Privacy-first mobile carrier with IMSI rotation, encrypted texting, SIM swap protection, anonymous payments, and no data collection
https://www.cape.co/

AI voice cloning now takes 3 seconds of audio. Encrypted messengers solve channel security but not human authentication; how do you verify the person on the other end isn't a deepfake?

We're drafting an open protocol for this: CANARY; coercion-resistant spoken verification. Rotating words derived from a shared secret (like TOTP but human-spoken), with three layers designed for real-world threat models:

· Rotating verification words; deterministic, offline-capable, burn-after-use. Not a static family safe word that one compromise burns forever.
· Silent duress signalling; if you're coerced into revealing your word, speaking a different word silently alerts the group without tipping off the attacker. Per-member duress tokens mean the group knows who is under duress.
· Dead man's switch / liveness; if a member stops checking in, the group is alerted. Covers the scenario where someone can't even speak a duress word…. they've gone silent entirely.

Spec: https://github.com/TheCryptoDonkey/canary-kit/blob/main/CANARY.md
Nostr binding (6 event kinds): https://github.com/TheCryptoDonkey/canary-kit/blob/main/NIP-CANARY.md
Interactive demo: https://canary.trotters.cc

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan:
The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.
https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan