When I talk about open-source security, I’m not talking ideology—I’m talking measurable trust. The RPM 6.0.0 release (September 22, 2025) finally gives me solid building blocks for what I expect from a modern package system: locking down the trust chain, tracing artifact provenance precisely, and handling key rotations without breaking production. Why this release changes…
On August 6, 2025, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on a newly disclosed high-severity vulnerability affecting Microsoft Exchange Server in hybrid deployment scenarios. Tracked as CVE-2025-53786, the flaw allows a threat actor with administrative access to an on-premises Exchange server to escalate privileges in the organization’s Exchange…
