Tootfinder

A lot happened over the weekend. Check out today's Metacurity for the most critical infosec developments you might have missed, including
--Proposed Israeli cyber law calls for cyber incident reporting in real time,
--Russia is likely the source of wiper malware that targeted Poland's energy sector,
--Russian national pleads guilty to targeting 50 victims with ransomware,
--DPRK group Konni is targeting blockchain engineers with malware,
--Critical flaw i…

Proposed Israeli cyber law calls for cyber incident reporting in real time
Russia is likely the source of wiper malware that targeted Poland's energy sector, Russian national pleads guilty to targeting 50 victims with ransomware, DPRK group Konni is targeting blockchain engineers with malware, Critical flaw in Solana's validator client fixed, much more

I was in Barton Hall for the third weekend in a row, this time for Cornell's club fair: here's the music group Mediocre Melodies
#cornell

Ein Gesetz gegen #Mietwucher, eingebracht von der Linken und unterstützt durch mehrere #Bundesländer, ist im #Bundestag gescheitert.
Der Entwurf sah vor, überhöhte Mieten leichter z…

Deutscher Bundestag - Bundestag lehnt „Mietwuchergesetz“ der Linken ab
Der Bundestag hat am Donnerstag, 6. November 2025, nach halbstündiger Debatte den Gesetzentwurf der Fraktion Die Linke „zur besseren Bekämpfung überhöhter Mieten“ (Mietwuchergesetz,...

Happy Saturday! Metacurity offers our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection covers
--The untouchable hacker god who destroyed psychotherapy patients,
--AI prompt injection is an unsolvable problem,
--Deepfakes are messing up Canada's justice system,
--What the hack of Russia's Unified Military Registry revea…

Best infosec-related long reads for the week of 1/17/26
The untouchable hacker god who destroyed psychotherapy patients, AI prompt injection is an unsolvable problem, Deepfakes are messing up Canada's justice system, What the hack of Russia's Unified Military Registry revealed, The US military needs to accelerate its tests of AI trustworthiness

Check out today's Metacurity for a ton of critical infosec developments you might have missed over the weekend, including
--Cyberattack on a critical third-party vendor could expose top banks' customer data,
--An insider shared internal CrowdStrike screenshots on Telegram,
--Hackers stole Salesforce-stored data from 200 companies,
--DOGE has purportedly disbanded,
--Harvard is the latest Ivy to get hacked,
--AI models can sabotage coding projects, …

Cyberattack on a critical third-party vendor could expose top banks' customer data
An insider shared internal CrowdStrike screenshots on Telegram, Hackers stole Salesforce-stored data from 200+ companies, DOGE has purportedly disbanded, Harvard is the latest Ivy to get hacked, AI models can sabotage coding projects, Singapore raids scam-connected firm, much more

Bad timing for an email to hit my inbox
Booz Allen Automates Malware Analysis with Al Agents

"The spying operation is alleged to have targeted close aides of Boris Johnson, Liz Truss and Rishi Sunak over the course of three years"

Chinese hackers targeted top UK officials
The spying operation is alleged to have targeted close aides of Boris Johnson, Liz Truss and Rishi Sunak over the course of three years

So I was going to write a short piece about this, but I'm so plumb out of time, and it would be so weird to put this in Metacurity as a special report that I'm writing a social media thread instead.
Last summer, I wrote a piece about the Coinbase breach based on an extensive conversation I had with the exchange's CSO, Philip Martin, who has serious chops as a cybersecurity guy.

Behind the Coinbase breach: Bribery emerges as enterprise threat
Coinbase’s breach shows how bribery schemes — long used for SIM swaps — can be a potent enterprise attack vector. Experts urge security leaders to add bribery training and red-teaming to their cyber defense toolkits.

Before you head out for the weekend, don't miss today's Metacurity for the crucial cybersecurity developments you should know, including
--A database with 149 million usernames and passwords was exposed on the internet,
--Venezuelan nationals who stole cash from ATMs using malware will be deported from US,
--FBI asked Microsoft to unlock encrypted laptops,
--Under Armour is investigating massive data breach,
--Tech investors want the US government to prob…

A database with 149 million usernames and passwords was exposed on the internet
Venezuelan nationals who stole cash from ATMs using malware will be deported from US, FBI asked Microsoft to unlock encrypted laptops, Under Armour is investigating massive data breach, Tech investors want the US government to probe S. Korea's treatment of Coupang following data breach, much more

https://www.wired.com/story/tiktok-new-privacy-policy/

TikTok Is Now Collecting Even More Data About Its Users. Here Are the 3 Biggest Changes
According to its new privacy policy, TikTok now collects more data on its users, including their precise location, after majority ownership officially switched to a group based in the US.