.html) Migrate a Peertube instance from Debian to FreeBSD (https://www.tumfatig.net/2025/migrate-a-peertube-instance-from-debian-to-freebsd) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions -Steve - Interviews (https://github.com/BSDNow/bsdnow.tv/blob/master/631/feedback/Steve%20-%20Interviews.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

interview guide management development tools code os software passing rush jail berkeley programming distribution storage how to open source tutorials utility cluster packages ports tom jones operating systems foss endorphins unix cli migrate bsd debian status report dataset freebsd filesystem qbe secure boot zfs peertube openbsd teching netbsd tarsnap trueos dragonflybsd

LCC 330 - Nano banana l'AI de Julia

Les Cast Codeurs Podcast

Play Episode Listen Later Sep 15, 2025 108:38

Katia, Emmanuel et Guillaume discutent Java, Kotlin, Quarkus, Hibernate, Spring Boot 4, intelligence artificielle (modèles Nano Banana, VO3, frameworks agentiques, embedding). On discute les vulnerabilités OWASP pour les LLMs, les personalités de codage des différents modèles, Podman vs Docker, comment moderniser des projets legacy. Mais surtout on a passé du temps sur les présentations de Luc Julia et les différents contre points qui ont fait le buzz sur les réseaux. Enregistré le 12 septembre 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-330.mp3 ou en vidéo sur YouTube. News Langages Dans cette vidéo, José détaille les nouveautés de Java entre Java 21 et 25 https://inside.java/2025/08/31/roadto25-java-language/ Aperçu des nouveautés du JDK 25 : Introduction des nouvelles fonctionnalités du langage Java et des changements à venir [00:02]. Programmation orientée données et Pattern Matching [00:43] : Évolution du “pattern matching” pour la déconstruction des “records” [01:22]. Utilisation des “sealed types” dans les expressions switch pour améliorer la lisibilité et la robustesse du code [01:47]. Introduction des “unnamed patterns” (_) pour indiquer qu'une variable n'est pas utilisée [04:47]. Support des types primitifs dans instanceof et switch (en preview) [14:02]. Conception d'applications Java [00:52] : Simplification de la méthode main [21:31]. Exécution directe des fichiers .java sans compilation explicite [22:46]. Amélioration des mécanismes d'importation [23:41]. Utilisation de la syntaxe Markdown dans la Javadoc [27:46]. Immuabilité et valeurs nulles [01:08] : Problème d'observation de champs final à null pendant la construction d'un objet [28:44]. JEP 513 pour contrôler l'appel à super() et restreindre l'usage de this dans les constructeurs [33:29]. JDK 25 sort le 16 septembre https://openjdk.org/projects/jdk/25/ Scoped Values (JEP 505) - alternative plus efficace aux ThreadLocal pour partager des données immutables entre threads Structured Concurrency (JEP 506) - traiter des groupes de tâches concurrentes comme une seule unité de travail, simplifiant la gestion des threads Compact Object Headers (JEP 519) - Fonctionnalité finale qui réduit de 50% la taille des en-têtes d'objets (de 128 à 64 bits), économisant jusqu'à 22% de mémoire heap Flexible Constructor Bodies (JEP 513) - Relaxation des restrictions sur les constructeurs, permettant du code avant l'appel super() ou this() Module Import Declarations (JEP 511) - Import simplifié permettant d'importer tous les éléments publics d'un module en une seule déclaration Compact Source Files (JEP 512) - Simplification des programmes Java basiques avec des méthodes main d'instance sans classe wrapper obligatoire Primitive Types in Patterns (JEP 455) - Troisième preview étendant le pattern matching et instanceof aux types primitifs dans switch et instanceof Generational Shenandoah (JEP 521) - Le garbage collector Shenandoah passe en mode générationnel pour de meilleures performances JFR Method Timing & Tracing (JEP 520) - Nouvel outillage de profilage pour mesurer le temps d'exécution et tracer les appels de méthodes Key Derivation API (JEP 510) - API finale pour les fonctions de dérivation de clés cryptographiques, remplaçant les implémentations tierces Améliorations du traitement des annotations dans Kotlin 2.2 https://blog.jetbrains.com/idea/2025/09/improved-annotation-handling-in-kotlin-2-2-less-boilerplate-fewer-surprises/ Avant Kotlin 2.2, les annotations sur les paramètres de constructeur n'étaient appliquées qu'au paramètre, pas à la propriété ou au champ Cela causait des bugs subtils avec Spring et JPA où la validation ne fonctionnait qu'à la création d'objet, pas lors des mises à jour La solution précédente nécessitait d'utiliser explicitement @field: pour chaque annotation, créant du code verbeux Kotlin 2.2 introduit un nouveau comportement par défaut qui applique les annotations aux paramètres ET aux propriétés/champs automatiquement Le code devient plus propre sans avoir besoin de syntaxe @field: répétitive Pour l'activer, ajouter -Xannotation-default-target=param-property dans les options du compilateur Gradle IntelliJ IDEA propose un quick-fix pour activer ce comportement à l'échelle du projet Cette amélioration rend l'intégration Kotlin plus fluide avec les frameworks majeurs comme Spring et JPA Le comportement peut être configuré pour garder l'ancien mode ou activer un mode transitoire avec avertissements Cette mise à jour fait partie d'une initiative plus large pour améliorer l'expérience Kotlin + Spring Librairies Sortie de Quarkus 3.26 avec mises à jour d'Hibernate et autres fonctionnalités - https://quarkus.io/blog/quarkus-3-26-released/ mettez à jour vers la 3.26.x car il y a eu une regression vert.x Jalon important vers la version LTS 3.27 prévue fin septembre, basée sur cette version Mise à jour vers Hibernate ORM 7.1, Hibernate Search 8.1 et Hibernate Reactive 3.1 Support des unités de persistance nommées et sources de données dans Hibernate Reactive Démarrage hors ligne et configuration de dialecte pour Hibernate ORM même si la base n'est pas accessible Refonte de la console HQL dans Dev UI avec fonctionnalité Hibernate Assistant intégrée Exposition des capacités Dev UI comme fonctions MCP pour pilotage via outils IA Rafraîchissement automatique des tokens OIDC en cas de réponse 401 des clients REST Extension JFR pour capturer les données runtime (nom app, version, extensions actives) Bump de Gradle vers la version 9.0 par défaut, suppression du support des classes config legacy Guide de démarrage avec Quarkus et A2A Java SDK 0.3.0 (pour faire discuter des agents IA avec la dernière version du protocole A2A) https://quarkus.io/blog/quarkus-a2a-java-0-3-0-alpha-release/ Sortie de l'A2A Java SDK 0.3.0.Alpha1, aligné avec la spécification A2A v0.3.0. Protocole A2A : standard ouvert (Linux Foundation), permet la communication inter-agents IA polyglottes. Version 0.3.0 plus stable, introduit le support gRPC. Mises à jour générales : changements significatifs, expérience utilisateur améliorée (côté client et serveur). Agents serveur A2A : Support gRPC ajouté (en plus de JSON-RPC). HTTP+JSON/REST à venir. Implémentations basées sur Quarkus (alternatives Jakarta existent). Dépendances spécifiques pour chaque transport (ex: a2a-java-sdk-reference-jsonrpc, a2a-java-sdk-reference-grpc). AgentCard : décrit les capacités de l'agent. Doit spécifier le point d'accès primaire et tous les transports supportés (additionalInterfaces). Clients A2A : Dépendance principale : a2a-java-sdk-client. Support gRPC ajouté (en plus de JSON-RPC). HTTP+JSON/REST à venir. Dépendance spécifique pour gRPC : a2a-java-sdk-client-transport-grpc. Création de client : via ClientBuilder. Sélectionne automatiquement le transport selon l'AgentCard et la configuration client. Permet de spécifier les transports supportés par le client (withTransport). Comment générer et éditer des images en Java avec Nano Banana, le “photoshop killer” de Google https://glaforge.dev/posts/2025/09/09/calling-nano-banana-from-java/ Objectif : Intégrer le modèle Nano Banana (Gemini 2.5 Flash Image preview) dans des applications Java. SDK utilisé : GenAI Java SDK de Google. Compatibilité : Supporté par ADK for Java ; pas encore par LangChain4j (limitation de multimodalité de sortie). Capacités de Nano Banana : Créer de nouvelles images. Modifier des images existantes. Assembler plusieurs images. Mise en œuvre Java : Quelle dépendance utiliser Comment s'authentifier Comment configurer le modèle Nature du modèle : Nano Banana est un modèle de chat qui peut retourner du texte et une image (pas simplement juste un modèle générateur d'image) Exemples d'utilisation : Création : Via un simple prompt textuel. Modification : En passant l'image existante (tableau de bytes) et les instructions de modification (prompt). Assemblage : En passant plusieurs images (en bytes) et les instructions d'intégration (prompt). Message clé : Toutes ces fonctionnalités sont accessibles en Java, sans nécessiter Python. Générer des vidéos IA avec le modèle Veo 3, mais en Java ! https://glaforge.dev/posts/2025/09/10/generating-videos-in-java-with-veo3/ Génération de vidéos en Java avec Veo 3 (via le GenAI Java SDK de Google). Veo 3: Annoncé comme GA, prix réduits, support du format 9:16, résolution jusqu'à 1080p. Création de vidéos : À partir d'une invite textuelle (prompt). À partir d'une image existante. Deux versions différentes du modèle : veo-3.0-generate-001 (qualité supérieure, plus coûteux, plus lent). veo-3.0-fast-generate-001 (qualité inférieure, moins coûteux, mais plus rapide). Rod Johnson sur ecrire des aplication agentic en Java plus facilement qu'en python avec Embabel https://medium.com/@springrod/you-can-build-better-ai-agents-in-java-than-python-868eaf008493 Rod the papa de Spring réécrit un exemple CrewAI (Python) qui génère un livre en utilisant Embabel (Java) pour démontrer la supériorité de Java L'application utilise plusieurs agents AI spécialisés : un chercheur, un planificateur de livre et des rédacteurs de chapitres Le processus suit trois étapes : recherche du sujet, création du plan, rédaction parallèle des chapitres puis assemblage CrewAI souffre de plusieurs problèmes : configuration lourde, manque de type safety, utilisation de clés magiques dans les prompts La version Embabel nécessite moins de code Java que l'original Python et moins de fichiers de configuration YAML Embabel apporte la type safety complète, éliminant les erreurs de frappe dans les prompts et améliorant l'outillage IDE La gestion de la concurrence est mieux contrôlée en Java pour éviter les limites de débit des APIs LLM L'intégration avec Spring permet une configuration externe simple des modèles LLM et hyperparamètres Le planificateur Embabel détermine automatiquement l'ordre d'exécution des actions basé sur leurs types requis L'argument principal : l'écosystème JVM offre un meilleur modèle de programmation et accès à la logique métier existante que Python Il y a pas mal de nouveaux framework agentic en Java, notamment le dernier LAngchain4j Agentic Spring lance un serie de blog posts sur les nouveautés de Spring Boot 4 https://spring.io/blog/2025/09/02/road_to_ga_introduction baseline JDK 17 mais rebase sur Jakarta 11 Kotlin 2, Jackson 3 et JUnit 6 Fonctionnalités de résilience principales de Spring : @ConcurrencyLimit, @Retryable, RetryTemplate Versioning d'API dans Spring Améliorations du client de service HTTP L'état des clients HTTP dans Spring Introduction du support Jackson 3 dans Spring Consommateur partagé - les queues Kafka dans Spring Kafka Modularisation de Spring Boot Autorisation progressive dans Spring Security Spring gRPC - un nouveau module Spring Boot Applications null-safe avec Spring Boot 4 OpenTelemetry avec Spring Boot Repos Ahead of Time (Partie 2) Web Faire de la recherche sémantique directement dans le navigateur en local, avec EmbeddingGemma et Transformers.js https://glaforge.dev/posts/2025/09/08/in-browser-semantic-search-with-embeddinggemma/ EmbeddingGemma: Nouveau modèle d'embedding (308M paramètres) de Google DeepMind. Objectif: Permettre la recherche sémantique directement dans le navigateur. Avantages clés de l'IA côté client: Confidentialité: Aucune donnée envoyée à un serveur. Coûts réduits: Pas besoin de serveurs coûteux (GPU), hébergement statique. Faible latence: Traitement instantané sans allers-retours réseau. Fonctionnement hors ligne: Possible après le chargement initial du modèle. Technologie principale: Modèle: EmbeddingGemma (petit, performant, multilingue, support MRL pour réduire la taille des vecteurs). Moteur d'inférence: Transformers.js de HuggingFace (exécute les modèles AI en JavaScript dans le navigateur). Déploiement: Site statique avec Vite/React/Tailwind CSS, déployé sur Firebase Hosting via GitHub Actions. Gestion du modèle: Fichiers du modèle trop lourds pour Git; téléchargés depuis HuggingFace Hub pendant le CI/CD. Fonctionnement de l'app: Charge le modèle, génère des embeddings pour requêtes/documents, calcule la similarité sémantique. Conclusion: Démonstration d'une recherche sémantique privée, économique et sans serveur, soulignant le potentiel de l'IA embarquée dans le navigateur. Data et Intelligence Artificielle Docker lance Cagent, une sorte de framework multi-agent IA utilisant des LLMs externes, des modèles de Docker Model Runner, avec le Docker MCP Tookit. Il propose un format YAML pour décrire les agents d'un système multi-agents. https://github.com/docker/cagent des agents “prompt driven” (pas de code) et une structure pour decrire comment ils sont deployés pas clair comment ils sont appelés a part dans la ligne de commande de cagent fait par david gageot L'owasp décrit l'independance excessive des LLM comme une vulnerabilité https://genai.owasp.org/llmrisk2023-24/llm08-excessive-agency/ L'agence excessive désigne la vulnérabilité qui permet aux systèmes LLM d'effectuer des actions dommageables via des sorties inattendues ou ambiguës. Elle résulte de trois causes principales : fonctionnalités excessives, permissions excessives ou autonomie excessive des agents LLM. Les fonctionnalités excessives incluent l'accès à des plugins qui offrent plus de capacités que nécessaire, comme un plugin de lecture qui peut aussi modifier ou supprimer. Les permissions excessives se manifestent quand un plugin accède aux systèmes avec des droits trop élevés, par exemple un accès en lecture qui inclut aussi l'écriture. L'autonomie excessive survient quand le système effectue des actions critiques sans validation humaine préalable. Un scénario d'attaque typique : un assistant personnel avec accès email peut être manipulé par injection de prompt pour envoyer du spam via la boîte de l'utilisateur. La prévention implique de limiter strictement les plugins aux fonctions minimales nécessaires pour l'opération prévue. Il faut éviter les fonctions ouvertes comme “exécuter une commande shell” au profit d'outils plus granulaires et spécifiques. L'application du principe de moindre privilège est cruciale : chaque plugin doit avoir uniquement les permissions minimales requises. Le contrôle humain dans la boucle reste essentiel pour valider les actions à fort impact avant leur exécution. Lancement du MCP registry, une sorte de méta-annuaire officiel pour référencer les serveurs MCP https://www.marktechpost.com/2025/09/09/mcp-team-launches-the-preview-version-of-the-mcp-registry-a-federated-discovery-layer-for-enterprise-ai/ MCP Registry : Couche de découverte fédérée pour l'IA d'entreprise. Fonctionne comme le DNS pour le contexte de l'IA, permettant la découverte de serveurs MCP publics ou privés. Modèle fédéré : Évite les risques de sécurité et de conformité d'un registre monolithique. Permet des sous-registres privés tout en conservant une source de vérité “upstream”. Avantages entreprises : Découverte interne sécurisée. Gouvernance centralisée des serveurs externes. Réduction de la prolifération des contextes. Support pour les agents IA hybrides (données privées/publiques). Projet open source, actuellement en version preview. Blog post officiel : https://blog.modelcontextprotocol.io/posts/2025-09-08-mcp-registry-preview/ Exploration des internals du transaction log SQL Server https://debezium.io/blog/2025/09/08/sqlserver-tx-log/ C'est un article pour les rugeux qui veulent savoir comment SQLServer marche à l'interieur Debezium utilise actuellement les change tables de SQL Server CDC en polling périodique L'article explore la possibilité de parser directement le transaction log pour améliorer les performances Le transaction log est divisé en Virtual Log Files (VLFs) utilisés de manière circulaire Chaque VLF contient des blocs (512B à 60KB) qui contiennent les records de transactions Chaque record a un Log Sequence Number (LSN) unique pour l'identifier précisément Les données sont stockées dans des pages de 8KB avec header de 96 bytes et offset array Les tables sont organisées en partitions et allocation units pour gérer l'espace disque L'utilitaire DBCC permet d'explorer la structure interne des pages et leur contenu Cette compréhension pose les bases pour parser programmatiquement le transaction log dans un prochain article Outillage Les personalités des codeurs des différents LLMs https://www.sonarsource.com/blog/the-coding-personalities-of-leading-llms-gpt-5-update/ GPT-5 minimal ne détrône pas Claude Sonnet 4 comme leader en performance fonctionnelle malgré ses 75% de réussite GPT-5 génère un code extrêmement verbeux avec 490 000 lignes contre 370 000 pour Claude Sonnet 4 sur les mêmes tâches La complexité cyclomatique et cognitive du code GPT-5 est dramatiquement plus élevée que tous les autres modèles GPT-5 introduit 3,90 problèmes par tâche réussie contre seulement 2,11 pour Claude Sonnet 4 Point fort de GPT-5 : sécurité exceptionnelle avec seulement 0,12 vulnérabilité par 1000 lignes de code Faiblesse majeure : densité très élevée de “code smells” (25,28 par 1000 lignes) nuisant à la maintenabilité GPT-5 produit 12% de problèmes liés à la complexité cognitive, le taux le plus élevé de tous les modèles Tendance aux erreurs logiques fondamentales avec 24% de bugs de type “Control-flow mistake” Réapparition de vulnérabilités classiques comme les failles d'injection et de traversée de chemin Nécessité d'une gouvernance renforcée avec analyse statique obligatoire pour gérer la complexité du code généré Pourquoi j'ai abandonné Docker pour Podman https://codesmash.dev/why-i-ditched-docker-for-podman-and-you-should-too Problème Docker : Le daemon dockerd persistant s'exécute avec des privilèges root, posant des risques de sécurité (nombreuses CVEs citées) et consommant des ressources inutilement. Solution Podman : Sans Daemon : Pas de processus d'arrière-plan persistant. Les conteneurs s'exécutent comme des processus enfants de la commande Podman, sous les privilèges de l'utilisateur. Sécurité Renforcée : Réduction de la surface d'attaque. Une évasion de conteneur compromet un utilisateur non privilégié sur l'hôte, pas le système entier. Mode rootless. Fiabilité Accrue : Pas de point de défaillance unique ; le crash d'un conteneur n'affecte pas les autres. Moins de Ressources : Pas de daemon constamment actif, donc moins de mémoire et de CPU. Fonctionnalités Clés de Podman : Intégration Systemd : Génération automatique de fichiers d'unité systemd pour gérer les conteneurs comme des services Linux standards. Alignement Kubernetes : Support natif des pods et capacité à générer des fichiers Kubernetes YAML directement (podman generate kube), facilitant le développement local pour K8s. Philosophie Unix : Se concentre sur l'exécution des conteneurs, délègue les tâches spécialisées à des outils dédiés (ex: Buildah pour la construction d'images, Skopeo pour leur gestion). Migration Facile : CLI compatible Docker : podman utilise les mêmes commandes que docker (alias docker=podman fonctionne). Les Dockerfiles existants sont directement utilisables. Améliorations incluses : Sécurité par défaut (ports privilégiés en mode rootless), meilleure gestion des permissions de volume, API Docker compatible optionnelle. Option de convertir Docker Compose en Kubernetes YAML. Bénéfices en Production : Sécurité améliorée, utilisation plus propre des ressources. Podman représente une évolution plus sécurisée et mieux alignée avec les pratiques modernes de gestion Linux et de déploiement de conteneurs. Guide Pratique (Exemple FastAPI) : Le Dockerfile ne change pas. podman build et podman run remplacent directement les commandes Docker. Déploiement en production via Systemd. Gestion d'applications multi-services avec les “pods” Podman. Compatibilité Docker Compose via podman-compose ou kompose. Détection améliorée des APIs vulnérables dans les IDEs JetBrains et Qodana - https://blog.jetbrains.com/idea/2025/09/enhanced-vulnerable-api-detection-in-jetbrains-ides-and-qodana/ JetBrains s'associe avec Mend.io pour renforcer la sécurité du code dans leurs outils Le plugin Package Checker bénéficie de nouvelles données enrichies sur les APIs vulnérables Analyse des graphes d'appels pour couvrir plus de méthodes publiques des bibliothèques open-source Support de Java, Kotlin, C#, JavaScript, TypeScript et Python pour la détection de vulnérabilités Activation des inspections via Paramètres > Editor > Inspections en recherchant “Vulnerable API” Surlignage automatique des méthodes vulnérables avec détails des failles au survol Action contextuelle pour naviguer directement vers la déclaration de dépendance problématique Mise à jour automatique vers une version non affectée via Alt+Enter sur la dépendance Fenêtre dédiée “Vulnerable Dependencies” pour voir l'état global des vulnérabilités du projet Méthodologies Le retour de du sondage de Stack Overflow sur l'usage de l'IA dans le code https://medium.com/@amareshadak/stack-overflow-just-exposed-the-ugly-truth-about-ai-coding-tools-b4f7b5992191 84% des développeurs utilisent l'IA quotidiennement, mais 46% ne font pas confiance aux résultats. Seulement 3,1% font “hautement confiance” au code généré. 66% sont frustrés par les solutions IA “presque correctes”. 45% disent que déboguer le code IA prend plus de temps que l'écrire soi-même. Les développeurs seniors (10+ ans) font moins confiance à l'IA (2,6%) que les débutants (6,1%), créant un écart de connaissances dangereux. Les pays occidentaux montrent moins de confiance - Allemagne (22%), UK (23%), USA (28%) - que l'Inde (56%). Les créateurs d'outils IA leur font moins confiance. 77% des développeurs professionnels rejettent la programmation en langage naturel, seuls 12% l'utilisent réellement. Quand l'IA échoue, 75% se tournent vers les humains. 35% des visites Stack Overflow concernent maintenant des problèmes liés à l'IA. 69% rapportent des gains de productivité personnels, mais seulement 17% voient une amélioration de la collaboration d'équipe. Coûts cachés : temps de vérification, explication du code IA aux équipes, refactorisation et charge cognitive constante. Les plateformes humaines dominent encore : Stack Overflow (84%), GitHub (67%), YouTube (61%) pour résoudre les problèmes IA. L'avenir suggère un “développement augmenté” où l'IA devient un outil parmi d'autres, nécessitant transparence et gestion de l'incertitude. Mentorat open source et défis communautaires par les gens de Microcks https://microcks.io/blog/beyond-code-open-source-mentorship/ Microcks souffre du syndrome des “utilisateurs silencieux” qui bénéficient du projet sans contribuer Malgré des milliers de téléchargements et une adoption croissante, l'engagement communautaire reste faible Ce manque d'interaction crée des défis de durabilité et limite l'innovation du projet Les mainteneurs développent dans le vide sans feedback des vrais utilisateurs Contribuer ne nécessite pas de coder : documentation, partage d'expérience, signalement de bugs suffisent Parler du project qu'on aime autour de soi est aussi super utile Microcks a aussi des questions specifiques qu'ils ont posé dans le blog, donc si vous l'utilisez, aller voir Le succès de l'open source dépend de la transformation des utilisateurs en véritables partenaires communautaires c'est un point assez commun je trouve, le ratio parlant / silencieux est tres petit et cela encourage les quelques grandes gueules La modernisation du systemes legacy, c'est pas que de la tech https://blog.scottlogic.com/2025/08/27/holistic-approach-successful-legacy-modernisation.html Un artcile qui prend du recul sur la modernisation de systemes legacy Les projets de modernisation legacy nécessitent une vision holistique au-delà du simple focus technologique Les drivers business diffèrent des projets greenfield : réduction des coûts et mitigation des risques plutôt que génération de revenus L'état actuel est plus complexe à cartographier avec de nombreuses dépendances et risques de rupture Collaboration essentielle entre Architectes, Analystes Business et Designers UX dès la phase de découverte Approche tridimensionnelle obligatoire : Personnes, Processus et Technologie (comme un jeu d'échecs 3D) Le leadership doit créer l'espace nécessaire pour la découverte et la planification plutôt que presser l'équipe Communication en termes business plutôt que techniques vers tous les niveaux de l'organisation Planification préalable essentielle contrairement aux idées reçues sur l'agilité Séquencement optimal souvent non-évident et nécessitant une analyse approfondie des interdépendances Phases projet alignées sur les résultats business permettent l'agilité au sein de chaque phase Sécurité Cyber Attaque su Musée Histoire Naturelle https://www.franceinfo.fr/internet/securite-sur-internet/cyberattaques/le-museum-nati[…]e-d-une-cyberattaque-severe-une-plainte-deposee_7430356.html Compromission massive de packages npm populaires par un malware crypto https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised 18 packages npm très populaires compromis le 8 septembre 2025, incluant chalk, debug, ansi-styles avec plus de 2 milliards de téléchargements hebdomadaires combinés duckdb s'est rajouté à la liste Code malveillant injecté qui intercepte silencieusement l'activité crypto et web3 dans les navigateurs des utilisateurs Le malware manipule les interactions de wallet et redirige les paiements vers des comptes contrôlés par l'attaquant sans signes évidents Injection dans les fonctions critiques comme fetch, XMLHttpRequest et APIs de wallets (window.ethereum, Solana) pour intercepter le trafic Détection et remplacement automatique des adresses crypto sur multiple blockchains (Ethereum, Bitcoin, Solana, Tron, Litecoin, Bitcoin Cash) Les transactions sont modifiées en arrière-plan même si l'interface utilisateur semble correcte et légitime Utilise des adresses “sosies” via correspondance de chaînes pour rendre les échanges moins évidents à détecter Le mainteneur compromis par email de phishing provenant du faux domaine “mailto:support@npmjs.help|support@npmjs.help” enregistré 3 jours avant l'attaque sur une demande de mise a jour de son autheotnfication a deux facteurs après un an Aikido a alerté le mainteneur via Bluesky qui a confirmé la compromission et commencé le nettoyage des packages Attaque sophistiquée opérant à plusieurs niveaux: contenu web, appels API et manipulation des signatures de transactions Les anti-cheats de jeux vidéo : une faille de sécurité majeure ? - https://tferdinand.net/jeux-video-et-si-votre-anti-cheat-etait-la-plus-grosse-faille/ Les anti-cheats modernes s'installent au Ring 0 (noyau système) avec privilèges maximaux Ils obtiennent le même niveau d'accès que les antivirus professionnels mais sans audit ni certification Certains exploitent Secure Boot pour se charger avant le système d'exploitation Risque de supply chain : le groupe APT41 a déjà compromis des jeux comme League of Legends Un attaquant infiltré pourrait désactiver les solutions de sécurité et rester invisible Menace de stabilité : une erreur peut empêcher le démarrage du système (référence CrowdStrike) Conflits possibles entre différents anti-cheats qui se bloquent mutuellement Surveillance en temps réel des données d'utilisation sous prétexte anti-triche Dérive dangereuse selon l'auteur : des entreprises de jeux accèdent au niveau EDR Alternatives limitées : cloud gaming ou sandboxing avec impact sur performances donc faites gaffe aux jeux que vos gamins installent ! Loi, société et organisation Luc Julia au Sénat - Monsieur Phi réagi et publie la vidéo Luc Julia au Sénat : autopsie d'un grand N'IMPORTE QUOI https://www.youtube.com/watch?v=e5kDHL-nnh4 En format podcast de 20 minutes, sorti au même moment et à propos de sa conf à Devoxx https://www.youtube.com/watch?v=Q0gvaIZz1dM Le lab IA - Jérôme Fortias - Et si Luc Julia avait raison https://www.youtube.com/watch?v=KScI5PkCIaE Luc Julia au Senat https://www.youtube.com/watch?v=UjBZaKcTeIY Luc Julia se défend https://www.youtube.com/watch?v=DZmxa7jJ8sI Intelligence artificielle : catastrophe imminente ? - Luc Julia vs Maxime Fournes https://www.youtube.com/watch?v=sCNqGt7yIjo Tech and Co Monsieur Phi vs Luc Julia (put a click) https://www.youtube.com/watch?v=xKeFsOceT44 La tronche en biais https://www.youtube.com/live/zFwLAOgY0Wc Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 15 septembre 2025 : Agile Tour Montpellier - Montpellier (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 22-24 septembre 2025 : Kernel Recipes - Paris (France) 22-27 septembre 2025 : La Mélée Numérique - Toulouse (France) 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 23-24 septembre 2025 : AI Engineer Paris - Paris (France) 25 septembre 2025 : Agile Game Toulouse - Toulouse (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 30 septembre 2025-1 octobre 2025 : PyData Paris 2025 - Paris (France) 2 octobre 2025 : Nantes Craft - Nantes (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 7-8 octobre 2025 : Agile en Seine - Issy-les-Moulineaux (France) 8-10 octobre 2025 : SIG 2025 - Paris (France) & Online 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 17 octobre 2025 : Sylius Con 2025 - Lyon (France) 17 octobre 2025 : ScalaIO 2025 - Paris (France) 17-19 octobre 2025 : OpenInfra Summit Europe - Paris (France) 20 octobre 2025 : Codeurs en Seine - Rouen (France) 23 octobre 2025 : Cloud Nord - Lille (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 5-6 novembre 2025 : Red Hat Summit: Connect Paris 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 6 novembre 2025 : Agile Tour Aix-Marseille 2025 - Gardanne (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 19-21 novembre 2025 : Agile Grenoble - Grenoble (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 4-5 décembre 2025 : Agile Tour Rennes - Rennes (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 11 décembre 2025 : Normandie.ai 2025 - Rouen (France) 14-17 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) 4 septembre 2026 : JUG SUmmer Camp 2026 - La Rochelle (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

united states ai power google uk guide france action nature spring data blog ring code bitcoin collaboration ga charge option bananas jos ia exploration pas quand transformers faire rod analyse ils blue sky import api relaxation surveillance ethereum agile technologie phases parler gpt python cela tron toutes bump menace linux java github guillaume activation apis malgr aur jakarta probl num lam mus certains conception mise javascript llm moins exposition projet nano kafka nouvel mod gestion gpu cpu param troisi allemagne injection dns normandie mend vall solana katia personnes risque docker git loi seulement sortie sig lancement fen sdks aikido faible mises simplification attaque enregistr stack overflow approche veo ci cd litecoin utilise processus mcp shenandoah capacit tendance permet avantages senat paris france moteur typescript google deepmind traitement fonctionne annonc utilisation programmation markdown capitole gouvernance exemples linux foundation planification sql server kotlin fonctionnement owasp aper modifier jep jvm vache lts jetbrains hibernate github actions yaml faiblesse a2a grpc k8s cves contribuer mentorat impl architectes devcon spring boot secure boot assembler pattern matching jdk gradle lyon france huggingface podman systemd adk bordeaux france luc julia histoire naturelle mrl jpa rod johnson junit provence france devoxx toulouse france strasbourg france oidc alpha1 lille france codeurs dbcc dijon france devoxx france javadoc

Geekshow Arcade: Owen, that's an old article

Geekshow Podcast

Play Episode Listen Later Sep 5, 2025 45:01

Tony: -BF6 says no to RT: https://www.tomshardware.com/video-games/pc-gaming/battlefield-6-says-no-to-ray-tracing-now-and-in-the-near-future-dev-says-decision-made-to-focus-on-making-sure-it-was-performance-for-everyone-else -Insane Monitor speed: https://www.tomshardware.com/monitors/gaming-monitors/chinese-esports-firm-worked-with-amd-on-1-000-hz-gaming-monitor-primed-for-2026-debut -Abxylute unit of a handheld: https://www.tweaktown.com/news/107291/abxylute-preps-its-new-11-inch-3d-gaming-handheld-powered-by-intel-lunar-lake-cpu-costs-dollars1699/index.html?iabc=1 -Well, Well, Well, COD…: https://www.gamesradar.com/games/call-of-duty/call-of-duty-drops-a-whopping-100-gb-on-ps5-and-fans-think-its-due-to-battlefield-6-competition-is-always-good-for-gaming/ Jarron: -Perfect Dark almost saved: https://www.ign.com/articles/perfect-dark-was-nearly-saved-by-take-two-but-the-deal-fell-through -More Rayman is coming https://www.ign.com/articles/ubisoft-says-its-working-on-the-future-of-rayman-but-dont-expect-news-from-us-too-soon Owen: -Have YOU caught them all? Did you guys know about catching google pokemon? -Secure Boot a requirement for BF6 https://www.eurogamer.net/it-really-sucks-battlefield-6-technical-director-bummed-out-about-those-unable-to-play-due-to-secure-boot-requirement-believes-anti-cheat-cat-and-mouse-game-will-never-end -GOG “sticking it” to the man! https://www.engadget.com/gaming/pc/gog-is-giving-away-a-selection-of-adult-games-to-protest-censorship-215048233.html

arcade rt cod gog secure boot geek show

324: Secure Boot Linux issues, EU's Chat Control law, Linux Mint 22.2, Ubuntu Touch, & more Linux news

This Week in Linux

Play Episode Listen Later Aug 17, 2025 22:47

video: https://youtu.be/5T1Frk70LTQ Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, we have a lot of news to cover. We have some good news and some bad news. Well, people like to start with bad news first, I guess. So there is a fiasco happening with Secure Boot and how it may be affecting Linux users. Also, the EU is proposing a law that is pretty close to being passed that is very scary and a step towards mass surveillance. We'll talk about that. Then also we have some good news and that the Pebble watches are back and we have some beta releases from Linux Mint and Ubuntu Touch as well as SyncThing is back, which is a really cool tool to sync your files across multiple devices. All of this and more on This Week in Linux, the weekly news show that keeps you up to date with what's going on in the Linux and open source world. Now let's jump right into Your Source for Linux GNews. Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/2e5d6a20-b358-4ee3-8837-8986dff684ee.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 01:23 Secure Boot Fiasco coming for Linux Users? 03:43 EU Chat Control law is a step towards mass surveillance 06:15 KDE Gear 25.08 Released 08:19 Sandfly Security, agentless Linux security [ad] 10:38 Pebble Time 2 is coming 12:13 Linux Mint 22.2 Beta Released 13:43 Ubuntu Touch 24.04 1.0 Beta 15:05 Syncthing 2.0.0 released 17:28 SparkyLinux 8.0 released 18:39 LVFS Sustainability Plan 20:31 HandBrake 1.10 Released 21:55 Outro Links: Secure Boot Fiasco coming for Linux Users? https://mjg59.dreamwidth.org/72892.html (https://mjg59.dreamwidth.org/72892.html) https://lwn.net/Articles/1029767/ (https://lwn.net/Articles/1029767/) https://www.techradar.com/pro/security/linux-users-are-about-to-face-another-major-microsoft-secure-boot-issue (https://www.techradar.com/pro/security/linux-users-are-about-to-face-another-major-microsoft-secure-boot-issue) EU Chat Control law is a step towards mass surveillance https://fightchatcontrol.eu/ (https://fightchatcontrol.eu/) https://mullvad.net/en/chatcontrol (https://mullvad.net/en/chatcontrol) https://cointelegraph.com/news/eu-chat-control-plan-gains-support-threatens-encryption (https://cointelegraph.com/news/eu-chat-control-plan-gains-support-threatens-encryption) KDE Gear 25.08 Released https://kde.org/announcements/gear/25.08.0/ (https://kde.org/announcements/gear/25.08.0/) Sandfly Security, agentless Linux security [ad] https://thisweekinlinux.com/sandfly (https://thisweekinlinux.com/sandfly) Pebble Time 2 is coming https://ericmigi.com/blog/pebble-time-2-design-reveal (https://ericmigi.com/blog/pebble-time-2-design-reveal) https://www.youtube.com/watch?v=pcPzmDePH3E (https://www.youtube.com/watch?v=pcPzmDePH3E) https://techcrunch.com/2025/08/13/pebbles-smartwatch-is-back-pebble-time-2-specs-revealed/ (https://techcrunch.com/2025/08/13/pebbles-smartwatch-is-back-pebble-time-2-specs-revealed/) Linux Mint 22.2 Beta Released https://blog.linuxmint.com/?p=4876 (https://blog.linuxmint.com/?p=4876) Ubuntu Touch 24.04 1.0 Beta https://ubports.com/blog/ubports-news-1/ubuntu-touch-24-04-1-0-and-20-04-ota-10-call-for-testing-3963 (https://ubports.com/blog/ubports-news-1/ubuntu-touch-24-04-1-0-and-20-04-ota-10-call-for-testing-3963) Syncthing 2.0.0 released https://syncthing.net/ (https://syncthing.net/) https://github.com/syncthing/syncthing/releases/tag/v2.0.0 (https://github.com/syncthing/syncthing/releases/tag/v2.0.0) SparkyLinux 8.0 released https://sparkylinux.org/sparky-8-0/ (https://sparkylinux.org/sparky-8-0/) LVFS Sustainability Plan https://blogs.gnome.org/hughsie/2025/08/08/lvfs-sustainability-plan/ (https://blogs.gnome.org/hughsie/2025/08/08/lvfs-sustainability-plan/) https://www.omgubuntu.co.uk/2025/08/lvfs-sustainability-plan-vendor-funding (https://www.omgubuntu.co.uk/2025/08/lvfs-sustainability-plan-vendor-funding) HandBrake 1.10 Released https://handbrake.fr/ (https://handbrake.fr/) https://github.com/HandBrake/HandBrake/releases/tag/1.10.0 (https://github.com/HandBrake/HandBrake/releases/tag/1.10.0) https://www.omgubuntu.co.uk/2025/08/handbrake-1-10-released-new-features (https://www.omgubuntu.co.uk/2025/08/handbrake-1-10-released-new-features) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)

european union chapters linux pebble handbrake chat control linux mint secure boot pebble time your source syncthing ubuntu touch linux news michael tunnell

Starfield's “Cruise Mode” Leak | Horizon Lawsuit Drama | Battlefield 6 Secure Boot Woes

Day One Patch Podcast

Play Episode Listen Later Aug 10, 2025 88:57

In this episode of the Day One Patch Podcast, we cover the latest Starfield leak hinting at a new “Cruise Mode” for real-time space travel, break down Sony's lawsuit against Tencent over claims that Light of Motiram is a Horizon: Zero Dawn clone, and discuss the Secure Boot requirement causing headaches for Battlefield 6 players on PC. Plus, we share what we've been playing and this week's Video Game Fun Fact on the history of the Battlefield series.

drama sony pc woes horizon cruise lawsuit battlefield leak starfield tencent horizon zero dawn secure boot

Combo Wombo Podcast Ep 196 – AAA Anti Cheat

Combo Wombo

Play Episode Listen Later Aug 10, 2025 24:51

Gimpy and Chip talk about the Battlefield 6 beta, and the news that BF6 will be the first AAA game to require Secure Boot, with COD following shortly after. Is it too much?youtube available: https://youtu.be/0xA69554y7w

chip battlefield aaa cheat combo cod secure boot gimpy

NHL 26 News, Battlefield 6's Secure Boot Problem

Three Dads and a Console

Play Episode Listen Later Aug 7, 2025 65:53

EA has dropped NHL 26's cover athlete, cover, information about the game and a reveal trailer. Two of the biggest puck heads in the business talk about expectations for EA's hockey game. Battlefield 6 is making PC turn on secure boot through their bios, which could potentially cause a lot of problems with less experienced PC savants. Wabba finally played Expedition 33. FINALLY.

pc nhl ea battlefield expedition secure boot

Patch [FIX] Tuesday – July 2025: [BitLocker Attack, Secure Boot Expiry, Linux chroot+sudo privesc, and Malicious .Zips], E21

Autonomous IT

Play Episode Listen Later Jul 8, 2025 21:29

In this July 2025 Patch [FIX] Tuesday episode, Automox security experts Tom, Seth, and Cody unpack four high-impact threats — from Microsoft updates, to Linux vulns, and .zip exploit PoCs.Topics include a physical attack method bypassing BitLocker encryption (CVE-2025-48001), the looming expiration of secure boot certificates, a Linux privilege escalation flaw in chroot and sudo (CVE-2025-32463), and a proof-of-concept .zip exploit that hides malicious content during preview but runs it on unzip.Expect sharp technical insights, practical mitigation tips, and as always, a few laughs.

microsoft attack patch linux malicious cve pocs zips sudo expiry bitlocker secure boot cybersecurity podcast automox

SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Jun 30, 2025 7:29

Scattered Spider Update The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors. https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805 AMI BIOS Vulnerability Exploited CVE-2024-54085 A vulnerability in the Redfish remote access software, including AMI s BIOS, is now being exploited. https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/ Act now: Secure Boot certificates expire in June 2026 The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026. https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856 The Windows Resiliency Initiative: Building resilience for a future-ready enterprise Microsoft announced more details about its future security and resilience strategy for Windows. In particular, security tools will no longer have kernel access, which is supposed to prevent a repeat of the Cloudflare issue, but may also restrict security tools functionality. https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/

Darknet drug marketplace closed for business.

The CyberWire

Play Episode Listen Later Jun 16, 2025 37:24

International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. Tenable patches three high-severity vulnerabilities in Nessus Agent. Attackers can disable Secure Boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and HHS. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazis checks in with Brandon Karpf on agentic AI. When online chatbots overshare, it's no laughing Meta. CyberWire Guest Joining us today to discuss Agentic AI and it relates to cybersecurity and space with T-Minus Space Daily host Maria Varmazis is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Selected Reading Police seizes Archetyp Market drug marketplace, arrests admin (Bleeping Computer) Washington Post investigating cyberattack on journalists' email accounts, source says (Reuters) Anubis Ransomware Packs a Wiper to Permanently Delete Files (SecurityWeek) GrayAlpha Hacker Group Weaponizes Browser Updates to Deploy PowerNet Loader and NetSupport RAT (Cyber Security News) Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation (Cyber Security News) Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus (Infosecurity Magazine) Microsoft-Signed Firmware Module Bypasses Secure Boot (Gov Infosecurity) Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks (The Record) Coker: We can't have economic prosperity or national security without cybersecurity (The Record) The Meta AI app is a privacy disaster (TechCrunch) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

ai international washington post windows drug researchers marketplace closed lawmakers hhs attackers darknet cisa jpeg anubis wipers tenable secure boot cyberwire national cyber director

Not-So-Secure Boot - Rob Allen - PSW #868

ai ms microsoft fbi chief product officer gpu rob allen secure boot threatlocker

Play Episode Listen Later Apr 3, 2025 132:35

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-868

Not-So-Secure Boot - Rob Allen - PSW #868

ai ms microsoft fbi chief product officer gpu rob allen secure boot threatlocker

Play Episode Listen Later Apr 3, 2025 132:35

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I don't want to send you my data, I don't grant you remote access, and I don't want to create a MS account, CrushFTP has to crush some bugs, bypassing unprivileged user namespace restrictions, FBI raids, attackers using your GPU, Find My anything, protecting GlobalProtect, the exploits will continue until things improve, your call records were not protected, good vs. bad drivers, AI is hacking AI, time traveling attacks, and a bizarre call for security researchers. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-868

HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders!

Exploit Brokers - Hacking News

Play Episode Listen Later Apr 3, 2025 19:22

# Title * HN59 - Microsoft AI Discovers 20 Zero-Day Vulnerabilities in Bootloaders! ## Description

Not-So-Secure Boot - Rob Allen - PSW #868