Noxen Bloghttps://noxen.app/blog/feed.xml2026-06-01T00:00:00ZNoxen TeamNightly homelab security audits from your Mac.CUPS exposed on your LAN — the September 2024 CVE chainhttps://noxen.app/blog/cups-exposed-on-your-lan-cve-2024-47176/2026-06-01T00:00:00Z2026-06-01T00:00:00ZNoxen TeamFour chained CVEs in cups-browsed turn an unauthenticated UDP packet into RCE. What the chain actually does, who's exposed, and how to check your homelab.Container breakout in homelab Proxmox — CVE-2024-21626 explainedhttps://noxen.app/blog/container-breakout-cve-2024-21626-homelab-proxmox/2026-06-01T00:00:00Z2026-06-01T00:00:00ZNoxen TeamThe Leaky Vessels runc CVE turns a hostile container image into host root. What it actually does, why Proxmox LXC users care, and how to verify your fix.The libwebp problem — when one bundled library breaks a hundred appshttps://noxen.app/blog/libwebp-bundled-library-cve-2023-4863/2026-06-01T00:00:00Z2026-06-01T00:00:00ZNoxen TeamCVE-2023-4863 is the textbook bundled-library CVE. One bug in one library, hundreds of patches across Chromium, Electron, Home Assistant, Plex. What every homelab missed.Home Assistant security checklist — hardening before you expose the smart homehttps://noxen.app/blog/home-assistant-security-checklist/2026-05-27T00:00:00Z2026-05-27T00:00:00ZNoxen TeamTwelve hardening checks for self-hosted Home Assistant — auth, network exposure, integrations, supervisor add-ons, backups, secrets. Exact commands and what Noxen flags automatically.Pi-hole security checklist — admin panel, DNS exposure, and update hygienehttps://noxen.app/blog/pi-hole-security-checklist/2026-05-27T00:00:00Z2026-05-27T00:00:00ZNoxen TeamPi-hole sits on the trust path between every device on your LAN and the internet. Ten hardening checks for the admin UI, DNS resolver, blocklist sources, and update cadence. Exact commands and what Noxen flags automatically.Proxmox security checklist — VE web UI, cluster comms, and storage hardeninghttps://noxen.app/blog/proxmox-security-checklist/2026-05-27T00:00:00Z2026-05-27T00:00:00ZNoxen TeamProxmox sits below every VM and container in your homelab — compromise it and the rest of the fleet is dust. Twelve hardening checks for the web UI on port 8006, cluster encryption, storage permissions, and update cadence. Exact commands and what Noxen flags automatically.Vulnerability scanner false positives are a UX bug, not a featurehttps://noxen.app/blog/vulnerability-scanner-false-positives/2026-05-11T00:00:00Z2026-05-11T00:00:00ZNoxen TeamWhy most vulnerability scanners fail at the trust step. The five sources of scanner false positives, the diff-first fix, the honest tradeoffs of cutting noise, and what "the scanner earns its second run" actually means.Before you expose a service to the web — the non-negotiable Linux server hardening checklisthttps://noxen.app/blog/before-you-expose-a-service-to-the-web/2026-05-10T00:00:00Z2026-05-10T00:00:00ZNoxen TeamEight checks for the decision point — not general hardening, but what changes the moment a Linux service becomes reachable from the internet. SSH, TLS, exposed admin panels, package CVEs, and why drift detection matters more than the one-time pass.Ubuntu 22.04 LTS hardening checklist — 12 SSH and TLS audits before April 2027https://noxen.app/blog/ubuntu-22-04-lts-hardening-checklist/2026-05-01T00:00:00Z2026-05-01T00:00:00ZNoxen TeamUbuntu 22.04 hits end of standard support in April 2027. Twelve audit-ready SSH, TLS, and package-policy checks every Jammy homelab box should run before then — exact commands, what to fix, and what Noxen flags automatically.CVE-2024-3094 (xz/liblzma backdoor) — what homelabs had to fear and how to checkhttps://noxen.app/blog/cve-2024-3094-xz-backdoor-homelab/2026-05-01T00:00:00Z2026-05-01T00:00:00ZNoxen TeamThe 2024 supply-chain backdoor in xz-utils targeted sshd via liblzma. What it actually did, which distros shipped affected versions, the one-line check, and what supply-chain hygiene a homelab can realistically practice.10 homelab security quick wins to knock out in an afternoonhttps://noxen.app/blog/10-homelab-security-quick-wins/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamTen practical homelab security improvements you can ship in a single afternoon. SSH, TLS, firewall, package updates, exposed services.Agentless SSH host inventoryhttps://noxen.app/blog/agentless-ssh-host-inventory/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamWhat CVE-2022-3602 and CVE-2022-3786 in your homelabhttps://noxen.app/blog/cve-2022-3602-and-3786-in-your-homelab/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamThe OpenSSL X.509 email-address buffer overflows (Why Noxen flags exposed admin panels but never logs inhttps://noxen.app/blog/flag-only-not-authenticate/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamDefault-credential testing is explicitly out of scope for Noxen. Why thatHow often should you scan your homelab for vulnerabilities?https://noxen.app/blog/how-often-should-you-scan-your-homelab/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamDaily, weekly, monthly? A practical answer for homelab operators about scan cadence, balancing signal against alert fatigue.The Mac-native homelab vulnerability scannerhttps://noxen.app/blog/mac-homelab-vulnerability-scanner/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamA Mac-native homelab vulnerability scanner. Agentless over SSH. One-time purchase. No Docker, no SaaS. Built for people who run their own boxes.The monthly homelab security checklisthttps://noxen.app/blog/monthly-homelab-security-checklist/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamA monthly checklist for homelab operators: patch status, SSH hygiene, TLS expiry, firewall audit, backup verification.Nessus alternative for Mac homelabshttps://noxen.app/blog/nessus-alternative-for-mac-homelabs/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamNessus is a Mercedes. You need a bicycle. Noxen is a Mac-native, agentless, one-time-purchase vulnerability scanner for home labs.Pareto Security for your whole fleethttps://noxen.app/blog/pareto-security-for-your-fleet/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamPareto Security audits the local Mac. Noxen extends the same Mac-native security UX to every remote box you own — agentless, over SSH.Why your Raspberry Pihttps://noxen.app/blog/raspberry-pi-outdated-openssl/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamRaspberry Pi OS ships with OpenSSL, libssl3, libcurl, and a dozen TLS-adjacent libraries that accumulate CVEs. HereSSH key hygiene for homelabshttps://noxen.app/blog/ssh-key-hygiene-for-homelabs/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamEvery homelab accumulates SSH keys. How to audit them, find the ones you forgot, and rotate safely.TLS certificate expiry on self-hosted serviceshttps://noxen.app/blog/tls-certificate-expiry-self-hosted/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamHow to stop your self-hosted services from going down at 3am because a certificate expired. Monitoring, renewals, fallback strategies.Why Noxen ships via Developer ID, not the Mac App Storehttps://noxen.app/blog/why-developer-id-not-mas/2026-04-14T00:00:00Z2026-04-14T00:00:00ZNoxen TeamDeveloper ID direct distribution for Noxen: sandbox compatibility, App Review risk on