Tootfinder

Mahomes-Allen Part X will expose fatal flaws for both contenders ahead of NFL's trade deadline

https://www.cbssports.com/nfl/news/mahomes-allen-part-x-will-expos…

Why the Raiders' Flaws are Fatal https://www.si.com/nfl/raiders/onsi/las-vegas-why-flaws-are-fatal

Security researcher fumes at low macOS bug bounty awards
https://appleinsider.com/articles/25/12/02/security-researcher-fumes-at-low-macos-bug-bounty-awards

Security researcher fumes at low macOS bug bounty awards | AppleInsider
A security researcher has complained about reduced payments from discovered macOS flaws by Apple's bug bounty program, despite Apple raising the maximum for more high-profile rewards.

I usually find year-end top stories round-ups to be insipid and mediocre at best, but this one by @… is first-rate.
https://www.

The biggest cybersecurity and cyberattack stories of 2025
2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories of 2025.

"strncpy() is a weird function with a crappy API."
good thing I don't do C 🙃
Seriously though - projects defining their own strc(o)py do mean flaws in a standard library.
https://daniel.haxx.se/blog/2025/12/29/no-strcpy-either/

no strcpy either
Some time ago I mentioned that we went through the curl source code and eventually got rid of all strncpy() calls. strncpy() is a weird function with a crappy API. It might not null terminate the destination and it pads the target buffer with zeroes. Quite frankly, most code bases are probably better off completely … Continue reading no strcpy either →

Review of Samsung's Galaxy Z TriFold: sturdy but poor camera performance and has some unique design flaws that make it even less polished than regular foldables (Vlad Savov/Bloomberg)
https://www.bloomberg.com/news/features/20

Clover Security, whose AI agents plug into developer platforms like GitHub to predict and detect security flaws, raised $36M led by Notable Capital and Team8 (Sam Sabin/Axios)
https://www.axios.com/2025/11/25/clover-security-funding-wiz-crowdstrike-no…

Exclusive: Wiz founders back AI security agent startup
Clover Security provides agentic tools that help companies embed security throughout their products and ensure that their products remain secure during their lifecycle.

RE: https://mastodon.social/@sil/115683600028649718
This. And yet: looking at its context, it was _shipped_ soon after that prototype period, renamed to 'java'script to tack on to the zeitgeist, and built as a glue language without basic debugging. Some of the mistakes persist!
But it did in fact turn into a reasonable language that's fully developed. Not without deep flaws, but most real systems have deep flaws. The _way_ the half-assing plays out matters a lot.

An identity crisis in Philadelphia: Eagles' offense showing major flaws, can Philly fix them?

https://www.cbssports.com/nfl/news/eagles-offense-showing-major-flaws-can-they-…

Yikes, so much cybersecurity news, so little time. Check out today's Metacurity for the most crucial developments you should know, including
--SpaceX pulls the plug on 2,000 Myanmar scam compounds' Starlink devices,
--PhantomCaptcha phishing campaign targeted critical Ukraine orgs,
--OpenAI is laid back on Atlas prompt injection flaws,
--Ransomware cases soar in Japan,
--N. Korean hackers have pilfered billions according to monitors,
--N. Korean ha…

SpaceX pulls the plug on 2,000+ Myanmar scam compounds' Starlink devices
PhantomCaptcha phishing campaign targeted critical Ukraine orgs, OpenAI is laid back on Atlas prompt injection flaws, Ransomware cases soar in Japan, N. Korean hackers have pilfered billions according to monitors, N. Korean hackers target drone makers, LG Uplus reports breach, much more

@… seems like it’s not *quite* baseline yet (for the flaws baseline has, seems useful to note here)

Apple and Google have released several software updates
to protect against a hacking campaign targeting an unknown number of their users.
On Wednesday, Google released patches for a handful of security bugs in its Chrome browser,
-- noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. 
Unusually for Google, the company provided no further details at the time.  But on Friday, Google updated the page to say that t…

Google and Apple roll out emergency security updates after zero-day attacks | TechCrunch
Apple released patches for all of its flagship devices to fix security flaws under attack. Google also updated Chrome to remediate one vulnerability exploited in the attacks.

Cowboys' biggest flaws exposed in loss to Lions. How do they fix them? https://www.nytimes.com/athletic/6867805/2025/12/08/cowboys-biggest-concerns-pass-rush-secondary/

«Milei has dashed his ship of state against the rocks, quite simply, because he followed the cracked compass called libertarianism. Libertarianism doesn’t work. Its core assumptions aren’t true. It’s the intellectual equivalent of huffing paint. But the pro-capitalist press outside #Argentina, for their part, ignored Milei’s obvious flaws and hyped him up because they wanted him to be the real deal.»
The article shows how other countries want to run off that cliff too…
https://www.currentaffairs.org/news/this-is-why-you-dont-let-libertarians-run-your-country

Fatal Flaws Are on the Verge of Ruining Raiders' Season https://www.si.com/nfl/raiders/las-vegas-geno-smith-pete-carroll-chip-kelly-patrick-mahomes

Ravens still have a path to the playoffs, but Baltimore's flaws are putting John Harbaugh's future in question

https://www.cbssports.com/nfl/news/ravens-playoff-c…

WaPo says it was impacted by a series of breaches involving Oracle's E-Business Suite, whose flaws were exploited by a ransomware gang (Jake Bleiberg/Bloomberg)
https://www.bloomberg.com/news/articles/2025-11-06/washington-…

This has only happened once before, but today I have two big stories appearing in two publications.
The first, an exclusive which just kind of dropped in my lap, is my latest CSO piece, which reports that foreign threat actors infiltrated the Kansas City National Security Campus (KCNSC), a manufacturing facility that produces roughly 80% of the non-nuclear parts in the nation’s nuclear weapons stockpile.
Experts say this incident underscores the need to protect operational techn…

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions about the need to solidify further federal IT/OT security protections.

Before you head out for the weekend, check out today's Metacurity for the most critical infosec developments you should know, including
--Chinese state hackers used Anthropic to automate cyber intrusions,
--UK MoD knew of Excel's security risks before Afghan data leak,
--NHS investigates Clop's attack claims,
--ASUS patches DSL router critical flaws,
--DoorDash reveals October security incident,
--US feds warn of Akira's expanded encryption …

Chinese state hackers used Anthropic to automate cyber intrusions
UK MoD knew of Excel's security risks before Afghan data leak, NHS investigates Clop's attack claims, ASUS patches DSL router critical flaws, DoorDash reveals October security incident, US feds warn of Akira's expanded encryption capabilities, Kraken is testing how fast it can encrypt, much more

US cybersecurity company F5 discloses a cyberattack in August by suspected nation-state hackers that stole undisclosed BIG-IP vulnerabilities and source code (Bill Toulas/BleepingComputer)
https://www.bleepingcomputer.com/news/securi…

Attribution-by-design: Ensuring Inference-Time Provenance in Generative Music Systems
Fabio Morreale, Wiebke Hutiri, Joan Serr\`a, Alice Xiang, Yuki Mitsufuji
https://arxiv.org/abs/2510.08062

Attribution-by-design: Ensuring Inference-Time Provenance in Generative Music Systems
The rise of AI-generated music is diluting royalty pools and revealing structural flaws in existing remuneration frameworks, challenging the well-established artist compensation systems in the music industry. Existing compensation solutions, such as piecemeal licensing agreements, lack scalability and technical rigour, while current data attribution mechanisms provide only uncertain estimates and are rarely implemented in practice. This paper introduces a framework for a generative music infras…

Scarce Data, Noisy Inferences, and Overfitting: The Hidden Flaws in Ecological Dynamics Modelling
Mario Castro, Rafael Vida, Javier Galeano, Jos\'e A. Cuesta
https://arxiv.org/abs/2510.03718

Scarce Data, Noisy Inferences, and Overfitting: The Hidden Flaws in Ecological Dynamics Modelling
Metagenomic data has significantly advanced microbiome research by employing ecological models, particularly in personalised medicine. The generalised Lotka-Volterra (gLV) model is commonly used to understand microbial interactions and predict ecosystem dynamics. However, gLV models often fail to capture complex interactions, especially when data is limited or noisy. This study critically assesses the effectiveness of gLV and similar models using Bayesian inference and a model reduction method …

Only one day left in a very news-heavy work week, so don't miss today's Metacurity for the crucial cybersecurity news you should know, including
--Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium,
--DC US Attorney launches investigation into crypto scams,
--APT exploited Citrix Bleed2 flaws in Cisco ISE,
--CISA orders patching of Cisco ASA and Firepower devices,
--Extremist group 764 member faces charges related to online child exploitatio…

Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium
DC US Attorney launches investigation into crypto scams, APT exploited Citrix Bleed2 flaws in Cisco ISE, CISA orders patching of Cisco ASA and Firepower devices, Extremist group 764 member faces charges related to online child exploitation, Musk fumbles X security key switchover, much more

Bills' lack of playmakers among 5 glaring flaws for NFL contenders https://www.nytimes.com/athletic/6802241/2025/11/13/nfl-trends-week-11-contenders-concerns-bills-steelers-colts/

🇺🇦 #NowPlaying on #BBC6Music's #AmyLamé
Les Amazones d’Afrique:
🎵 Flaws (6 Music Session, 4 Feb 2024)
#LesAmazonesdAfrique
https://lesamazonesdafrique.bandcamp.com/track/flaws-feat-mamani-ke-ta-fafa-ruffino
https://open.spotify.com/track/3AH8RIK78cByIoR211KTY3

Putting the Raiders' Struggles into Eye-Popping Perspective https://www.si.com/nfl/raiders/onsi/las-vegas-struggles-into-eye-popping-perspective

It is "easy for stalkers and the company itself to track the location of Tile devices." We need standards for these things. The @… has suggestions, which Apple, Google, and Samsung are adopting, but not Life360 (Tile).

Tile’s Lack of Encryption Is a Danger for Users Everywhere
In research shared with Wired this week, security researchers detailed a series of vulnerabilities and design flaws with Life360’s Tile Bluetooth trackers that make it easy for stalkers and the company itself to track the location of Tile devices.Tile trackers are small Bluetooth trackers, similar...

Crosslisted article(s) found for physics.bio-ph. https://arxiv.org/list/physics.bio-ph/new
[1/1]:
- Scarce Data, Noisy Inferences, and Overfitting: The Hidden Flaws in Ecological Dynamics Modelling
Mario Castro, Rafael Vida, Javier Galeano, Jos\'e A. Cuesta

Google says Cl0p hackers who exploited vulnerabilities in Oracle's E-Business Suite have stolen data from "dozens" of organizations since at least July 10 (Zack Whittaker/TechCrunch)
https://techcrunch.com/2025/10/09/dozens-of-o…

‘Dozens’ of organizations had data stolen in Oracle-linked hacks | TechCrunch
The mass-hacks targeting Oracle E-Business customers is the latest hacking campaign by Clop, an extortion group known for abusing security flaws in enterprise products to steal large amounts of sensitive data.

So much happened over the weekend, so check out today's Metacurity for the most critical infosec developments you might have missed, including
--Hackers who stole trove of sensitive UPenn data derides 'dog**** elitist institution',
--LLM giants are trying to stop indirect prompt injection attacks,
--Oz government warns of Cisco IOS XE flaws,
--Polish authorities probe cyberattack on online loan platform,
--Chinese President Xi Jinping joked about smar…

Hackers who stole trove of sensitive UPenn data derides 'dog**** elitist institution'
LLM giants are trying to stop indirect prompt injection attacks, Oz government warns of Cisco IOS XE flaws, Polish authorities probe cyberattack on online loan platform, Chinese President Xi Jinping joked about smartphone backdoors, Shiba Inu implements massive security upgrade, much more

Every day is a big cyber news day, so don't miss today's Metacurity for the most critical infosec developments you should know, including
--Twin brother hackers arrested for US government hacking, data destruction spree,
--GRU cyber ops sanctioned into Skripal poisoning inquiry,
--Defenders scramble to patch React Server Components' critical flaws,
--AI agents match human attackers in smart contract exploits,
--AZ Atty. General sues Temu for customer …

Twin brother hackers arrested for US government hacking, data destruction spree
GRU cyber ops sanctioned into Skripal poisoning inquiry, Defenders scramble to patch React Server Components' critical flaws, AI agents match human attackers in smart contract exploits, AZ Atty. General sues Temu for customer data theft, Threat intel experts recorded DPRK IT recruiters, much more

React discloses an unauthenticated remote code execution flaw in React Server Components; Wiz says 39% of cloud environments contain vulnerable instances (The Hacker News)
https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions now.

Check out today's packed Metacurity for the most critical infosec developments you should know, including
--Venezuela's state-run oil company PDVSA was hit by a cyberattack,
--Coupang's founder failed to show at parliamentary hearing,
--Vast majority of parked domains foist scams and malware,
--FTC orders Nomad to pay victims after hackers stole cryptocurrency,
--noyb alleges data exposure by TikTok, Grindr and AppFlyer,
--Hackers exploit critica…

Venezuela's state-run oil company PDVSA was hit by a cyberattack
Coupang's founder didn't show at parliamentary hearing, Majority of parked domains foist scams and malware, FTC orders Nomad to pay victims after hackers stole cryptocurrency, noyb alleges data exposure by TikTok, Grindr and AppFlyer, Hackers exploit critical flaws in Fortinet products, much more

Man, today's Metacurity is packed with tons of critical infosec developments you should know, including
--Google sues Chinese smishing giant Lighthouse Enterprise for scams across 120 countries,
--UK proposes new cyberattack defenses,
--UK to allow tests of AI systems to gauge CSAM potential,
--Oz spy chief says China probed country's telecom networks,
--China blames US gov't for $13B LuBian theft,
--Google unveils Private AI Compute,
--M…

Google sues Chinese smishing giant Lighthouse Enterprise for scams across 120 countries
UK proposes new cyberattack defenses, UK to allow tests of AI systems to gauge CSAM potential, Oz spy chief says China probed country's telecom networks, China blames US gov't for $13b LuBian theft, Google unveils Private AI Compute, MSFT issues fixes for 63 flaws, much more