Cybersecurity

Every technical support team I have worked with shares the same friction point: an analyst keeps four tabs open simultaneously (the EDR console, a ticketing system, an asset CMDB, and a query window) and spends a sizeable chunk of their shift copy-pasting IDs between them. The intelligence exists. The problem is getting it out fast enough. The Model Context Protocol (MCP) is the most credible attempt I have seen yet to reduce that cost. It is a small, open specification for letting LLM-driven assistants invoke external tools in a typed, structured way: a server exposes a catalogue of tools with JSON Schema input contracts, and any MCP-aware client (Claude Desktop, Claude Code, Zed, or your own automation) can call them without writing any glue code. One server definition, every compatible client for free. ...

A few months back I saw a post circulating on LinkedIn about a developer who had been targeted by a fake recruiter. The person had been invited to a “technical assessment,” cloned a repository, and ran the code provided as part of the interview. What followed was a silent drain of every credential stored on their machine. I remember reading it and feeling a specific kind of disgust, not just at the technical sophistication of the attack, but at the deliberate choice to weaponize something as emotionally charged as a job search. ...

On April 29, 2026, CVE-2026-31431 was publicly disclosed. Nicknamed “Copy Fail”, it is a local privilege escalation in the Linux kernel with a CVSS score of 7.8, present in every major distribution running kernel 4.13 or later: Ubuntu, RHEL, Amazon Linux, SUSE, Rocky Linux. What makes it stand out from most CVEs in this class is how little an attacker needs: a 732-byte Python script, standard library only, no compilation, no race conditions, no kernel offsets. First try, every time. ...

Ubuntu 26.04 LTS (“Resolute Raccoon”) shipped on April 24, 2026. Most of the coverage has focused on the desktop and the new Security Center UI, but I work almost exclusively on the server and infrastructure side, so I want to look at what actually matters for the teams I work with: those running Ubuntu Server as a base for VMs, bare-metal nodes, Kubernetes workers, and golden master images. My customers are split between RHEL and Ubuntu. The ones on Ubuntu are typically on 22.04 (few) or 24.04 LTS (most). The question I always get after a new LTS is the same: “Do we need to move now, or can we sit on the current version for another year?” This post is my attempt to give a structured answer, focused on security and container workloads, which is where I can actually add value. ...

It Happened Again On April 22, 2026, the official Bitwarden CLI npm package (@bitwarden/cli) was compromised. For roughly 90 minutes, between 5:57 PM and 7:30 PM ET, anyone who ran npm install @bitwarden/cli received a malicious package. Around 334 developers did exactly that. The attackers did not break into Bitwarden’s npm account directly. Instead, they hijacked a GitHub Actions workflow in Bitwarden’s CI/CD pipeline and weaponised npm’s Trusted Publishing mechanism to push a poisoned release. Trusted Publishing is OIDC-based and requires no stored credentials: it was introduced as a hardening measure after credential-based attacks. It became the entry point. ...

Introduction Trivy, the widely adopted open-source security scanner from Aqua Security, is a cornerstone of modern CI/CD pipelines and container security. With over 33,000 stars on GitHub as of March 2026, its footprint spans across Docker images, Homebrew, and countless developer machines. This ubiquity, however, made the supply-chain compromise discovered between March 19–21, 2026, particularly devastating. The incident was not a single point of failure but a multi-stage attack involving malicious releases, manipulated GitHub Actions, and a self-propagating worm that leveraged decentralized infrastructure. ...

In the last few days, we’ve witnessed a significant milestone for the global software ecosystem. A powerhouse coalition of tech leaders (including Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI) has committed $12.5 million in grant funding to advance open-source security. This isn’t just another corporate donation; it’s a strategic investment in the very foundation of modern technology. Why This Matters Now Open-source software (OSS) is the bedrock of everything from cloud infrastructure to the apps on your phone. However, as the ecosystem grows, so do the threats. We are currently seeing an “unprecedented influx” of security vulnerabilities, many discovered by automated AI systems. ...

The countdown is on. As of March 2026, we are less than five months away from the full applicability of the EU AI Act (August 2, 2026). For those of us running AI workloads on Kubernetes, whether it’s self-hosted inference engines like vLLM or RAG-based agentic systems, compliance is no longer a legal “later” problem. It’s an engineering “now” problem. Before we dive into the technical implementation, let’s look at the critical roadmap and the cost of getting it wrong: ...

Intro We have all been there: a Slack notification triggers an alert for a “Critical” CVE, and the scramble to patch begins. But as our clusters grow, so does the noise. The most jarring security stories are often the ones happening silently inside our own production environments. Datadog recently released its State of DevSecOps 2026 report, and the numbers provide a sobering reality check for anyone managing cloud-native infrastructure. The report reveals that 87% of organizations are currently running at least one known exploitable vulnerability in their deployed services. Even more concerning is that many of these services rely on libraries that have been abandoned by their maintainers. This is not just a theoretical problem; it is based on telemetry from thousands of real-world cloud environments, making the findings impossible to dismiss. ...

The countdown to KubeCon + CloudNativeCon Europe 2026 has officially entered its final stage! In just a few weeks, the global cloud-native community will descend upon the RAI Amsterdam (March 23–26), and I couldn’t be more excited. For ReeVo, this is a massive and strategic milestone. We are returning as a proud sponsor, and we are arriving in force. This isn’t just a marketing trip; it’s a mission. ...