Tootfinder

NFL wild card overreactions: Is Matt LaFleur on hot seat after Packers' meltdown? Are Rams' flaws fatal?

https://www.cbssports.com/nfl/news/nfl-wil

@… seems like it’s not *quite* baseline yet (for the flaws baseline has, seems useful to note here)

Apple and Google have released several software updates
to protect against a hacking campaign targeting an unknown number of their users.
On Wednesday, Google released patches for a handful of security bugs in its Chrome browser,
-- noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. 
Unusually for Google, the company provided no further details at the time.  But on Friday, Google updated the page to say that t…

Google and Apple roll out emergency security updates after zero-day attacks | TechCrunch
Apple released patches for all of its flagship devices to fix security flaws under attack. Google also updated Chrome to remediate one vulnerability exploited in the attacks.

Man, today's Metacurity is packed with tons of critical infosec developments you should know, including
--Google sues Chinese smishing giant Lighthouse Enterprise for scams across 120 countries,
--UK proposes new cyberattack defenses,
--UK to allow tests of AI systems to gauge CSAM potential,
--Oz spy chief says China probed country's telecom networks,
--China blames US gov't for $13B LuBian theft,
--Google unveils Private AI Compute,
--M…

Google sues Chinese smishing giant Lighthouse Enterprise for scams across 120 countries
UK proposes new cyberattack defenses, UK to allow tests of AI systems to gauge CSAM potential, Oz spy chief says China probed country's telecom networks, China blames US gov't for $13b LuBian theft, Google unveils Private AI Compute, MSFT issues fixes for 63 flaws, much more

Ravens still have a path to the playoffs, but Baltimore's flaws are putting John Harbaugh's future in question

https://www.cbssports.com/nfl/news/ravens-playoff-c…

In 2025, the top 5 known exploited vulnerability (#KEV) vendors as of https://cyble.com/blog/cisa-kev-2025-exploited-vulnerabilities-growth/ were:
Microsoft (39)
<…

RE: https://mastodon.social/@sil/115683600028649718
This. And yet: looking at its context, it was _shipped_ soon after that prototype period, renamed to 'java'script to tack on to the zeitgeist, and built as a glue language without basic debugging. Some of the mistakes persist!
But it did in fact turn into a reasonable language that's fully developed. Not without deep flaws, but most real systems have deep flaws. The _way_ the half-assing plays out matters a lot.

NFL playoff team weaknesses: Fatal flaws range from Bills' leaky run defense to major quarterback questions

https://www.cbssports.com/nfl/news/nfl-playoff-team-weaknesses-fatal-flaws/

Cowboys' biggest flaws exposed in loss to Lions. How do they fix them? https://www.nytimes.com/athletic/6867805/2025/12/08/cowboys-biggest-concerns-pass-rush-secondary/

Why the Raiders' Flaws are Fatal https://www.si.com/nfl/raiders/onsi/las-vegas-why-flaws-are-fatal

WaPo says it was impacted by a series of breaches involving Oracle's E-Business Suite, whose flaws were exploited by a ransomware gang (Jake Bleiberg/Bloomberg)
https://www.bloomberg.com/news/articles/2025-11-06/washington-…

RE: https://neuromatch.social/@fancysandwiches/115866242270399067
If you're using generative models in your work, you are taking ownership of that work. Its flaws are your fault, so review carefully and waste less of your colleagues' tim…

React discloses an unauthenticated remote code execution flaw in React Server Components; Wiz says 39% of cloud environments contain vulnerable instances (The Hacker News)
https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions now.

Every day is a big cyber news day, so don't miss today's Metacurity for the most critical infosec developments you should know, including
--Twin brother hackers arrested for US government hacking, data destruction spree,
--GRU cyber ops sanctioned into Skripal poisoning inquiry,
--Defenders scramble to patch React Server Components' critical flaws,
--AI agents match human attackers in smart contract exploits,
--AZ Atty. General sues Temu for customer …

Twin brother hackers arrested for US government hacking, data destruction spree
GRU cyber ops sanctioned into Skripal poisoning inquiry, Defenders scramble to patch React Server Components' critical flaws, AI agents match human attackers in smart contract exploits, AZ Atty. General sues Temu for customer data theft, Threat intel experts recorded DPRK IT recruiters, much more

"strncpy() is a weird function with a crappy API."
good thing I don't do C 🙃
Seriously though - projects defining their own strc(o)py do mean flaws in a standard library.
https://daniel.haxx.se/blog/2025/12/29/no-strcpy-either/

no strcpy either
Some time ago I mentioned that we went through the curl source code and eventually got rid of all strncpy() calls. strncpy() is a weird function with a crappy API. It might not null terminate the destination and it pads the target buffer with zeroes. Quite frankly, most code bases are probably better off completely … Continue reading no strcpy either →

So much happened over the weekend, so check out today's Metacurity for the most critical infosec developments you might have missed, including
--Hackers who stole trove of sensitive UPenn data derides 'dog**** elitist institution',
--LLM giants are trying to stop indirect prompt injection attacks,
--Oz government warns of Cisco IOS XE flaws,
--Polish authorities probe cyberattack on online loan platform,
--Chinese President Xi Jinping joked about smar…

Hackers who stole trove of sensitive UPenn data derides 'dog**** elitist institution'
LLM giants are trying to stop indirect prompt injection attacks, Oz government warns of Cisco IOS XE flaws, Polish authorities probe cyberattack on online loan platform, Chinese President Xi Jinping joked about smartphone backdoors, Shiba Inu implements massive security upgrade, much more

Mahomes-Allen Part X will expose fatal flaws for both contenders ahead of NFL's trade deadline

https://www.cbssports.com/nfl/news/mahomes-allen-part-x-will-expos…

Review of Samsung's Galaxy Z TriFold: sturdy but poor camera performance and has some unique design flaws that make it even less polished than regular foldables (Vlad Savov/Bloomberg)
https://www.bloomberg.com/news/features/20

Security researcher fumes at low macOS bug bounty awards
https://appleinsider.com/articles/25/12/02/security-researcher-fumes-at-low-macos-bug-bounty-awards

Security researcher fumes at low macOS bug bounty awards | AppleInsider
A security researcher has complained about reduced payments from discovered macOS flaws by Apple's bug bounty program, despite Apple raising the maximum for more high-profile rewards.

Clover Security, whose AI agents plug into developer platforms like GitHub to predict and detect security flaws, raised $36M led by Notable Capital and Team8 (Sam Sabin/Axios)
https://www.axios.com/2025/11/25/clover-security-funding-wiz-crowdstrike-no…

Exclusive: Wiz founders back AI security agent startup
Clover Security provides agentic tools that help companies embed security throughout their products and ensure that their products remain secure during their lifecycle.

Fatal Flaws Are on the Verge of Ruining Raiders' Season https://www.si.com/nfl/raiders/las-vegas-geno-smith-pete-carroll-chip-kelly-patrick-mahomes

Yikes, so much cybersecurity news, so little time. Check out today's Metacurity for the most crucial developments you should know, including
--SpaceX pulls the plug on 2,000 Myanmar scam compounds' Starlink devices,
--PhantomCaptcha phishing campaign targeted critical Ukraine orgs,
--OpenAI is laid back on Atlas prompt injection flaws,
--Ransomware cases soar in Japan,
--N. Korean hackers have pilfered billions according to monitors,
--N. Korean ha…

SpaceX pulls the plug on 2,000+ Myanmar scam compounds' Starlink devices
PhantomCaptcha phishing campaign targeted critical Ukraine orgs, OpenAI is laid back on Atlas prompt injection flaws, Ransomware cases soar in Japan, N. Korean hackers have pilfered billions according to monitors, N. Korean hackers target drone makers, LG Uplus reports breach, much more

This has only happened once before, but today I have two big stories appearing in two publications.
The first, an exclusive which just kind of dropped in my lap, is my latest CSO piece, which reports that foreign threat actors infiltrated the Kansas City National Security Campus (KCNSC), a manufacturing facility that produces roughly 80% of the non-nuclear parts in the nation’s nuclear weapons stockpile.
Experts say this incident underscores the need to protect operational techn…

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions about the need to solidify further federal IT/OT security protections.

I usually find year-end top stories round-ups to be insipid and mediocre at best, but this one by @… is first-rate.
https://www.

The biggest cybersecurity and cyberattack stories of 2025
2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories of 2025.

US cybersecurity company F5 discloses a cyberattack in August by suspected nation-state hackers that stole undisclosed BIG-IP vulnerabilities and source code (Bill Toulas/BleepingComputer)
https://www.bleepingcomputer.com/news/securi…

Bills' lack of playmakers among 5 glaring flaws for NFL contenders https://www.nytimes.com/athletic/6802241/2025/11/13/nfl-trends-week-11-contenders-concerns-bills-steelers-colts/

Before you head out for the weekend, check out today's Metacurity for the most critical infosec developments you should know, including
--Chinese state hackers used Anthropic to automate cyber intrusions,
--UK MoD knew of Excel's security risks before Afghan data leak,
--NHS investigates Clop's attack claims,
--ASUS patches DSL router critical flaws,
--DoorDash reveals October security incident,
--US feds warn of Akira's expanded encryption …

Chinese state hackers used Anthropic to automate cyber intrusions
UK MoD knew of Excel's security risks before Afghan data leak, NHS investigates Clop's attack claims, ASUS patches DSL router critical flaws, DoorDash reveals October security incident, US feds warn of Akira's expanded encryption capabilities, Kraken is testing how fast it can encrypt, much more

Only one day left in a very news-heavy work week, so don't miss today's Metacurity for the crucial cybersecurity news you should know, including
--Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium,
--DC US Attorney launches investigation into crypto scams,
--APT exploited Citrix Bleed2 flaws in Cisco ISE,
--CISA orders patching of Cisco ASA and Firepower devices,
--Extremist group 764 member faces charges related to online child exploitatio…

Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium
DC US Attorney launches investigation into crypto scams, APT exploited Citrix Bleed2 flaws in Cisco ISE, CISA orders patching of Cisco ASA and Firepower devices, Extremist group 764 member faces charges related to online child exploitation, Musk fumbles X security key switchover, much more

Putting the Raiders' Struggles into Eye-Popping Perspective https://www.si.com/nfl/raiders/onsi/las-vegas-struggles-into-eye-popping-perspective

Check out today's packed Metacurity for the most critical infosec developments you should know, including
--Venezuela's state-run oil company PDVSA was hit by a cyberattack,
--Coupang's founder failed to show at parliamentary hearing,
--Vast majority of parked domains foist scams and malware,
--FTC orders Nomad to pay victims after hackers stole cryptocurrency,
--noyb alleges data exposure by TikTok, Grindr and AppFlyer,
--Hackers exploit critica…

Venezuela's state-run oil company PDVSA was hit by a cyberattack
Coupang's founder didn't show at parliamentary hearing, Majority of parked domains foist scams and malware, FTC orders Nomad to pay victims after hackers stole cryptocurrency, noyb alleges data exposure by TikTok, Grindr and AppFlyer, Hackers exploit critical flaws in Fortinet products, much more