#mac

### Impact `CiliumNetworkPolicy`s which use `egress.toGroups.aws.securityGroupsIds` to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset section of the derived policy is not generated, which means outbound traffic may be permitted to more destinations than originally intended. ### Patches This issue has been patched in: * Cilium v1.18.4 * Cilium v1.17.10 * Cilium v1.16.17 ### This issue affects: - Cilium v1.18 between v1.18.0 and v1.18.3 inclusive - Cilium v1.17 between v1.17.0 and v1.17.9 inclusive - Cilium v1.16.16 and below ### Workarounds There is no workaround to this issue. ### Acknowledgements The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @SeanEmac for reporting this issue and to @fristonio for the patch. ### For more information If you t...

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report from Koi Security, attracting 300,000 installs. These extensions have since been taken down. "These

An accidental leak revealed that Flock, which has cameras in thousands of US communities, is using workers in the Philippines to review and classify footage.

Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and

The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window through which a human user viewed and interacted with the internet. That era is over. We are currently witnessing a shift that renders the old

A list of topics we covered in the week of November 24 to November 30 of 2025

Confidential computing is needed to protect sensitive data not only when it is stored or transmitted, but also while it is actively being processed in memory - traditionally the most vulnerable phase. In this article, I demonstrate how to implement a secure runtime environment using AWS Nitro Enclaves for applications on EC2 instances running Red Hat Enterprise Linux 9.6+ (RHEL).To fully understand the concepts, use cases, and justifications for confidential computing, read our previous articles. The hardware used to provide secure communication and certification is based on AWS Nitro architec

Last month, we launched Red Hat Ansible Automation Platform 2.6, and introduced several new features including an automation dashboard, a self-service automation portal, and the Ansible Lightspeed intelligent assistant. We hosted a follow-up webinar, What’s new with Ansible Automation Platform 2.6, during which we received some great questions from the audience about how to install, migrate, and upgrade to the latest version. To help you prepare for and navigate the Ansible Automation Platform 2.6 release, we've compiled the top questions and their answers.Installations, upgrades, and migrat

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie. Some of the

It turns out all the guardrails in the world won’t protect a chatbot from meter and rhyme.