r/security

CISA adds Linux kernel zero-day CVE-2026-43456 to KEV after active exploitation
▲ 227 r/security+8 crossposts

CISA adds Linux kernel zero-day CVE-2026-43456 to KEV after active exploitation

CISA has added CVE-2026-43456, a Linux kernel local privilege escalation vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog following confirmed in-the-wild exploitation. Here's everything covering the affected kernel versions, the vulnerability itself, which distributions have shipped fixes, and the available mitigations. If you're maintaining Linux systems, it may be worth checking whether your kernel has already been updated by your distro. Patch Now.

thecybersecguru.com
u/KingdomOfAngel — 20 hours ago

What ensures data security once sensitive data is scattered everywhere?

Forgive me if this question has an obvious answer. What becomes the control plane for enterprise data security once an organization's data is spread across S3, Snowflake, SaaS apps, exports, etc?

Is it IAM, classification, data lineage, DLP, DSPM or a combination of all the above? And how are teams making this work when quarterly access reviews are too slow for how fast data moves?

reddit.com
u/Beneficial_Winter927 — 2 days ago
▲ 2.2k r/security+1 crossposts

I made a reusable tamper-evident jar for storing sensitive items

Hey guys, for the past few years, I have been working on a reusable tamper-evident jar for storing physical items.

The idea is that the lid creates a random physical “fingerprint” every time you close it. Inside the lid are thousands of tiny black and white balls. When you twist the jar open or closed, they mix. Once the jar is closed, the unique pattern is locked in place.

You can take a photo of that pattern with your phone, and later compare it to check whether the jar has been opened. If someone opens it, the pearls mix again and the original pattern is gone. The second pic shows a gif of two different patterns compared to one another, showing it is easy to tell that the lid was opened.

I made it because I wanted a simple physical way to store things like hard drives, USB sticks, authentication keys, documents, etc. Basically anything that you would do want to know if someone has accessed it.

After a lot of hard work and prototyping, I'm happy to announce it's finally complete! Check it out on https://www.entropyseal.com/.

Happy to hear feedback. I’m especially interested in whether the concept is clear and what use cases come to mind. :)

Edit: seems I get a lot of questions about whether the balls move if jar is moved around. Just to clarify, the balls are held firmly in place when the lid is closed tight. So you can handle the entropyseal without the pattern breaking.

u/Substantial-Try-1198 — 4 days ago

How to find security people in London

Hey, I have a business and I’m looking for the best way to find and hire appsec and director of security. Very aware the market is super tight. Any ideas on the best places to look. A LinkedIn advert is not quite cutting it.

reddit.com
u/Sure_Chemistry3938 — 3 days ago
▲ 28 r/security+2 crossposts

Apple's Hide My Email vulnerability reportedly exposes users' real email addresses

A newly disclosed privacy vulnerability in Apple's Hide My Email feature can reportedly allow an attacker to uncover the real email address behind a generated alias. According to the researcher who found the bug, it was responsibly disclosed to Apple more than a year ago but remains unpatched, and independent testing has verified the issue

thecybersecguru.com
u/NapierPalm — 4 days ago
▲ 22 r/security+2 crossposts

Booking.com has suffered a data breach

A phishing campaign targeting Booking.com hotel partners is abusing the ClickFix technique to steal hotel extranet credentials and access real guest reservation data. Attackers then impersonate hotels, sending convincing emails or WhatsApp messages that include actual booking details and trick travelers into making fake payments or revealing card information. Booking.com says its own systems weren't directly breached, but affected guests should ignore off-platform payment requests and verify any payment through the official Booking.com app or website

thecybersecguru.com
u/NapierPalm — 6 days ago

Join us in this AMA with the director of a leading physical penetration testing & red teaming firm in Europe. We are legal burglars. Ask me anything!

Hi, I am a security consultant at a leading physical penetration testing firm. Together with Richard Bruins, u/cocoon_r_bruins, director of Cocoon Risk Management in The Netherlands. We are a risk management firm specialized in physical pentesting & red teaming audits. We break in to places and report how we did it. We also provide consulting in ABRO compliance (General Security Requirements for Government Contracts). Our clients are big organizations throughout Europe in key industries like data centres, pharmaceuticals, finance en vital infrastructure. Ask me anything!

reddit.com
u/sec_consultant — 7 days ago

Video removal?

Tapo, a company from Amazon, has removed videos from my sd card? It was a police encounter... is this legal/normal?

reddit.com
u/AustinJupiter1 — 11 days ago