We're live!

#web #tech #hosting #selfhosting #education #opensource #edtech #lamp #cloud #containers

https://reclaim.tv

Dew Drop – November 6, 2025 (#4535)

https://www.alvinashcraft.com/2025/11/06/dew-drop-november-6-2025-4535/

#dotnet #ai #webdev #csharp #windowsdev #visualstudio #mobiledev #cloud #database #dewdrop

NPM just got hit by another supply chain mess. Attackers uploaded 126 credential-stealing packages that used “Remote Dynamic Dependencies” to quietly fetch malware from untrusted sites. Over 86,000 downloads later, the campaign (dubbed PhantomRaven) shows how blind traditional scanning still is to dynamic or AI-generated code patterns. What makes this dangerous isn’t just the malicious code, it’s the infrastructure gap. Dependencies downloaded “fresh” on install mean attackers can serve clean code to researchers and poison code to production networks. That’s targeted compromise at scale.

⚠️ 126 malicious NPM packages
🧠 Exploits Remote Dynamic Dependencies
🎯 Targets CI/CD environments
🔐 Invisible to static analysis tools

https://arstechnica.com/security/2025/10/npm-flooded-with-malicious-packages-downloaded-more-than-86000-times/

#SupplyChainSecurity #OpenSource #CyberSecurity #NPM #security #privacy #cloud #infosec

We're live!

#web #tech #hosting #selfhosting #education #opensource #edtech #lamp #cloud #containers

https://reclaim.tv

🐍 The Python Software Foundation just walked away from $1.5 million in federal funding. Why? Because the Trump administration’s new rules would have forced them to drop all DEI programs, not just in the grant work, but across the entire organization. They were days from securing the largest grant in their history, meant to harden Python’s supply chain and protect millions of PyPI users from malware. Instead, they chose principle over payout. You can debate politics all day, but this is a textbook example of how ideology can undercut security. Open source depends on inclusion, both in code and in community.

💰 $1.5M grant rejected
🚫 Anti-DEI rule in play
🔐 Security upgrades stalled
🧑‍💻 Values > funding

https://arstechnica.com/tech-policy/2025/10/python-foundation-rejects-1-5-million-grant-over-trump-admins-anti-dei-rules/

#OpenSource #CyberSecurity #DEI #Python #security #privacy #cloud #infosec

Defra spent £312 million upgrading to Windows 10… right as Microsoft pulled support. 🤦🏻‍♂️ You can’t make this stuff up. This is what happens when modernization drags on so long that the target moves. The department did make progress, however, 31,500 Windows 7 laptops gone, 49,000 vulnerabilities fixed, and a datacenter shut down. But they also bought a “new” OS that’s already out of support. 😢 It’s a perfect case study in how technical debt compounds in public sector IT. You can’t patch your way out of a decade of deferred upgrades.

TL;DR
💸 £312M spent on obsolete OS
🖥️ 31.5K Win7 laptops replaced
☁️ Cloud migration still ahead
⚠️ 24K devices still end-of-life

https://www.theregister.com/2025/11/05/uk_defra_dept_spent_312m_window_10/

#ITModernization #CyberRisk #DigitalTransformation #PublicSector #security #privacy #cloud #infosec #cybersecurity

International Criminal Court Drops Microsoft 365 for European Open-Source Suite Amid Geopolitical Fears

#Microsoft #Microsoft365 #DigitalSovereignty #OpenSource #ICC #Geopolitics #EU #BigTech #Cloud #EnterpriseSoftware #TheHague #Zendis #Cybersecurity #GovTech #Europe #openDesk

https://winbuzzer.com/2025/11/06/international-criminal-court-drops-microsoft-365-for-european-open-source-suite-amid-geopolitical-fears-xcxwbn

Another Windows update, another fire drill. This time, the October 2025 update is kicking some users into BitLocker recovery mode, and if you don’t know where your recovery key lives, you could lose everything. What’s wild is that BitLocker is actually doing its job. The update just forgot to tell it to chill during reboot. It’s another reminder that the line between “secure” and “unusable” is thinner than most realize.

TL;DR
⚠️ October update breaks BitLocker flow
🔐 Missing key = locked-out data
🧠 Recovery key sits in your MS account
💡 Enterprise fix requires IT rollout

https://www.forbes.com/sites/zakdoffman/2025/11/05/you-could-be-in-trouble-microsoft-confirms-new-windows-update-mistake/

#Windows11 #InfoSec #CyberSecurity #Microsoft #security #privacy #cloud