HN821: Boring Network Design Is Good
Ethan Banks sits down with Ryan Hamel at the 96th North American Network Operators’ Group (NANOG96). Ryan, a network automation developer for the Zayo Group, talks about why boring…
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
IPB197: SLAAC and the End of DHCP?
Today our hosts discuss the essential role of Stateless Address Autoconfiguration (SLAAC) in successfully deploying an IPv6-mostly network. SLAAC is required to assign a unique IPv…
Yggdrasil Network
Article URL: https://yggdrasil-network.github.io/ Comments URL: https://news.ycombinator.com/item?id=47618100 Points: 122 # Comments: 60
N4N052: Multicast Part 2
Lenny Giuliano, Sr. Distinguished Systems Engineer at HPE Juniper Networks, joins Holly and Ethan for another round of multicast. Part two helps fill in details not covered in epis…
We intercepted the White House app's network traffic
Article URL: https://www.atomic.computer/blog/white-house-app-network-traffic-analysis/ Comments URL: https://news.ycombinator.com/item?id=47595865 Points: 234 # Comments: 72
Vulnerability research is cooked
Article URL: https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/ Comments URL: https://news.ycombinator.com/item?id=47578086 Points: 267 # Comments: 170
Show HN: Zerobox – Sandbox any command with file, network, credential controls
I'm excited to introduce Zerobox, a cross-platform, single binary process sandboxing CLI written in Rust. It uses the sandboxing crates from the OpenAI Codex repo and adds addition…
Full network of clitoral nerves mapped out for first time
Article URL: https://www.theguardian.com/society/2026/mar/29/full-network-clitoral-nerves-mapped-out-first-time-women-pelvic-surgery Comments URL: https://news.ycombinator.com/item…
AyaFlow: A high-performance, eBPF-based network traffic analyzer written in Rust
Article URL: https://github.com/DavidHavoc/ayaFlow Comments URL: https://news.ycombinator.com/item?id=47563978 Points: 103 # Comments: 11
The European AllSky7 fireball network
Article URL: https://www.allsky7.net/#archive Comments URL: https://news.ycombinator.com/item?id=47539767 Points: 122 # Comments: 13
Country that put backdoors in Cisco routers to spy on world bans foreign routers
Article URL: https://www.theregister.com/2026/03/24/fcc_foreign_routers/ Comments URL: https://news.ycombinator.com/item?id=47506279 Points: 162 # Comments: 53
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wi…
My home network observes bedtime with OpenBSD and pf
Article URL: https://ratfactor.com/openbsd/pf-gateway-bedtime Comments URL: https://news.ycombinator.com/item?id=47489620 Points: 136 # Comments: 35
Migrating the American express payment network, twice
Article URL: https://americanexpress.io/migrating-the-payments-network-twice/ Comments URL: https://news.ycombinator.com/item?id=47483830 Points: 101 # Comments: 36
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three…
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root Comments URL: https://n…
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Mich…
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this mo…
Reflected Cross Site Scripting (XSS) in error page
CVSSv3 Score: 4.1 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79] in FortiSIEM's error page may allow a remote unauthenticate…
Stack-based Buffer Overflow in API protection
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via crafte…
Authentication Lockout Bypass via Race Condition
CVSSv3 Score: 3.4 An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and FortiAnalyzer may allow an attacker to bypass brute…
Buffer Overflow in LLDP OUI field
CVSSv3 Score: 7.7 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker…
Authentication rate-limit bypass permits to brute force admin logins
CVSSv3 Score: 7.3 An Improper Control of Interaction Frequency vulnerability [CWE-799] in FortiWeb may allow a remote unauthenticated attacker to bypass the authentication ra…
OS command injection on vmimages update feature
CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox …
Null Pointer Dereference in Anti-Defacement feature
CVSSv3 Score: 2.5 A NULL Pointer Dereference vulnerability [CWE-476] in FortiWeb may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests. …
OS Command injection in FortiWeb API
CVSSv3 Score: 6.7 An OS Command Injection vulnerability [CWE-78] in FortiWeb API may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP…
Local privilege escalation via improper symlink following
CVSSv3 Score: 7.4 A UNIX symbolic link (Symlink) Following vulnerability [CWE-61] in FortiClientLinux may allow a local and unprivileged user to escalate their privileges to …
Path traversal vulnerability in FortiSOAR Agent Connector Bridge server
CVSSv3 Score: 5.5 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR Agent Connector Bridge may allow an un…
Lack of TLS Certificate Validation during initial SSO Authentication
CVSSv3 Score: 6.3 An improper certificate validation [CWE-295] vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view confidential informat…
Privilege escalation using undocumented CLI command
CVSSv3 Score: 6.4 An Inclusion of Undocumented Features [CWE-1242] in FortiManager and FortiAnalyzer CLI may allow a remote authenticated read-only admin with CLI access to e…