Tootfinder

Kernel-Bug: Integer Overflow in Apples XNU stoppt TCP-Pakete – bei langer Uptime
49 Tage, 17 Stunden, 2 Minuten und 47 Sekunden: Nach dieser Nutzungszeit kommt es beim Mac laut Forschern zu einem Integer-Overflow. TCP-Verbindungen versagen.

Maybe this is interesting regarding AI-features, translations, Mozilla Firefox, AI hallucinations... https://bugzilla.mozilla.org/show_bug.cgi?id=2021766

Anthropic debuts a Code Review feature for Claude Code, which uses agents working in teams to check pull requests for bugs, available in research preview (David Gewirtz/ZDNET)
https://www.zdnet.com/article/claude-code-review-ai-agents-pull-request-bug-d…

This new Claude Code Review tool uses AI agents to check your pull requests for bugs - here's how
Each pull request can cost up to $25. Here's why companies might still pay to prevent catastrophic bugs.

Cybersecurity is, as they say, moving at machine speed, so don't leave for the weekend until you check out today's Metacurity for the critical infosec developments you should know, including
--Canvas chaos: ShinyHunters breach throws schools into disarray
--Firefox bug fixes soar after using Mythos,
--Virginia man found guilty of destroying government databases,
--OpenAI rolls out GPT 5.5 to vetted cyber defenders,
--PCPJack steals cloud creds while remov…

Canvas chaos: ShinyHunters breach throws schools into disarray
Firefox bug fixes soar after using Mythos, Virginia man found guilty of destroying government databases, OpenAI rolls out GPT 5.5 to vetted cyber defenders, PCPJack steals cloud creds while removing TeamPCP access, Ivanti urges patches for Endpoint Manager Mobile (EPMM) zero day bug, much more

@… any overlap with UEFI-specific boot bug 293663?
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293663>

🇺🇦 Auf radioeins läuft...
Fontaines D.C.:
🎵 Bug
#NowPlaying #FontainesDC
https://holdoholdoholdo.bandcamp.com/track/fontaines-d-c-bug-holdo-remix
https://open.spotify.com/track/0MXmiqd7zoXxv6Gqn9ahhQ

Apple throwing some time into bugs today…
• 240961: `position: relative` doesn't work as expected on table row, 26 May 2022, https://bugs.webkit.org/show_bug.cgi?id=240961
• 305719: REGRESSION (iOS 26): Datalist options obscure text input, 18 January 2026,

'Sub Zero - Refractions'(The Bug / Ghost Dubs Remixes)
https://kevinrichardmartin.bandcamp.com/album/sub-zero-refractions-the-bug-ghost-dubs-remixes

Anthropic altered the course of how security vulnerabilities are discovered, with profound implications for the bug hunting industry.
But the implications go beyond bug bounties. In the words of Jeff Williams, founder of OWASP and CTO of Contrast Security, Anthropic's Project Glasswing "threatens the whole idea that security can remain a find-and-fix afterthought. The era of the security backlog is coming to a welcome end.”
Check out my latest CSO piece.
What Anthr…

What Anthropic Glasswing reveals about the future of vulnerability discovery
A closed consortium including tech giants and top security vendors gets early access to a model Anthropic says can autonomously discover software vulnerabilities at scale. The implications for cybersecurity’s future could be significant.

Good explanation what Mythos is and what it's not, it did impressive things like finding a 27 year old bug in Open BSD. So please don't say that AI/LLMs can only reproduce their training data....A myth that won't go away. On the other hand Mythos still has many of the characteristics that make AI/LLMs problematic, it still makes mistakes, is not AGI or self-improving.

Maybe this is interesting regarding AI-features, translations, Mozilla Firefox, AI hallucinations... https://bugzilla.mozilla.org/show_bug.cgi?id=2021766

I remember one of my jobs where we had a company building an internal system for us and I kept sending emails to the team telling them ways I could break their software...
And they got annoyed...
And my boss told me to cool it, and "give them a chance!"
But my thought was since they gave (some of) us a system to test, should they not be informed of all the ways it could break?
(And no, there was no bug reporting system.)

My memory usage bug of a few weeks ago is still interesting; I mentioned then I'd saved 1.8GB; it's now at about 3GB saved - down from ~5GB to ~2GB; which is great....except that's the small test. The big example is down from 185GB to 'only' 70GB. I mean that's a really nice saving; but 70GB is still at least 65 too many.

Orange cat vs stink bug

from my link log —
Understanding systemd-resolved, split DNS, and VPN configuration.
https://blogs.gnome.org/mcatanzaro/2020/12/17/understanding-systemd-resolved-split-dns-and-vpn-configuration/
saved 2020-1…

A weekend of upstream bug fixing
First, gcc on arc believed that the 'fsrnd' instruction would be useful in implementing the C roundf function (hint, it's not). https://github.com/keith-packard/gcc/commit/152aa613852a2258062ecf7ac819e5eea263a5…

arc64: Disable incorrect "round" intrinsic · keith-packard/gcc@152aa61
The round intrinsic is supposed to match the IEEE roundToIntegralTiesAway operation, which is how the C roundf/round/roundl functions are defined). There is no arc instruction which matches those s...

On Website Technicals (2026-04) - Tech updates: per-minute Eddi tweaks, winter energy unused, Time Machine bug, hysteresis, virtual plug-in solar... - https://www.earth.org.uk/note-on-site-technicals-107.html

On Website Technicals (2026-04)
Tech updates: per-minute Eddi tweaks, winter energy unused, Time Machine bug, hysteresis, virtual plug-in solar...

The vOICe for Android 2.81 released https://play.google.com/store/apps/details?id=vOICe.vOICe Fix for view no longer tracking device orientation. Stereo sound now default enabled even w/o headphones because many modern phones feature stereo speakers. Minor bug fixes. App now r…

OpenAI startet Bug-Bounty-Programm für Bio-Sicherheit
OpenAI startet ein Bug-Bounty-Programm, um Schwachstellen in den Biosicherheits-Safeguards von ChatGPT 5.5 zu finden.
https://www.he…

OpenAI startet Bug-Bounty-Programm für Bio-Sicherheit
OpenAI startet ein Bug-Bounty-Programm, um Schwachstellen in den Biosicherheits-Safeguards von ChatGPT 5.5 zu finden.

Someday, I will send out a Metacurity email that doesn't get clipped by Gmail for having too much information, but that day is not today.
Check out today's intensely packed Metacurity that covers a host of critical infosec developments, including
--Iran-linked hackers target critical infrastructure controls, risking disruption and sabotage,
--Anthropic's Glasswing could upend bug discovery and fixes,
--GRU-linked hackers infiltrate routers to steal email a…

Iran-linked hackers target critical infrastructure controls, risking disruption and sabotage
Anthropic's Glasswing could upend bug discovery and fixes, GRU-linked hackers infiltrate routers to steal email account passwords, Pro-Iranian group claims Chime and Pinterest cyberattacks, ICE confirms use of Paragon spyware, Hacking and spying services sold on Telegram to harass women, much more

Mozilla says Anthropic's Mythos Preview and other AI models helped it identify and ship 423 Firefox security bug fixes in April, compared to 31 a year earlier (Russell Brandom/TechCrunch)
https://techcrunch.com/2026/05/07/how-anth…

How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity | TechCrunch
Security researchers at Mozilla say Anthropic's Mythos has unearthed a wealth of high-severity bugs in Firefox.

Not proud or satisfied about this bug fix as I had to use ChatGPT in the end.
https://github.com/shanmukhateja/gitraven/pull/1
The fix was computing `objFullPath` over each iteration and then use it when computing absolute path for a tree node.

OK, I have a horrible bug in `read`, which seems to be looping on the first character after a left parenthesis -- and I can't see why. But I got only four hours sleep last night and I am not taking enough care of my body, so it's time to stop work for the day, have a bath, and rest.
(Yes, I have voted).
#SelfCare

watchOS 26.5: Apple behebt SMS-Bug bei Dual-SIM und Training-Hinweisen
Apple hat den Release Candidate von watchOS 26.5 veröffentlicht. Das Update behebt zwei Fehler bei Dual-SIM-iPhones und Training-Alerts.

Apple Watch: Zwei nervige Bugs verschwinden mit watchOS 26.5
Apple hat den Release Candidate von watchOS 26.5 veröffentlicht. Das Update behebt zwei Fehler bei Dual-SIM-iPhones und Training-Alerts.

Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”
https://arstechnica.com/information-technology/2026/05/mozilla-says-271-vulnerabilities-found-by-mythos-have-almost-no-fa…

Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
The developer of Firefox says it has "completely bought in" on AI-assisted bug discovery.

I think that I have just programmed myself 25% of (the generation of) a virtual #plugInSolar system by tweaking ther power management of my off-grid system:
https://www.earth.org.uk/note-on-site-tech

On Website Technicals (2026-04)
Tech updates: per-minute Eddi tweaks, winter energy unused, Time Machine bug, hysteresis, virtual plug-in solar...

It’s been a long weekend…
working with a colleague to do some hardware refresh.
I despise hardware.
I’ve spent most of the last 4 hours fighting an anaconda (EL installer, not hot AI whatever) bug that is basically undebuggable. Alma 9.6 doesn’t work like Alma 9.5 did, but crashes instead when I try to do my ideal disk layout…
OK, I was going to be updating anyway, grab a 9.7 image.
NOPE, same bug.
getting 9.5 from the vault…

272902 – Security: allow passphrases for WPA-EAP to be saved without using clear text
<#FreeBSD

No bugs. Duh.
Drivers help study road-trip mystery: what became of bug splats?
https://phys.org/news/2026-04-drivers-road-mystery-bug-splats.html

@… bug buddies!! https://bugzilla.mozilla.org/show_bug.cgi?id=1438567

Although we didn’t make it into the final article, we appreciate being referenced in the sources. The article of @… on #Y2k38 is well worth reading:

weird bug of the day. opening Steam's settings causes my bluetooth mouse to stop working. log messages seem to indicate the bluetooth driver gets into some state where it continually fails to process the mouse's messages, persists until I reboot. (aurora-dx linux, based on fedora 43). not going to bother diagnosing further

RE: https://mastodon.gamedev.place/@aeva/116526002579057799
First professional bug I ever found was an XML bomb. My first day, my manager is like, "oh yeah, so this is XML. We've been testing, you can hop on and throw some stuff at it. See what you can do."
I crashed the test environment with an XML bomb on a Friday evening.

Wow, this image from Firefox visually shows the power of Mythos's bug-sniffing capabilities.
https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/

funny thought: if you run an immutable system, a villain with a kernel bug can do whatever the hell they want, but the admin can’t

On Website Technicals (2026-03) - Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu. - https://www.earth.org.uk/note-on-site-technicals-106.html

On Website Technicals (2026-03)
Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu...

Noch ein paar der zuletzt hier besonders häufig geteilten #News:
OpenAI startet Bug-Bounty-Programm für Bio-Sicherheit
htt…

OpenAI startet Bug-Bounty-Programm für Bio-Sicherheit
OpenAI startet ein Bug-Bounty-Programm, um Schwachstellen in den Biosicherheits-Safeguards von ChatGPT 5.5 zu finden.

Steve Bourne is internationally known for his work on the UNIX operating system.
During his career he spent 20 years in senior engineering management positions at computer systems and networking companies.
These included Cisco Systems, Sun Microsystems, Digital Equipment and Silicon Graphics.
Since 2000 he has been Chief Technology Officer at El Dorado Ventures (now Rally Ventures) in Menlo Park, California
Upcoming
The Design of Unix Shell, Stephen R. Bourne
…

🇺🇦 #NowPlaying on #BBC6Music's #TheBBCIntroducingMixtape
Wax Head:
🎵 Bug Doctor
#WaxHead
#newRelease 🆕 single
https://waxhead1.bandcamp.com/track/bug-doctor
https://open.spotify.com/track/50lVuRoIw1cmIQRRpFErRw

A bug in popular cPanel, WHM, and WP Squared software has reportedly been exploited since Feb.; CISA it gives a 9.8 CVSS score, tells agencies to patch by May 3 (Jonathan Greig/The Record)
https://therecord.media/cisa-orders-federal-agencies-to-patch-cpanel-bug

Federal agencies must patch cPanel bug by Sunday, CISA says
Incident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.”

@… thanks.
Not directly related, a review of <https://bugs.kde.org/show_bug.cgi?id=484259> may be timely:
― Auto login behaviour has X11 session s…

🇺🇦 #NowPlaying on KEXP's #Audioasis
Amy Beth and Thee Creeps:
🎵 I'm a Bug
#AmyBethandTheeCreeps
https://chaputarecords.bandcamp.com/track/im-a-bug-2
https://open.spotify.com/track/0S9VBQvt9yF3ielRxsERZP

Oof. Time to shut down #apache on the one server I still run it on for a few hours until this gets updated.. #debian https://bugs.debian.org/1135737…

Apple Fixes Bug That Let FBI Extract Deleted Signal Messages After 404 Media Coverage https://www.404media.co/apple-fixes-bug-that-let-fbi-extract-deleted-signal-messages-after-404-media-coverage/

Why keyboard shortcuts so complicated 😅
Bug: https://github.com/cheeaun/phanpy/issues/1465
Possible fix on react-hotkeys-hook, but reverted because it causes bug for other keys:

Google Raises Top Android Bug Bounty to $1.5 Million to Combat AI-Era Threats
https://hothardware.com/news/google-android-bug-bounty-1-point-5-million-ai-era-threats

We need id for vulnerabilities on online services. Documenting is critical.
#cybersecurity #vulnerability

Microsoft says bug causes Copilot to summarize confidential emails
Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.

🇺🇦 Auf radioeins läuft...
Fontaines D.C.:
🎵 Bug
#NowPlaying #FontainesDC
https://holdoholdoholdo.bandcamp.com/track/fontaines-d-c-bug-holdo-remix
https://open.spotify.com/track/0MXmiqd7zoXxv6Gqn9ahhQ

Hackers are still exploiting the cPanel bug to gain control of thousands of websites
https://techcrunch.com/2026/05/04/hackers-are-still-exploiting-the-cpanel-bug-to-gain-control-of-thousands-of-websites/

Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites | TechCrunch
Days after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers are now targeting and hacking thousands of vulnerable websites.

@… video group membership is certainly not required to start X.
#FreeBSD #documentation

1. Do random changes to cython-test-exception-raiser, and commit them as "initial code".
2. Move the extension module from the package directory into top-level "raiser.*.so", for no apparent reason.
3. Switch to CalVer, so that #Twisted newer upgrades to the new releases (it pins to <2).
4. I file a bug, because I'd like to finally remove the old version from #Gentoo.
#Python

Ugh!
Just noticed a bug in @… - when you put stuff in a list and activate the "hide members in home" toggle, you expect stuff to be hidden from the home feed. Yet, it's not. It's all displayed.
#mastodon

If you're using #gnupg with a keyserver for "gpg --refresh-keys" and you're running into the bug of getting aborted with "No data", this script is a good workaround for updating your keys of a single email domain using a (organization) key server:

🥳 New Kitten Release
This one fixes a bug that you would have encountered had you had an asynchronous component (component with asynchronous render method) nested more than one-level deep within synchronous components.
(Kitten’s html renderer transparently supports both synchronous and asynchronous render methods.)
So, this (taken from my unit test), for example, works correctly now:
```js
class AsynchronousOtherName extends KittenComponent {
async htm…

RE: https://mastodon.bsd.cafe/@grahamperrin/116155254526138460
FreeBSD-CURRENT testing with real hardware blocked by <

#Jellyfin for #Roku 3.1.7 is scheduled for release tomorrow, Mar 4, 2026 5:00 PM PT
This is a fast-follow to fix a crash bug when cinema mode is enabled.

Fun bug of the day I need to chase once I finish some $dayjob stuff: same ngscopeclient binary, same scopesession decoding 100baseT1. Same Xeon 8362 so CPU feature flags are no factor.
On an nvidia 3070 in the lab it works flawlessly.
On the amd 9700 i just put in my office workstation the 100baseT1 scrambler consistently fails to lock and I get no decode, but the eye patterns look fine so it's not failing too badly.
If i run on live streaming data from the thunderscope…

New dilemma: Facebook Messenger has just added Meta AI and I have no need to bomb schools or hospitals, but my children and all the local musicians I play with flatly refuse to use another method. 😔
And yes, I checked. A bug is a feature you cannot turn off.
In the AI Apocalypse, no one cares if you scream. It's not unusual. Folks are screaming everywhere.

🇺🇦 #NowPlaying on KEXP's #Audioasis
Amy Beth and Thee Creeps:
🎵 I'm a Bug
#AmyBethandTheeCreeps
https://chaputarecords.bandcamp.com/track/im-a-bug-2
https://open.spotify.com/track/0S9VBQvt9yF3ielRxsERZP
Please 🔁 BOOST to share what you like
- your followers don't see if you ⭐ favourite a post

Ich bin der Edge-Case… *bug report schreib*

3am on a public holiday is a good time for posting bug reproducers...
https://github.com/kube-rs/envtest/issues/58

listing resources often gets 429 "storage is (re)initializing" errors in envtest · Issue #58 · kube-rs/envtest
Just for tracking/understading, here are the rough details now; I'll add a reproducer later. I have a controller with a reconciler operating on CRDs from Envoy Gateway and Kubernetes Gateway. Rust ...

Today's Mastodon bug, images don't load for me at all (not even my own) but I can upload images and other people see them fine.

Security — 15 comment bubble on white
Cryptographers engage in war of words over RustSec bug reports and subsequent ban
Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much
🦀 https://www.theregister.com/2026/03/20/cry

Cryptographers engage in war of words over RustSec bug reports and subsequent ban
: Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much

OK, Beowulf bug. Both EVAL and APPLY in Beowulf are straight transcriptions of the mexprs on pages 70 and 71 of the #Lisp 1.5 Porgammer's Manual.
CONC is the only FEXPR I have implemented so far (and one of only three FEXPRs in the manual).
The unit test for CONC fails, because EVLIS is called on the argument list by EVAL (line 20 on page 71) before it reaches APPLY, and therefore b…

16-year-old Safari bug to ignore `text-transform` on text copy:
https://bugs.webkit.org/show_bug.cgi?id=43202
Today, there’s a PR to address it:

Apple fixes bug that cops used to extract deleted chat messages from iPhones
Apple released a software update on Wednesday for iPhones and iPads fixing a bug that allowed law enforcement to extract messages that had been deleted or disappeared automatically from messaging apps.
This was because notifications that displayed the messages’ content were also cached on the device for up to a month.
In a security notice on its website, Apple said that the bug meant “notification…

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.

Apple fixes a bug that stored notifications for deleted messages on iPhone and iPad, following a report that police used it to extract deleted Signal messages (Lorenzo Franceschi-Bicchierai/TechCrunch)
https://techcrunch.com/2026/04/22/appl

Apple fixes bug that cops used to extract deleted chat messages from iPhones | TechCrunch
The iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app.

{OT] One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable https://cybernews.com/security/critical-linux-kernel-bug-grants-root-privileges/

@… you're not an idiot 🙂 I think you helped me to discover a bug:
<https://github.com/freebsd/pkg/issues/2671>
– and if that bug is invalid, then I'…

🇺🇦 #NowPlaying on #BBC6Music's #RileyAndCoe
The Bug Club:
🎵 Yours (If You Want Me)
#TheBugClub
https://thebugclub.bandcamp.com/track/yours-if-you-want-me
https://open.spotify.com/track/2sCsGYw2166yuq80w1qRXq

lol a conversation I just had w/ a friend
[here's that MR: https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/268 ]

Finally a package where I can't suspect the author of vibecoding!
"""
Version: 2026.3.32
Fixed segfault.
Version: 2026.3.31
Fixed bug again.
Version: 2026.3.30
Fixed bug.
"""
https://github.com/mrabarnett/mrab-regex/blob/5d51c75da03116e08bb6fb537fae6d8c804cc92c/changelog.txt
(It's also a horribly bad package, with tons of unmaintainable code, heavily relying on CPython internals.)

On Website Technicals (2026-04) - Tech updates: per-minute Eddi tweaks, Time Machine bug, virtual plug-in solar, merit order, intensity forecast, USB power wrangling, greed, BibTeX URLs... - https://www.earth.org.uk/note-on-site-technicals-107.html

On Website Technicals (2026-04)
Tech updates: per-minute Eddi tweaks, Time Machine bug, virtual plug-in solar, merit order, intensity forecast, USB power wrangling, greed, BibTeX URLs...

"Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real."
https://www.theregister.com/2026/03/26/gre…

AI bug reports went from junk to legit overnight, says Linux kernel czar
Interview: Greg Kroah-Hartman can't explain the inflection point, but it's not slowing down or going away

Fed agencies ordered to patch Dell bug by Saturday after exploitation warning https://therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning

Update 26.3.1 für visionOS behebt Fehler
Knapp zwei Wochen nach visionOS 26.3 legt Apple eine kleinere Aktualisierung vor. Sie behebt einen kürzlich ermittelten Bug, der recht speziell ist.
https://www.

@… oh, then I misread: BUG ENEMIES 😅

#heiseshow: KI auf Bug-Suche, Kernkraft-Comeback, Homeoffice in der Energiekrise
In der #heiseshow: KI findet Firefox-Bugs schneller als Menschen, von der Leyen bereut den Atomausstieg und Homeoffice als Reaktion auf Energiekrisen.

You know those bugs where you go look at the code and wonder "how the heck did this work in the first place"?
Yeah, this is one of them.
https://github.com/ngscopeclient/scopehal/commit/a5f616ae9535c15a9eda2c04840cf63580adfafe

IQDemuxFilterAlignment: fixed indexing bug that somehow still usually… · ngscopeclient/scopehal@a5f616a
… gave correct results on nvidia but failed horribly on AMD

"It places page cache pages in a writable scatterlist, separated from the legitimate write region by nothing more than an offset boundary. The design assumes every AEAD algorithm will confine its writes to the intended destination, but nothing in the API enforces this, and nothing documents it as a requirement.
Unfortunately, one AEAD algorithm breaks this silent invariant."
"No other standard AEAD algorithm in the kernel [uses memory that doesn't belong to it as a scratch pad]. GCM, CCM, and regular authenc all confine their writes to the legitimate output area. authencesn alone writes past the boundary."
I'm actually amazed that there's only one bug here. Somehow almost everyone just managed to do the right thing, despite no mechanism enforcing it and no documentation describing it. That's just amazing. It's a testament to the skill of those developers, despite an incredibly bad design.
#copyfail

On Website Technicals (2024-04) - Tech updates: ORCID, RSS work storage, podcast images, transcripts, Apache 2.4 ETag bug, 406 and more 429, less AMP, cacheing tweaks. - https://m.earth.org.uk/note-on-site-technicals-83.html

On Website Technicals (2024-04)
Tech updates: ORCID, RSS work storage, podcast images, transcripts, Apache 2.4 ETag bug, 406 and more 429, less AMP, cacheing tweaks.

Happy Saturday! Metacurity is proud to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection covers
--The college kid who discovered the Kimwolf botnet,
--US AI build-out is dependent on Chinese-made electrical equipment,
--AI agent traps are the next big security challenge,
--AI bug discovery tilts the field toward attacke…

Best infosec-related long reads for the week of 3/28/26
The college kid who discovered the Kimwolf botnet, US AI build-out is dependent on Chinese-made electrical equipment, AI agent traps are the next big security challenge, AI bug discovery tilts the field toward attackers, Privatized offensive warfare could fuel a cyber arms race

@… this bug?
287569 – bsdinstall: restarting installation: Error: No disk(s) present to configure — <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=2…

🇺🇦 #NowPlaying on KEXP's #VarietyMix
A Tribe Called Quest:
🎵 Buggin’ Out
#ATribeCalledQuest
https://illvibe.bandcamp.com/track/buggin-out-a-tribe-called-quest
https://open.spotify.com/track/6GAemDMWAXa8wZOBkO1gar

🇺🇦 #NowPlaying on #BBC6Music's #RileyAndCoe
Damaged Bug:
🎵 End Of The War
#DamagedBug
#newRelease 🆕 single
https://damagedbug.bandcamp.com/track/end-of-the-war
https://open.spotify.com/track/6d3tASd0yeKa22kyYNieDi

Cisco warns of critical SD-WAN bug that was actively exploited in zero-day attacks since 2023, as CISA and international partners issue emergency directives (Lawrence Abrams/BleepingComputer)
https://www.bleepingcomputer.com/news/secu

1. Submit a pull request to #zlib that changes the library filename on #Windows.
2. Pull request gets merged, and you effectively break everything that linked dynamically to zlib.
3. Attack everyone who reported this as a bug.
#OpenSource

Microsoft says bug causes Copilot to summarize confidential emails
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/

Microsoft says bug causes Copilot to summarize confidential emails
Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.

CDash experiments update: Provisioned a VM (not yet reachable from the outside world) to tinker with it since it's been 10 years since I last used the platform.
How it's going so far: ran into https://github.com/Kitware/CDash/issues/3122
They're using npm and a who…

@… privately
I didn't make you a cc recipient, but FYI:
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294221>
(I no…

🇺🇦 #NowPlaying on #BBC6Music's #RileyAndCoe
Damaged Bug:
🎵 OVER-EXPOSED
#DamagedBug
#newRelease 🆕 single
https://damagedbug.bandcamp.com/track/over-exposed
https://open.spotify.com/track/07NP9mrUoNvXWKPIbY4Mld

@… confirmed:
– the bug is reproducible without the desktop script.
#FreeBSD #bug

On Website Technicals (2026-03) - Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu... - https://www.earth.org.uk/note-on-site-technicals-106.html

On Website Technicals (2026-03)
Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu...

To help defenders prioritize patches amid the coming onslaught of bug reports, Anthropic recommends that they rely on a vulnerability framework known as the Exploit Prediction Scoring System (EPSS).
Check out my latest CSO piece on how EPSS works.
Many thanks to Michael Roytman and Ed Bellis of Empirical Security, James Robinson of Netskope, Aaron Weismann of Main Line Health, and Ramy Houssaini of Cloudflare for their insight.
Anthropic bets on EPSS for the coming bug surg…

Anthropic bets on EPSS for the coming bug surge
As Anthropic’s Mythos signals a shift to unprecedented machine-speed vulnerability discovery, EPSS is gaining renewed attention to prioritize the coming waves of reports.

Adobe patches a zero-day in Acrobat DC, Reader DC, and Acrobat 2024, which hackers have been actively exploiting for at least four months (Zack Whittaker/TechCrunch)
https://techcrunch.com/2026/04/14/adobe-fixes-pdf-zero-day-sec…

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch
It's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025.

@… @…
<https://bugs.fr…

Microsoft confirms a bug that let Microsoft 365 Copilot summarize confidential emails from Sent Items and Drafts folders, and deployed a fix in early February (Sergiu Gatlan/BleepingComputer)
https://www.bleepingcomputer.com/news/micr

Don't miss today's Metacurity which is jam-packed with a host of intense cybersecurity developments, including
--Texas AG sues TP-Link, saying it allowed the CCP to hack routers,
--A hacker gained access to a French national bank database with 1.2m accounts,
--Microsoft 365 Copilot bug summarized confidential emails,
--DEF CON bans Epstein's hacking associates,
--Deutsche Bahn operations disrupted by cyberattack,
--Polish army bans Chinese cars,…

Texas AG sues TP-Link, saying it allowed the CCP to hack routers
A hacker gained access to a French national bank database with 1.2m accounts, Microsoft 365 Copilot bug summarized confidential emails, DEF CON bans Epstein's hacking associates, Deutsche Bahn operations disrupted by cyberattack, Polish army bans Chinese cars, much more