Tootfinder

Adobe patches a zero-day in Acrobat DC, Reader DC, and Acrobat 2024, which hackers have been actively exploiting for at least four months (Zack Whittaker/TechCrunch)
https://techcrunch.com/2026/04/14/adobe-fixes-pdf-zero-day-sec…

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch
It's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025.

The @… community just released the latest version 4.0.1. It fixes an issue with more than 4 GPIOs enabled at the same time and other miscellaneous fixes.
Details are here: https://github.com/Pi4J/pi4j…

Does anybody have a connection at Signal who could receive some urgent app design feedback? The app has several very specific problems / limitations / design quirks that are causing major headaches for neighbor groups trying to communicate here in Minneapolis.
(I’ll eventually try to write up some feedback through normal channels so it can go through the normal user feedback pipeline — but I’m sure any fixes that arrive that way will arrive far too late to be useful to us, so I’m not even bothering now. If there’s any chance of having some issues prioritized, I’d sure appreciate it.)
[ETA: I already tagged Mer__edith, but I’m sure she’s far too busy and her mentions are far too crowded for her to give this attention]

@… This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.

I have finally figured out a way to cope with CJK scripts at work, and I've made _huge_ progress on a largely untested codebase
So of course the PMs are super change averse
"Look, I have been doing character encoding fixes since literally 2001"
"can you trust that the tests that I added are the right things"
"you do realize that the current system *doesn't work*, right?"
And each of them gets a "oh I don't know, so…

I find myself in want of an affordable way of doing regular cybersecurity scans. Anyone have anything good or bad to say about https://barrion.io/?

Don't miss today's packed Metacurity for the most critical infosec developments you should know, including
--US drops China Telecom, TP-Link router, and other data security bans before trade talks,
--Crypto-funded transactions for human trafficking soared in 2025,
--Prosecutors confirm former defense contractor exec stole and sold spy tools,
--APT hackers use Gemini AI to support all stages of an attack,
--Apple fixes zero-day exploit in sophisticated att…

US drops China Telecom, TP-Link router, and other data security bans before trade talks
Crypto-funded transactions for human trafficking soared in 2025, Prosecutors confirm former defense contractor exec stole and sold spy tools, APT hackers use Gemini AI to support all stages of an attack, Apple fixes zero day exploited in sophisticated attack, much more

Holy shit, why am I maintaining #chromium packages instead of hunting for security holes in it?!

Years ago I had a "ReworkCTF" board with 20-odd PCB layout bugs designed into it on purpose, ranging from backwards LEDs to missing vias under a BGA to inner layer differential pair swaps.
The original board had some design issues that made some of the fixes easier/harder than intended, and also ancient, I think now EOL, parts (a Spartan-3A FPGA - even if not EOL nobody wants to use one of those in 2026).
I'm hoping to do a gen 2 of the challenge soon probably based…

@… For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂

On Website Technicals (2026-03) - Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu. - https://www.earth.org.uk/note-on-site-technicals-106.html

On Website Technicals (2026-03)
Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu.

🥳 New Kitten¹ Release
Fixes:
• The `kitten.html` shorthands for plain HTMX client-side event handling of a Kitten Page’s default WebSocket lifecycle (`on:connecting`, `on:connect`, and `on:disconnect`) were generating faulty HTMX code (the Alpine.js versions, `@on:connecting`, `@on:connect`, and `@on:disconnect`, were fine). The plain HTMX versions now also generate working code.

• Replaced direct `eval` in a statement in the Kitten Introspection API to improve safet…

app/CHANGELOG.md at main
app - A web development kit that’s small, purrs, and loves you.

Don't leave for the weekend until you've checked out today's Metacurity for the most critical infosec developments you should know, including
--International operation takes down massive cybercrime proxy network SocksEscort,
--Telus probes purported ShinyHunters hack,
--Stryker cyberattack by alleged Iran-aligned hacking group continues to disrupt operations ,
--Leidos CTO John Solly ID'ed as DOGE SSA data thief,
--GAO finds gaps in CMMC program, …

International operation takes down massive cybercrime proxy network SocksEscort
Telus probes purported ShinyHunters hack, Stryker cyberattack continues to disrupt operations by alleged Iran-aligned hacking group, Leidos CTO John Solly ID'ed as DOGE SSA data thief, GAO finds gaps in CMMC program, Google issues emergency fixes for Chrome, much more

rss-tool 1.2 release adds Markdown Journals and Calendar Heatmaps Latest
Version 1.2 brings two new tools to rss-tools, major improvements to Markdown journal generation, and a broad set of fixes and robustness updates across the codebase.
#rss #atom

Release rss-tool 1.2 release adds Markdown Journals and Calendar Heatmaps · adulau/rss-tools
Release Notes — v1.2 Release date: 2026-04-06 Version 1.2 brings two new tools to rss-tools, major improvements to Markdown journal generation, and a broad set of fixes and robustness updates acros...

So about the #Kyocera #CUPS driver needing insecure #pypdf3 situation:
I guess this is not only a #NixOS problem…

RE: https://velocipederider.com/@archivetoolstracker/116060140223066168
No security fixes this time but some performance stuff and bugs fixed so might as well update.

Apples CloudKit: Entwickler berichten über Probleme
CloudKit, mit dem Apple Entwicklern eine einfache Synchronisation von App-Daten ermöglicht, scheint mit iOS 26.4 nicht mehr rundzulaufen. Fixes fehlen.
https://www.

Raiders Hope Their Latest Coaching Hire Fixes Significant OL Issue https://www.si.com/nfl/raiders/onsi/las-vegas-hope-their-latest-coaching-hire-fixes-significant-issue

Thinking about future release plans for ngscopeclient.
There have been massive performance improvements and some significant bug fixes since v0.1.1 and the ThunderScope dev edition units are going to manufacture so we'll be getting a lot of additional users in ~2 months.
But there's also a lot of ongoing backend refactoring and changes to filter graph blocks that won't be strictly backwards compatible (old filter graphs will need updating) and while I freely break sof…

from my link log —
Linux CVE assignment process.
http://www.kroah.com/log/blog/2026/02/16/linux-cve-assignment-process/
saved 2026-02-19

Linux CVE assignment process
As described previously, the Linux kernel security team does not identify or mark or announce any sort of security fixes that are made to the Linux kernel tree. So how, if the Linux kernel were to become a CVE Numbering Authority (CNA) and responsible for issuing CVEs, would the identification of security fixes happen in a way that can be done by a volunteer staff? This post goes into the process of how kernel fixes are currently automatically assigned to CVEs, and also the other “out of ba…

OpenAI agrees to acquire Promptfoo, which fixes security issues in AI systems being built and is "trusted by 25% of Fortune 500", to fold into OpenAI Frontier (OpenAI)
https://openai.com/index/openai-to-acquire-promptfoo/

The vOICe for Android 2.81 released https://play.google.com/store/apps/details?id=vOICe.vOICe Fix for view no longer tracking device orientation. Stereo sound now default enabled even w/o headphones because many modern phones feature stereo speakers. Minor bug fixes. App now r…

Someday, I will send out a Metacurity email that doesn't get clipped by Gmail for having too much information, but that day is not today.
Check out today's intensely packed Metacurity that covers a host of critical infosec developments, including
--Iran-linked hackers target critical infrastructure controls, risking disruption and sabotage,
--Anthropic's Glasswing could upend bug discovery and fixes,
--GRU-linked hackers infiltrate routers to steal email a…

Iran-linked hackers target critical infrastructure controls, risking disruption and sabotage
Anthropic's Glasswing could upend bug discovery and fixes, GRU-linked hackers infiltrate routers to steal email account passwords, Pro-Iranian group claims Chime and Pinterest cyberattacks, ICE confirms use of Paragon spyware, Hacking and spying services sold on Telegram to harass women, much more

On Website Technicals (2026-03) - Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu. - https://www.earth.org.uk/note-on-site-technicals-106.html

On Website Technicals (2026-03)
Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu...

@… Have you seen this story? https://www.phoronix.com/news/ATI-R300-Occlusion-Query-Fix Developer in Czechia working on fixing up R300…

Old ATI R300 Open-Source Driver Sees Another New Fix In 2026
The Radeon R300 series turns 24 years old this year and thanks to the open-source ATI R300 Gallium3D driver that began via reverse engineering, it's still continuing to see the occasional random fixes from the open-source community.

Chromium does weekly stable releases, and typically there are at least a few CVE fixes in a new release. Sometimes there's just one or two, but usually there's around 10-20.
The latest #chromium stable release (147.0.7727.55) has *60* CVEs. I don't know if that's LLMs being better at finding security holes or what, but that's the most I've ever seen by far.

Martin Stransky highlights some recent major achievements for #Firefox on Linux: ""HDR video playback support, reworked rendering for fractionally scaled displays, and asynchronous rendering implementation. All this progress was enabled by advances in the Wayland compositor ecosystem, with new features implemented by Mutter and KWin.
[…]
And there are even more challenge…

I just spam the Vivaldi browser update posts with pictures of my cycles because I can and nobody stops me! 🤣
https://vivaldi.com/blog/desktop/desktop-updates/minor-update-five-7-9/

Minor update (5) for Vivaldi Desktop Browser 7.9
This update includes a crash fix, a fix for Linkedin and a minor upgrade to Chromium 146 (Extended Stable Release) from upstream, which in turn includes security fixes from Chromium 147.

I added enough Linux support to picolibc to run lua; the lua test suite found a number of core picolibc bugs. This whole adventure suddenly turns out to have actual value and not just comic relief.
I now have a shell script that adapts gcc to using picolibc and have built a small number of applications including snek, nickle and lua.
exec cc -static --specs=picolibc.specs "$@"

Fixes for oslib/linux usage by keith-packard · Pull Request #1184 · picolibc/picolibc
Remove fatal meson warnings from the new scripts. Pre-1.10 meson fix. Add picolibc_linux.ld

#PhanpySocial changelog ✨
⌨️ More sequential hotkeys, g>s (Settings), g>p (Profile), g>b (Bookmarks)
💈 Redesigned poll
🛬 Redesigned landing page
🐛 Bug fixes
🔗 https://phanpy.social/…

Client told DEV the changes looks good in test, deploy.
DEV told our support person, deploy the fix.
Me? STOP, CEASE, DESIST!
1. It is a Friday and we have three special set of 'apps' running this evening. They must run tonight!
2. There were zero backups that would allow a rollback if there are problems.
3. No process defined to verify the before and after.
4. NEVER DEPLOY FIXES ON A FRIDAY UNLESS IT IS AN EMERGENCY!

Raiders Hope Their Latest Coaching Hire Fixes Significant OL Issue https://www.si.com/nfl/raiders/onsi/las-vegas-hope-their-latest-coaching-hire-fixes-significant-issue

Metacurity is the independent, non-hype, non-personality-dependent cybersecurity newsletter that delivers a daily dose of critical developments you need to know.
Check out today's issue, which covers
--CISA warns US infrastructure owners following Russian attack on Poland's power grid,
--Russia throttles Telegram accusing it of failing to protect personal data or combat crime,
--N. Korean hackers targeted crypto company with unique malware and multiple scams,…

CISA warns US infrastructure owners following Russian attack on Poland's power grid
Russia throttles Telegram accusing it of failing to protect personal data or combat crime, N. Korean hackers targeted crypto company with unique malware and multiple scams, Israel claims it foiled hundreds of Iranian cyberattacks, Microsoft issued fixes for six zero day flaws, much more

🥳 New Kitten release
Several but fixes, thanks to wunter8 (https://codeberg.org/wunter8):
• Default socket doesn't work when testing with a local mobile device (https…

wunter8
Codeberg is a non-profit community-led organization that aims to help free and open source projects prosper by giving them a safe and friendly home.

Cowboys 7-round mock draft: 5 trades net 2 vets, fixes all roster holes https://cowboyswire.usatoday.com/story/sports/nfl/cowboys/2026/03/24/cowboys-mock-draft-trade-greenard-brooks/89311325007/

After years of government cyber trouble, UK turns to automated scanning to speed fixes https://therecord.media/united-kingdom-vulnerability-scanning-cyber

Here’s a prometheus-async 26.1.0 with improved Twisted support courtesy of the Twisted Lord @… himself!
https://github.com/hynek/prometheus-async/relea…

Ugh, fare inspectors, SFPD, Bart PD, etc are all over the Mission probably because our pretty boy wants to look good on TV.
Is this what having Newsom (fixes my hair) as mayor was like?

The EU is looking for short fixes to reduce gas demand and has failed to find any.
https://www.euronews.com/my-europe/2026/03/23/eu-pushes-early-gas-refills-while-easing-storage-targets-on-iran-war
China is ex…

EU pushes early gas refills while easing storage targets on Iran war
Goal is to avoid panic buying while ensuring that EU countries' gas storage is replenished by next winter. The European Commission also told member states to refill below the 90% level set by law in 2022. #EuropeNews

Jerry Jones says the Cowboys would've made a playoff run with 'a lick of defense.' Here are five bargain fixes

https://www.cbssports.com/nfl/news/cowboys-free-agent-t…

#today there is a little urgent-ish #lifeAdmin to do, at least a little #NewScientist article splurge, and then hopefully the few lines of initial code fixes for my

If you (like me) were attempting to npm publish via GitHub Actions using `npm@latest` (currently v11.12.0) and saw an error message involving `--prefer-online` and `--prefer-offline`, reverting to npm@11.11.1 fixes the issue.
Related: https://github.com/npm/cli/issues/9133

We are happy to announce the release of MISP v2.5.36, which includes new geolocation and map visualisation capabilities, the continued development of the Overmind UI, a new interactive CLI shell UI, important security fixes, and installer improvements.
#misp #cti

just released pwdsphinx 2.0.4
includes a security fix to pwd rules breaking unlinkability - thx dnet!
also lots of improvements and fixes since last march.
pwdsphinx is a simple online #passwordmanager which has security properties that go way beyond other popular password managers offer. for more information see

One of the stupidest fixes I ever did (after two days of searching how to fix the problem).
The problem was Kobo Books iOS app opening links to book chapters inside popups, instead of jumping to the target page.
😞
#epub #kobo

I suspect that my VS Code is completely "borken" as I cannot imagine how so many people are productive using it.
1. The selection behavior I have shared earlier continues to manifest sporadically. A restart fixes it. Sometimes.
2. I can't recall any keyboard shortcuts as they don't use any historical paradigms and they are all of the place.
3. Frequently used functionality (e.g. stage changes) has no shortcuts.
I am sure this is will be unpopular opinion.
It's been my experience so far. Very frustrating and I almost gave up a few times already.

iOS 26.4 bringt bald Neuerungen: Apple geht die Problemstellen an
Von der unzuverlässigen iPhone-Tastatur über die konservative Familienfreigabe bis zu Liquid-Glass-Geblinke: Version 26.4 verspricht wichtige Fixes.

I was reading the most recent @… WIP Wednesday and saw:
There are 2 release blockers for v1.1 currently, down by 2 from last week.
If I read those two release bl…

I'm so glad I have a Linux box on my desk to MOUNT USB DRIVES because #MacOS just decides to forget how to do it (and hangs Disk Utility). The device is there! It works! It shows up in USB Prober! A reboot fixes it! WHY? Apple, you used to do USB MSC so well, what happened? It's so tiring.

I'm so glad I have a Linux box on my desk to MOUNT USB DRIVES because #MacOS just decides to forget how to do it (and hangs Disk Utility). The device is there! It works! It shows up in USB Prober! A reboot fixes it! WHY? Apple, you used to do USB MSC so well, what happened? It's so tiring.

On Website Technicals (2026-03) - Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu... - https://www.earth.org.uk/note-on-site-technicals-106.html

On Website Technicals (2026-03)
Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu...

🥳 New Kitten Release
This one fixes a bug that you would have encountered had you had an asynchronous component (component with asynchronous render method) nested more than one-level deep within synchronous components.
(Kitten’s html renderer transparently supports both synchronous and asynchronous render methods.)
So, this (taken from my unit test), for example, works correctly now:
```js
class AsynchronousOtherName extends KittenComponent {
async htm…

Oh wow, oh lol 😁

#PhanpySocial changelog ✨
📤 Allow receiving shared data with the Web Share Target API
🔐 Timeline access controls
👤 New shortcut: "Profile"
📝 "Only followings" filter for Mentions
↕️ Preliminary support for vertical-lr writing mode
🐛 Bug fixes
🔗

Phanpy
Minimalistic opinionated Mastodon web client

Although it might be hard to focus on cybersecurity today, check out today's Metacurity for a quick scan of the most critical infosec developments you should know, including
--Russia aids Iran with satellite targeting, cyber ops against Middle East infrastructure, report,
--Cyber-enabled fraud reached $17.6b in 2025,
--Hackers accessed files of Jones Day,
--Storm-1175 deploys n-day and zero day exploits,
--GPU rowhammering enters new territory,
--CISA o…

Russia aids Iran with satellite targeting, cyber ops against Middle East infrastructure, report
Cyber-enabled fraud reached $17.6b in 2025, Hackers accessed files of Jones Day, Storm-1175 deploys n-day and zero day exploits, GPU rowhammering enters new territory, CISA orders FortiClient EMS fixes, Wynn Resorts breach affected 21k+ people, Hong Kong hospital breach affected 56k patients, more

Schwer zu finden: Apple spielt Background-Security-Improvement-Update aus
Apple will mit sogenannten BSIs schneller Geräte aktualisieren, wenn es um kleinere Fixes geht. Das Problem: Die verstecken sich tief in den Einstellungen.

“Mattermost v11.3.1 contains medium to high severity level security fixes.”
and this is the weekend where I throw this piece of garbage in the bin

Court docs from a New Mexico trial reveal internal divisions at Meta as Instagram teen safety initiatives conflicted with growth and engagement goals (The Atlantic)
https://www.

How Meta Executives Talked About Child Safety Behind the Scenes
For years, employees acknowledged a problem with potential child groomers, but prioritized growth over fixes.

on my blog!
https://dotat.at/@/2026-02-24-nsnotifyd-2-4-released.html
i have released nsnotifyd-2.4
it has a new feature and some minor bug fixes
the new -S option tells nsnotifyd to send all SOA queries to a specific server
thanks to

On Website Technicals (2026-03) - Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu... - https://www.earth.org.uk/note-on-site-technicals-106.html

On Website Technicals (2026-03)
Tech updates: EOM, Mastodon share button, bug fixes, low, RSS sadness, routing snafu...

Even if you're gearing up for a monster winter storm, take the time to check out today's Metacurity for the most crucial cybersecurity developments you should know, including
--Acting CISA head got grilled on mass firings at the agency,
--EU's CIRCL launches GCVE system,
--DeFi project EVM was exploited for $6m,
--Attackers exploit patch bypass for FortiGate flaw,
--Cisco fixes Unified Communications and Webex Calling RCE flaw,
--Mass spam wave …

Acting CISA head got grilled on mass firings at the agency
EU's CIRCL launches GCVE system, DeFi project EVM was exploited for $6m, Attackers exploit patch bypass for FortiGate flaw, Cisco fixes Unified Communications and Webex Calling RCE flaw, Mass spam wave emanates from unsecured Zendesk support systems, much more

The Raiders’ O-line: A 2025 disaster that exposed deeper issues https://raiderramble.com/2026/02/03/the-raiders-o-line-a-2025-disaster-that-exposed-deeper-issues/

🥳 New Kitten¹ Release
• Fixes: Page infinitely refreshes if class does not extend `kitten.Page`
Kitten now shows a helpful error message for this authoring error.
(The issue was due to the page getting rendered without the necessary scaffolding provided by the base class for maintaining the web socket connection,. leading to Kitten thinking the socket connection had failed and triggering a reload to reestablish it.)
Full changelog of today’s updates:

app/CHANGELOG.md at main
app - A web development kit that’s small, purrs, and loves you.

20 contenders, 20 lingering weaknesses: Barnwell fixes roster holes as free agency slows down https://www.espn.com/nfl/story/_/id/48227677/2026-nfl-free-agency-barnwell-20-contenders-weaknesses-signings-trades-draft…

Don't miss today's packed Metacurity for the most critical infosec developments you need to know, including
--DOGE workers shared SSN data with outsiders, derailed DISA operations,
--UK launches national fraud reporting service,
--China blames Taiwan for cyberattacks,
--EU proposes freezing out Chinese tech suppliers,
--New Zealand launches Manage My Health breach probe,
--Curl ends its bug bounty program due to AI flood,
--Cloudflare fixes WAF…

DOGE workers shared SSN data with outsiders, derailed DISA operations
UK launches national fraud reporting service, China blames Taiwan for cyberattacks, EU proposes freezing out Chinese tech suppliers, New Zealand launches Manage My Health breach probe, Curl ends its bug bounty program due to AI flood, Cloudflare fixes WAF flaw, much more

🥳 @small-web/kitten version 6.2.2 released
This is Kitten’s type library (see https://kitten.small-web.org/tutorials/type-safety/ for a tutorial).
This release fixes a few type errors that crept in in the previous release that were stopping it from being compiled with ts…

After the launch of a UK government vulnerability monitoring service (VMS), serious security weaknesses in public sector websites have been fixed 6 times faster – cutting the average time from nearly 2 months to just over a week.
https://www.

Government cuts cyber-attack fix times by 84% and launches new profession to protect public services
The government has launched a new vulnerability monitoring service (VMS) to reduce cyber risks and speed up fixes, and a new Cyber Profession to build long-term resilience across public services.

No more half-measures for the Raiders under Klint Kubiak and John Spytek https://raiderramble.com/2026/02/16/no-more-half-measures-for-the-raiders-under-klint-kubiak-and-john-spytek/

Proper #security nightmare time.
#LMDB is a database that's designed to operate on trusted input. Upstream has historically rejected all bug reports regarding problems with malformed input.
Py-LMDB project provides #Python bindings to LMDB that are normally built against bundled LMDB. Someone recently started mass-filing "untrusted input" vulnerabilities against py-lmdb, and py-lmdb started #slop - coding fixes to their bundled LMDB. Of course, nobody even bothered reporting most of these bugs upstream, and the one that I've seen reported was rejected as "don't do that".
Py-LMDB supports building against system LMDB, and #Gentoo was doing that so far. However, now we are facing a problem: system LMDB operates under the assumption that it is working on trusted input, while py-lmdb (and its bundled LMDB) operates under the assumption that it may be working with untrusted input. The guarantees no longer align.
If we continue to use system LMDB (and skip all the added slop tests that literally cause Python to crash), then Gentoo's py-lmdb package will now have different input expectations than upstream py-lmdb. And of course we can't just remove that crap because someone added exactly one package (TorchVision, i.e. part of the plagiarism machine suite) depending on it.
https://bugs.gentoo.org/971352