reporter

A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute a malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence Center (ASEC) said in a report published last week. "They then used PowerCat, an open-sourceView the full article

Reality star and businesswoman Kim Kardashian has revealed that she was the anonymous buyer who spent $80,276 to purchase her late father Robert Kardashian’s Bible, which had once been gifted to former NFL player O.J. Simpson.View the full article

Nigerians have had enough of the government's failure to stop the endless violence.View the full article

The Anglo-Saxon Church to negotiate a way forward in a context which, at one time, would have seemed disastrous.View the full article

The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time. "In the period from 2024 to 2025, the Russian IT sector, especially companies working as contractors and integrators of solutions for government agencies,View the full article

Most of Sudan's post-independence history has been marred by civil war.View the full article

While fewer Americans are married than in previous generations, the desire to wed has not disappeared - even as divorce, cohabitation and remarriage are reshaping family life, a study suggests.View the full article

A new 'Street Preacher's Charter' has been launched in Parliament after a succession of fines and arrests involving pastors, some of which have led to hefty compensation payouts from police. View the full article

Hindu nationalists refused to let a Christian man be buried in his ancestral village.View the full article

Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. "This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems," Blackfog researcher Brenda Robb said in a Thursday report. InView the full article

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticatedView the full article

Following the unveiling of our new Rovo Dev Agent at Team ’25 in April, we’re excited to bring it to the command line, an essential tool in many developers’ daily workflows. This significant milestone introduces an agentic AI coding experience designed with enterprises in mind. With Rovo Dev CLI, part of Rovo Dev, your command line becomes an intelligent development agent that understands, codes, and collaborates with you, seamlessly integrated into your Atlassian workflow. Want to try it out? Download Rovo Dev CLI here. Unleash agentic AI in your terminal Rovo Dev in the CLI is crafted for developers who thrive in the terminal environment. It transforms into an intelligent AI partner that understands, codes, and integrates seamlessly with your existing tools. It addresses key challenges faced by software engineers through: Code understanding and navigation: Gain insights into your codebase, generate documentation, and receive code explanations without leaving your terminal. Development acceleration: Speed up your development cycle with AI-assisted code completion, intelligent refactoring suggestions, automated testing, and interactive debugging. Atlassian ecosystem: Seamlessly work with Jira issues, update Confluence documentation, and manage your development tasks directly from the terminal – no more context switching between tools. Security and administration: Implement robust permission controls and protocols while efficiently tracking resource utilization and managing user access through role-based permissions. Maintain comprehensive usage monitoring and cost management. Extensibility and customization: Configure tool permissions, optimize your workflow, and extend functionality by connecting your MCP server to match your team’s specific needs. Raising the bar – Scoring #1 on SWE-bench Rovo Dev CLI achieves the highest score on the SWE-bench full benchmark leaderboard, reaching 41.98% resolve rate across 2,294 tasks in the full dataset, surpassing all other submissions. Maintained by researchers at Princeton and Stanford, SWE-bench is the leading benchmark for evaluating AI agents on real-world issue resolution, testing their ability to make context-aware code edits across open-source projects. This officially published score positions Atlassian at #1 on the leaderboard, demonstrating our leadership in practical AI applications for software development and underscoring Rovo Dev’s advanced capabilities in real-world code understanding and automated problem solving. See the full leaderboard here. How teams are using Rovo Dev CLI Teams using Rovo Dev CLI have quickly made it part of their daily workflow. Engineers rely on it to stay focused by offloading routine tasks like code navigation, feature implementation, and documentation generation. The agent helps developers understand new codebases, implement features with web-integrated research via MCP servers, and assist in complex code migrations, all without leaving the terminal environment. By eliminating the need to switch between different tools and interfaces, Rovo Dev helps development teams stay in their flow state while working on what matters most. Let’s explore how Rovo Dev brings intelligent assistance to your terminal through real-world development scenarios: Explore and understand your codebase Understanding your codebase is the first step to productive development. Watch as Rovo Dev analyzes entire repositories in seconds, answering natural language questions about code structure and technical implementations to help developers quickly navigate complex projects. Connect to Jira, Confluence, and Bitbucket See how you can connect MCP servers to Rovo Dev. In this example, we connect with Jira, Confluence, and Bitbucket to complete a work item end-to-end. From retrieving web data to updating the codebase, all in the terminal, with zero manual coding. And, if you’re using Jira with GitHub, we’ve got you covered, too. Adaptive memory system Rovo Dev’s intelligence grows with your project through its memory system. Watch how it uses memory files to retain project knowledge and adapt its behavior – you can even customize its personality to match your team’s style! Code migration assistance Finally, witness how Rovo Dev helps to tackle larger challenges like codebase migrations. Through structured analysis and step-by-step execution, it helps manage complex transitions while keeping developers in control of the process. These demonstrations showcase just a few ways Rovo Dev can enhance your development workflow. Whether you’re exploring new codebases, implementing features, or managing large-scale changes, Rovo Dev serves as your intelligent partner in the terminal. Join the future of development Rovo Dev is your context-aware AI teammate for the entire software development lifecycle. Powered by Atlassian’s Teamwork Graph, Rovo Dev understands your company, your projects, and your goals, and connects the dots across Jira, Confluence, Bitbucket, Compass, and more. Rovo Dev in the CLI is the first enterprise-ready agent experience available in your terminal, designed to enhance productivity and streamline your software development process. We invite you to download Rovo Dev in the CLI and learn more about additional Rovo Dev capabilities. Your feedback will be invaluable in helping us refine and enhance this powerful tool. Welcome to the era of intelligent development on the command line! Get started with Rovo Dev CLI The post Rovo Dev agent, now available in the CLI appeared first on Work Life by Atlassian. View the full article

On November 12-14, the Docker team was out in numbers at JFrog SwampUP Berlin 2025. We joined technical sessions, put on a fireside chat, and had conversations with attendees there. We’d like to thank the folks at JFrog for having us there and putting on such a great show! Here’s our takeaways from the event about software supply chain security trends: Software supply chain attacks reach unprecedented scale leveraging open source packages An analysis of recent software supply chain attacks by JFrog’s CTO Asaf Karas shed light on how malicious actors leverage AI and software supply chains on their exploits. Recent attacks combine existing techniques, like phishing, in combination with AI prompts that recursively write and execute code in order to compromise hundreds of thousands of systems running popular open source packages. A few examples include Shai Hulud, Red Donkey, and the recent NPM package phishing attack. So far, despite these attacks’ scale, damages have been limited due to the still rudimentary nature of these exploits. Expect more software supply chain attacks as well as more sophistication in the coming year. New Roles of Governance as a Security Layer The best way to avoid software supply chain attacks is to not have malicious code entering software supply chains in the first place. That’s where governance comes into play. Taking control of gate points during the software development lifecycle, for example during dependency scanning, build pipelines, and deployments is not enough. It is necessary to block malicious or risky code before it enters the software supply chain. Not only that, but also tools need increased interoperability to detect all potential attack vectors. Addressing MCP Challenges in AI Development MCP’s ability to leverage both deterministic and non-deterministic outcomes by connecting an LLM client to many different servers seems to be the main reasons companies are betting on the technology to build applications that deliver value to customers. Moreover, because each server can run independently from one another, it becomes possible to add governance layers on MCP servers, reducing risks of hallucination or unexpected results. Overall, we agree with JFrog’s assessment and look forward to opportunities where Docker and JFrog MCP technologies can work together for a safer and smoother enterprise AI developer experience. Building on Strong Open Source Foundations Is Core in the AI Era The fireside chat between Gal Marder, JFrog’s Chief Strategy Officer, and Michael Donovan, Docker’s VP of Product, explored how organizations can protect themselves from risks in unverified open source dependencies. They emphasized the importance of starting with strong foundations: using hardened images, maintaining them throughout their lifecycle, including those that have reached end of life, and ensuring visibility and governance across every stage. Strong third-party integrations are essential to manage this complexity effectively and extend security and trust from development to delivery. Conclusion: Build strong foundations, keep it consistent, stay ahead Software development is changing fast as AI becomes part of everyone’s workflow, developers and attackers alike. The best way to stay ahead is to build protection early by starting with strong foundations and keep it consistent across every stage with governance, visibility, and strong partnerships. Only then can teams innovate with confidence and speed as the landscape evolves. Exciting times! Learn more Subscribe to the Docker Navigator Newsletter Explore the MCP Catalog: Discover containerized, security-hardened MCP servers Explore the DHI Catalog: Discover secure, minimal, production-ready container images Docker Partner Programs: Discover trusted partners, tools, and integrations New to Docker? Create an account Have questions? The Docker community is here to help View the full article

On November 19, 2025, the Golang project published two Common Vulnerabilities and Exposures (CVEs) affecting the widely-used golang.org/x/crypto/ssh package. While neither vulnerability received a critical CVSS score, both presented real risks to applications using SSH functionality in Go-based containers. CVE-2025-58181 affects SSH servers parsing GSSAPI authentication requests. The vulnerability allows attackers to trigger unbounded memory consumption by exploiting the server’s failure to validate the number of mechanisms specified in authentication requests. CVE-2025-47914 impacts SSH Agent servers that fail to validate message sizes when processing identity requests, potentially causing system panics when malformed messages arrive. (These two vulnerabilities came just days after CVE-2025-47913, a high-severity vulnerability affecting the same Golang component that Docker also quickly patched) For teams running Go applications with SSH functionality in their containers, leaving these vulnerabilities unpatched creates exposure to denial-of-service attacks and potential system instability. How Docker achieves lightning fast vulnerability response When these CVEs hit the Golang project’s security feed, Docker Hardened Images customers had patched versions available in less than 24 hours. This rapid response stems from Docker Scout’s continuous monitoring architecture and DHI’s automated remediation pipeline. Here’s how it works: Continuous CVE ingestion: Unlike vulnerability scanning that runs on batch schedules, Docker Scout continuously ingests CVE information from upstream sources including GitHub security advisories, the National Vulnerability Database, and project-specific feeds. The moment CVE data becomes available, Scout begins analysis. Instant impact assessment: Within seconds of CVE ingestion, Scout identifies which Docker Hardened Images are affected based in Scout’s comprehensive SBOM database. This immediate notification allows the remediation process to start without delay. Automated patching workflow: Depending on the vulnerability and package, Docker either patches automatically or triggers a manual review process for complex changes. For these Golang SSH vulnerabilities, the team initiated builds immediately after upstream patches became available. Cascading builds: Once the patched Golang package builds successfully, the system automatically triggers rebuilds of all dependent packages and images. Every Docker Hardened Image containing the affected golang.org/x/crypto/ssh package gets rebuilt with the security fix. The entire process, from CVE disclosure to patched images available to customers, was completed in under 24 hours. Customers using Docker Scout received immediate notifications about the vulnerabilities and the availability of patched versions. Why Docker’s Security Response Is Different One of Docker’s key differentiators is its continuous, real-time monitoring, rather than periodic batch scanning. Traditional vulnerability management relies on daily or weekly scans, leaving containers exposed to known vulnerabilities for hours or even days. With Docker Scout’s real-time CVE ingestion, detection starts the moment a vulnerability is published, enabling remediation within seconds and minimizing exposure. This foundation powers Docker Hardened Images (DHI), where packages and dependencies are continuously tracked and automatically updated when issues arise. For example, when vulnerabilities were found in the golang.org/x/crypto library, all affected images were rebuilt and released within a day. Customers simply pull the latest tags to stay secure, no manual patching, emergency maintenance, or impact triage required. But continuous monitoring is just the foundation. What truly sets Docker apart is how that real-time intelligence flows into an automated, transparent, and trusted remediation pipeline, built on over a decade of experience securing and maintaining the Docker Official Images program.These are the same images trusted and used by millions of developers and organizations worldwide, forming the foundation of countless production environments. That long-standing operational experience in continuously maintaining, rebuilding, and distributing secure images at global scale gives Docker a proven track record in delivering reliability, consistency, and trust few others can match. Beyond automation, Docker’s AI guardrails add yet another layer of protection. Purpose-built for the Hardened Images pipeline, these AI systems continuously analyze upstream code changes, flag risky patterns, and prevent flawed dependencies from entering the supply chain. Unlike standard coding assistants, Docker’s AI guardrails are informed by manual, project-specific reviews, blending human expertise with adaptive intelligence. When the system detects a high-confidence issue such as an inverted error check, ignored failure, or resource mismanagement, it halts the release until a Docker engineer verifies and applies the fix. This human-in-the-loop model ensures vulnerabilities are caught long before they can reach customers, turning AI into a force multiplier for safety, not a replacement for human judgment. Another critical differentiator is complete transparency. Consider what happens when a security scanner still flags a vulnerability even after you’ve pulled a patched image. With DHI, every image includes a comprehensive and accurate Software Bill of Materials (SBOM) that provides definitive visibility into what’s actually inside your container. When a scanner reports a supposedly remediated image as vulnerable, teams can verify the exact package versions and patch status directly from the SBOM instead of relying on scanner heuristics. This transparency also extends to how Docker Scout handles CVE data. Docker relies entirely on independent, third-party sources for vulnerability decisions and prioritization, including the National Vulnerability Database (NVD), GitHub Security Advisories, and upstream project maintainers. This approach is essential because traditional scanners often depend on pattern matching and heuristics that can produce false positives. They may miss vendor-specific patches, overlook backported fixes, or flag vulnerabilities that have already been remediated due to database lag. In some cases, even vendor-recommended scanners fail to detect unpatched vulnerabilities, creating a false sense of security. Without an accurate SBOM and objective CVE data, teams waste valuable time chasing phantom vulnerabilities or debating false positives with compliance auditors. Docker’s approach eliminates that uncertainty. Because the SBOM is generated directly from the build process, not inferred after the fact, it provides definitive evidence of what’s inside each image and why certain CVEs do or don’t apply. This transforms vulnerability management from guesswork and debate into objective, verifiable security assurance, backed by transparent, third-party data. CVEs don’t have to disrupt your week Managing vulnerabilities consumes significant engineering time. When critical CVEs drop, teams rush to assess impact, test patches, and coordinate deployments. Docker Hardened Images eliminate this overhead by continuously updating base images with complete transparency into their contents with rapid turnarounds to reduce your exposure window. If you’re tired of vulnerability whack-a-mole disrupting your team’s roadmap, Docker Hardened Images offers a better path forward. Learn more about how Docker Scout and Hardened Images can reduce your vulnerability management burden, or contact our team to discuss your specific security requirements. View the full article

Christians in China have long faced harassment from the authorities.View the full article

Despite less than half of Americans ranking religion as an important part of their daily life, America is still more devout when it comes to religion than its economic peers, such as the United Kingdom or Germany, new data from Gallup shows.View the full article

The Evangelical Alliance has produced a report showing the impact that faith communities are having in Wales.View the full article

A leading church historian has warned that the public image of evangelicals is being distorted by US politics, even as the movement experiences rapid growth and renewed vitality across the Global South.View the full article

In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced its partnership with Onerep will officially end next month. Mozilla Monitor. Image Mozilla Monitor Plus video on Youtube. In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep. “We will continue to offer our free Monitor data breach service, which is integrated into Firefox’s credential manager, and we are focused on integrating more of our privacy and security experiences in Firefox, including our VPN, for free,” the advisory reads. Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025. After that, those subscribers will automatically receive a prorated refund for the unused portion of their subscription. “We explored several options to keep Monitor Plus going, but our high standards for vendors, and the realities of the data broker ecosystem made it challenging to consistently deliver the level of value and reliability we expect for our users,” Mozilla statement reads. On March 14, 2024, KrebsOnSecurity published an investigation showing that Onerep’s Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Shelest released a lengthy statement wherein he acknowledged maintaining an ownership stake in Nuwber, a data broker he founded in 2015 — around the same time he launched Onerep. View the full article

“In Nigeria, Christians are being targeted, driven from their homes and killed," she said.View the full article

The Marriage Foundation has voiced concern over newly released figures from the Office for National Statistics (ONS), which show a 9% fall in heterosexual marriages in England and Wales during 2023.View the full article

A contentious assisted dying bill being considered by Holyrood is facing mounting opposition as MSPs voice significant concerns about patient safety, human rights compliance, and supposed safeguards.View the full article

Christmas is coming, and with it the possibility of more massacres.View the full article

20 November is St Edmund’s Day, celebrating the king and martyr who was once the patron saint of England. This is his story.View the full article

The UK Supreme Court has ruled that the current approach to Religious Education and collective worship in Northern Ireland schools breaches human rights and is unlawful.View the full article