Contrary to what password managers say, a server compromise can mean game over.

https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/

@rootwyrm

I'm not arguing with you. Sorry if it sounds like I am. I don't have the same technical background you do and am asking how the 7.8-severity vuln shouldn't be considered high severity because it involves fonts . . . bounds checking? I'm asking you to explain the reasoning behind your assessment as if I was a student in a security 101 class.

@rootwyrm

CVSS is 7.8, which is high, no? That would seem to support the Anthropic's claim. What's the significance of the vulns being in fonts . . . bounds checking?

@rootwyrm

Right, but the post doesn't say merely that the reports of the 500 vulns resulted in commits. It says all 500 were high-severity. If true, that would be significant, no?

Thanks for all the responses. So far, projects I understand to have received reports include: Ghostscript, OpenSC, lzw, and CGIF. Are others known? Links to commits that fix the vulns also appreciated.

@rootwyrm

That's not what Antropic said. Antropic said the vulns were high-severity.

I'm curious to know what people think about Anthropic's claim that Claude found 500 high-severity vulnerabilities in open-source packages. Has anyone confirmed that these vulns were indeed high-severity and hadn't been discovered before? Is this development as big a deal as Anthropic says? Any other critiques?

https://red.anthropic.com/2026/zero-days/

No big deal. Pro-authoritarian Marc only controls the platform that stores terabytes of our conversations in perpetuity.

https://www.404media.co/marc-benioff-jokes-ice-is-watching-salesforce-employees-who-traveled-to-the-u-s/

@DaveMWilburn

Super helpful! Thanks. Do customers use opswat at the edge of Networks much? How do they perform there?

Do any security pros have experience with products from vendor opswat? General impressions of the company also appreciated.

All these reports from security vendors finding that x attacks surged by >100% read just like "umbrella salesman predicts record monsoon season."

@dangillmor

talk about straw men.

The intruder said he worked for the cartel. After gaining entry to the victim’s home by posing as a courier, he bound the victim’s wrists and ankles with duct tape, doused him with an unknown liquid and threatened to burn down the house.
After more than an hour inside the Mission Dolores home, the intruder had robbed the victim of $13 million worth of cryptocurrency, pulling off a heist that recent police records suggest was far more violent and sophisticated than was previously known.

https://www.sfchronicle.com/crime/article/sf-crypto-heist-clues-21333717.php

Am I the only journalist who would opt to go to jail rather than provide my biometrics to open a device when raided by law enforcement?