Tootfinder

I do this ish for a living, I am an AI developer and researcher, and *I* don’t fully understand the security implications. What hope do regular users have?
https://www.windowscentral.com/microsoft/windows-11/microsoft-war…

Microsoft warns that Windows 11's agentic AI could install malware on your PC: "Only enable this feature if you understand the security implications"
Microsoft is pushing ahead with its plan to add agentic capabilities to Windows 11 but has issued an important security warning for anyone who is interested in trying it out.

A massive WhatsApp security flaw exposed the phone number of almost every user on the planet
– despite the fact that parent company Meta had been alerted to the vulnerability way back in 2017.
Security researchers were able to use what they described as a “simple” exploit to extract a total of 3.5 billion phone numbers from the messaging service …
The researchers say that if the same exploit had been used by bad actors, the result would have been “the largest data leak in …

WhatsApp security flaw exposed 3.5B phone numbers – inc yours
A massive WhatsApp security flaw exposed the phone number of almost every user on the planet – despite the fact...

Microsoft warns that Copilot Actions in Windows, now in beta and off by default, can infect devices and pilfer data, prompting concern from security researchers (Dan Goodin/Ars Technica)
https://arstechnica.com/security/2025/

Critics scoff after Microsoft warns AI feature can infect machines and pilfer data
Integration of Copilot Actions into Windows is off by default, but for how long?

President Donald Trump signs law strengthening stadium security against drones https://www.nytimes.com/athletic/6903655/2025/12/19/trump-drone-law-stadium-security/

All those allegations that China is using TP-Link routers to spy or to lay the groundworks for attacks or whatever have cost the California-based but Chinese-owned company $1 billion, according to a lawsuit filed by TP-Link against Netgear.
Fwiw, the allegations began in Washington and were wholly unfounded, but that hasn't slowed the drumbeat to ban TP-Link.

No evidence that TP-Link routers are a Chinese security threat
Despite a request for a US government investigation into Chinese-made TP-Link, evidence presented by a US House committee fails to support allegations they are a national security risk, experts say.

Distressing news articles that probably won't get attention in the US - The echos of these #racist acts are heard around the globe, with the continuing normalization of atrocious, abhorent behavior.
New Slovenian law treats entire Romany minority ‘as a security threat’

Distressing news articles that probably won't get attention in the US - The echos of these #racist acts are heard around the globe, with the continuing normalization of atrocious, abhorent behavior.
New Slovenian law treats entire Romany minority ‘as a security threat’

Microsoft warns that Windows 11's agentic AI could install malware on your PC: "Only enable this feature if you understand the security implications" | Windows Central
#Windows11 #AI

Outrage after Trump 'crony' lets the 'cat out of the bag' on Social Security - Raw Story
https://www.rawstory.com/social-security-2674011631/

Social Security scraps plan to limit disability benefits after uproar (Washington Post)
https://www.washingtonpost.com/politics/2025/11/19/social-security-disability-benefits-age/
http://www.memeorandum.com/251119/p149#a251119p149

Researchers demonstrated a major WhatsApp flaw that exposed 3.5B users' phone numbers, with 57% also showing a profile photo; Meta fixed the enumeration problem (Andy Greenberg/Wired)
https://www.wired.com/story/a-simple-whatsapp-security-flaw-…

A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more.

Platinum Security: a new Budapest Memorandum or real protection for Ukraine? #shorts: https://benborges.xyz/2025/12/17/platinum-security-a-new-budapest.html

UnixGuy Cyber Security Career
I invite various guests from the cyber security industry to give you real insights on what it's really like to work in cyber security...
Great Australian Pods Podcast Directory: https://www.greataustralianpods.com/unixguy-cyber-se…

By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found
“the most extensive exposure of phone numbers” ever—along with profile photos and more
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
https://www.

A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more.

from my link log —
Hardening snmalloc.
https://github.com/microsoft/snmalloc/tree/release_docs/docs/security
saved 2022-05-10 ht…

I’m not saying that this is good, but it recalled for me the ancient times when the phone company (there was only one) sent everyone a fat (in urban areas) book in tiny type on thin paper with everyone’s phone number, alphabetically by surname. Businesses were in their own book. You could also go to the reference section of the public library and use the book with all of the numbers in your area in numerical order.
Ancient times. The 1990s @…

When you are an Apple security researcher, Christmas comes early on November 2025:
https://security.apple.com/blog/apple-security-bounty-evolved/

A major evolution of Apple Security Bounty, with the industry's top awards for the most advanced research - Apple Security Research
Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards — up to $2 million and a maximum payout in excess of $5 million — expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards.

Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission https://therecord.media/lawmakers-bill-beefs-security-sec

Trump boards AF1 quickly, using small stairs due to 'increased security measures': WH official (Fox News)
https://www.foxnews.com/politics/trump-boards-af1-quickly-using-small-stairs-due-increased-security-measures-wh-official
http://www.memeorandum.com/251019/p67#a251019p67

UK AI Security Institute report: AI models are rapidly improving at potentially dangerous biological and chemical tasks, and show fast jumps in self-replication (Shakeel Hashim/Transformer)
https://www.transformernews.ai/p/aisi-ai-s

AI is making dangerous lab work accessible to novices, UK’s AISI finds
UK AISI’s first Frontier AI Trends Report finds that AI models are getting better at self-replication, too

Trump's shutdown snags Social Security increase
https://www.pennlive.com/nation-world/2025/10/social-security-cost-of-living-increase-announcement-has-been-delayed.html

The Tangerine Tyrant is a clear and present danger to the American People and the national security of the United States.
"The Dutch intelligence services AIVD and MIVD have reduced the amount of information they share with their American counterparts, citing political developments in the United States under President Donald Trump and growing concerns over the politicization of intelligence and 'respect for human rights.'"

Dutch intelligence services cut back on sharing information with U.S
The Dutch intelligence services AIVD and MIVD have reduced the amount of information they share with their American counterparts, citing political developments in the United States under President Donald Trump and growing concerns over the politicization of intelligence and "respect for human rights."

This was space that was last associated with Micfo before seized/reclaimed. See https://krebsonsecurity.com/tag/micfo-llc/
htt…

Good overview of hybrid warfare by Russia.
#AP

Russia wants to drain Europe's security resources with sabotage campaign, officials say | AP News
The Associated Press has tracked 145 cases of sabotage and disruption that Western officials blame on Russia since its 2022 invasion of Ukraine. They say Moscow wants to drain Europe’s investigative resources.

Trump says White House ballroom construction is a matter of national security....
Other national security matters:
- immigrants who are not white
- tariffs on products coming into the USA
- elimination of ObamaCare
- stopping all vaccines that save lives
- unlimited supply of KFC on Air Force 1
https://apnews.com/article/trump-white-house-ballroom-national-security-de9756118bbfca8f40af9cf89db6af5b

Former Microsoft employee Andrew Harris says the software giant dismissed his warnings about a critical flaw because it feared losing government business.
Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.
https://www.

Whistleblower Says Microsoft Dismissed Warnings About a Security Flaw That Russians Later Used to Hack U.S. Government
Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

#google: The AI we are putting into all of our products cannot be trusted, but it also can't be turned off
#microsoft: Windows 11 is now an agentic OS, and what that means is it can install malware
By the way,

Charlottesville, VA is the latest city with smarter elected leaders than San Francisco (where we continue to double down on partnering with ICE-collaborating Flock Security).
https://www.29news.com/2025/12/17/charlottesville…

Charlottesville ends Flock camera pilot program over privacy concerns
The decision comes after months of concern from city council about data privacy.

Guardio, which helps detect malicious code created with AI tools, raised $80M led by ION Crossover, and says it has 500K paying users and $100M in ARR in 2025 (Ivan Mehta/TechCrunch)
https://techcrunch.com/2025/11/19/security-startup-guardio-n…

Security startup Guardio nabs $80M from ION Crossover Partners | TechCrunch
Guardio is leveraging its experience building browser extensions and apps that scan for malicious and phishing sites to build a tool that looks for artifacts in code and websites made with vibe coding tools.

Das war teuer. https://newsie.social/@Tendar/115740586940855514

Tendar (@Tendar@newsie.social)
Attached: 1 image Satellite pictures of the port of Novorossiysk, Russia, with better resolution have been obtained by war reporter "Sternenko". He describes the damage as significant. His statement: "The Russian submarine in the port of Novorossiysk, hit by a drone from the Security Service of Ukraine (SBU), started leaking. Literally. Fuel and lubricants are leaking from the "Varshavyanka"-class submarine into the sea. In addition, the rear part of the boat is partially flooded."

Using AI for mental health support is dangerous and wrong.
Buuut, probably less dangerous and wrong than relying on mental health support supposedly provided by NSFT NHS trust in Norfolk, UK
https://www.theguardian.com/technology/202

Here's the kind of baseless speculation political reporters love but for some reason not this precise variety: Did the fascist Department of Homeland Security wait until their quisling Mayor Frey had been re-elected before ramping up attacks in the Twin Cities?
(There are multiple reports that the Bro-Tex Paper Company in Saint Paul was raided this morning, with a large crowd gathering in opposition and damaging multiple

While testing some new misp-modules, such as the OpenAPI interface, I discovered a strange behavior in Firefox when trying to reach TCP port 6666, which is the default port used by misp-modules.
It seems Firefox blocks access to a predefined list of TCP ports, and this has been in place for quite some time, as you can see in the commit log.
If you want to override the blocked port list, there is an obscure setting called network.security.ports.banned.override.
…

Apple Daily founder Jimmy Lai is found guilty of colluding with foreign forces to endanger national security and conspiring to publish seditious articles (Kanis Leung/Associated Press)
https://apnews.com/article/hong-kong-jimmy-lai-ve…

Former Hong Kong pro-democracy media mogul Jimmy Lai convicted in landmark national security trial
Jimmy Lai, the former Hong Kong media mogul and outspoken critic of Beijing, has been convicted in a landmark national security trial in the city’s court. Three government-vetted judges on Monday found Lai, 78, guilty of conspiring with others to collude with foreign forces to endanger national security and conspiracy to publish seditious articles. He pleaded not guilty to all charges. Under Hong Kong’s sweeping national security law, Lai could face up to life imprisonment. A mitigation hea…

Spirit Halloween guard kills suspected shoplifter: Cops
https://lawandcrime.com/crime/ill-f-shoot-you-spirit-halloween-security-guard-kills-man-suspected-of-stealing-items-worth-less-than-90-police-say/

Humans are better coders than AI, CodeRabbit concludes
Security researchers analyzed 470 open-source GitHub pull requests, including 320 AI-co-authored PRs and 150 human-only PRs. In short, they found that AI tools accelerate code output, but also amplify the number of (critical) mistakes.
https://

I’m on board the Northwood Express bus 🚌 to North Campus to hear Todd Austin talk in the security reading group about his latest ideas.

ClickFix may be the biggest security threat your family has never heard of https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/

ClickFix may be the biggest security threat your family has never heard of
Relatively new technique can bypass many endpoint protections.

Hackers Dox Hundreds of Trump’s Masked ICE Agents;
A group of hackers has released the personal info of hundreds of Homeland Security and Justice Department officials.
https://newrepublic.com/post/201926/hackers-dox-ice-dhs-doj

Hackers Dox Hundreds of Trump’s Masked ICE Agents
A group of hackers has released the personal info of hundreds of Homeland Security and Justice Department officials.

October: AI and Trust / Dumb Ransomware, Big Chaos
Toronto Area Security Klatch
https://www.task.to/schedule/v3f7p4b6zhdyhz4…

The company you work for spends millions on cybersecurity. You set up protocols, firewalls, preventive measures... And then the new girl in the office writes down her work passwords on a sticky note stuck to her laptop.
If I were an IT security professional, I'd be in jail by now after strangling someone like that girl with a power cord.

Europe ASSURES: Security guarantees for UKRAINE will remain unshakeable! #shorts: https://benborges.xyz/2025/12/16/europe-assures-security-guarantees-for.html

Mike McDaniel's job security, Denver's built-in advantage and what sources are saying around the NFL

https://www.cbssports.com/nfl/news/mike-mcdaniel-may-keep-do…

Inspections by Taiwan's National Security Bureau (NSB) of five Chinese generative AI apps -- Deepseek, Doubao (豆包), Yiyan (文心一言), Tongyi (通義千問), and Yuanbao (騰訊元寶) -- found violations of users' communication security across several indicators.
https://focustaiwan.tw/cross-strait/2025…

Taiwan warns of biases, data breach in Deepseek, other Chinese AI - Focus Taiwan
The National Security Bureau (NSB) has urged Taiwanese people to be on alert when using Chinese generative artificial intelligence (AI) language models due to potential security breaches and the spread of "disinformation" following recent inspections of five such apps.

Top military lawyer raised legal concerns about boat strikes (NBC News)
https://www.nbcnews.com/politics/national-security/top-military-lawyer-raised-legal-concerns-boat-strikes-rcna243694
http://www.memeorandum.com/251119/p183#a251119p183

So far in Russia's hybrid war in Europe, most known acts of sabotage have resulted in minimal damage
— nothing compared to the tens of thousands of lives lost and cities decimated across Ukraine.
But officials say each act
— from vandalism of monuments to cyberattacks to warehouse fires
— sucks up valuable security resources.
The head of one large European intelligence service said investigations into Russian interference now swallow up as much of the agency’…

Russia wants to drain Europe's security resources with sabotage campaign, officials say | AP News
The Associated Press has tracked 145 cases of sabotage and disruption that Western officials blame on Russia since its 2022 invasion of Ukraine. They say Moscow wants to drain Europe’s investigative resources.

Trump’s approval rating slips on the economy and immigration:
#USpol

Trump’s approval rating slips on the economy and immigration - AP-NORC
Approval of Trump’s handling of the economy and immigration are down about 10 points since March. Border security remains Trump’s best issue with 50% approval.

Boston-based OneLayer, which offers zero-trust security and device management for private 5G and LTE networks, raised a $28M Series A led by Maor Investments (Dan Jones/Fierce Network)
https://www.fierce-network.com/wireless/private-…

Homeland Security helps Trump donor make bank on deportation scheme
https://www.dailykos.com/stories/2025/12/17/2358878/-Homeland-Security-helps-Trump-donor-make-bank-on-deportation-scheme

Chinese attackers exploiting zero-day to target Cisco email security products https://therecord.media/chinese-attackers-zero-day

#Shitpost #Shitposting #ShamelesslyStolenFromSomewhereElseOnTheInternetHonestlyICantKeepTrackOfThisStuffAnymore

Microsoft launches Agent 365, a new framework to let businesses deploy and manage AI agents like human employees, with dashboards showing telemetry and alerts (Tom Warren/The Verge)
https://www.theverge.com/news/822035/microsoft-agent-365-businesses-contr…

Microsoft Agent 365 lets businesses manage AI agents like they do people
Microsoft is building an agent factory that now has some important controls. Microsoft Agent 365 will let business control AI agents.

https://www.bleepingcomputer.com/news/security/auction-giant-sothebys-says-data-breach-exposed-financial-information/
Auction giant Sotheby’s says data breach exposed financial information

Auction giant Sotheby’s says data breach exposed financial information
Major international auction house Sotheby's is notifying individuals of a data breach incident on its systems where threat actors stole sensitive information, including financial details.

Jonathan Gannon on job security amid six-game skid: Cardinals going through a 'dip' but 'I do believe in us' https://www.nfl.com/news/jonathan-gannon-on-job-security-amid-six-game-skid-cardinals-going-…

European leaders present six-point security, recovery plan for Ukraine: https://benborges.xyz/2025/12/16/european-leaders-present-sixpoint-security.html

UN security council passes US-drafted resolution authorising an international stabilisation force in Gaza
The UN security council has voted to pass the US-drafted resolution regarding the mandate for an International Stabilisation Force in Gaza, one of the key points in Trump’s Gaza plan

U.N. Security Council Adopts Trump’s Peace Plan for Gaza - The New York Times
https://www.nytimes.com/2025/11/17/world/middleeast/un-security-council-gaza-peace-plan.html

In Major Breakthrough, U.N. Security Council Adopts U.S. Peace Plan for Gaza (Farnaz Fassihi/New York Times)
https://www.nytimes.com/2025/11/17/world/middleeast/un-security-council-gaza-peace-plan.html
http://www.memeorandum.com/251117/p157#a251117p157

Trump signs defense bill allocating millions for Cyber Command, mandating Pentagon phone security https://therecord.media/trump-signs-ndaa-cyber-command

Good piece on SolarWinds' Tim Brown that illustrates the emotional damage cyber incidents pose to defenders.
‘I lost 25 pounds in 20 days’: what it’s like to be on the frontline of a global cyber-attack
https://www.theguardian.com/technology/202

Faith groups reject new Trump security grant rules over ICE, DEI
https://religionnews.com/2025/10/17/faith-groups-voice-confusion-outrage-at-new-security-grant-requirements-under-trump/

I build robots to save lives: Here’s why Europe must invest in Ukraine’s civil security: https://benborges.xyz/2025/12/18/i-build-robots-to-save.html

Google sues the Chinese-speaking cybercriminal group known as Darcula, behind an alleged US text message phishing ring, in the US, seeking a restraining order (Kevin Collier/NBC News)
https://www.nbcnews.com/tech/security/google-sues…

Google sues Chinese scam ring over E-ZPass, USPS phishing texts
Google is suing a Chinese-speaking cybercriminal group it says is responsible for a massive wave of scam text messages sent to Americans this year.

Why the Jets will not fire Aaron Glenn — not now, and not in the offseason https://www.nytimes.com/athletic/6722832/2025/10/17/aaron-glenn-job-security-new-york-jets-rebuild/

Adaptive Security, which uses AI to simulate social engineering attacks and help companies prevent them, raised an $81M Series B led by Bain Capital Ventures (Chris Metinko/Axios)
https://www.axios.com/pro/enterprise-software-d…

Exclusive: Adaptive Security raises $81M to stop social-engineered attacks
Bain Capital Ventures led the Series B round.

According to the Daily Mail, Russian hackers have stolen hundreds of sensitive military documents containing details of eight RAF and Royal Navy bases as well as Ministry of Defence staff names and emails and posted them on the dark web.
https://www.dailymail.co.uk/news/…

'Catastrophic' attack as Russians hack files on EIGHT MoD bases and post them on the dark web
In what has been described as a 'catastrophic' security breach, cybercriminals accessed the cache of files by hacking a maintenance contractor used by the MoD.

U.S. to repatriate survivors of drug boat strike to Colombia, Ecuador
The United States plans to repatriate two alleged fishermen to Colombia and Ecuador after military forces attacked their vessel in the Caribbean on Thursday.

Facing questions about the legality of the strikes, the Trump administration has sought to justify the killings by claiming the U.S. is in “armed conflict” with Latin American drug cartels that are linked to Venezuelan President Nicolšs Maduro’s alleged e…

U.S. to repatriate survivors of drug boat strike to Colombia, Ecuador
It is unclear if the two surviving alleged drug smugglers have any links to Venezuelan criminal organizations.

U.N. Security Council approves Trump's 20-point peace plan for Gaza (Karen DeYoung/Washington Post)
https://www.washingtonpost.com/national-security/2025/11/17/un-vote-gaza-trump-plan/
http://www.memeorandum.com/251117/p145#a251117p145

UN Security Council approves Trump’s Gaza”peace plan”, green-lighting U.S.-Israeli control of Gaza’s future – Mondoweiss
https://mondoweiss.net/2025/11/un-security-council-approves-trumps-gazapeace-plan-green-lighting-u-s-israeli-control-of-gazas-future/

Scoop: Trump plan asks Ukraine to cede additional territory for security guarantee (Barak Ravid/Axios)
https://www.axios.com/2025/11/19/trump-ukraine-peace-plan-russia-donbas
http://www.memeorandum.com/251119/p101#a251119p101

https://www.theguardian.com/technology/2025/oct/14/cyber-attacks-rise-in-past-year-uk-security-agency-says
Cyber-attacks rise by 50% in past year, UK security agency says

The privately funded National Trust for Historic Preservation last week asked the U.S. District Court to block Trump’s project.
“No president is legally allowed to tear down portions of the White House without any review whatsoever
— not President Trump, not President Biden, and not anyone else,” the lawsuit states.
“And no president is legally allowed to construct a ballroom on public property without giving the public the opportunity to weigh in.”
Trump had the East W…

Trump administration says White House ballroom construction is a matter of national security
The Trump administration says in a court filing that the president’s White House ballroom construction project must continue for unexplained national security reasons. It also says a preservationists’ organization that wants it stopped has no standing to sue. The court filing Monday was in response to a lawsuit filed last Friday by the National Trust for Historic Preservation asking a federal judge to halt President Donald Trump’s project until it goes through multiple independent reviews…

Google Cloud and Palo Alto Networks strike a deal that a source says is Google Cloud's largest security services deal "approaching $10B" over several years (Kenrick Cai/Reuters)
https://www.reuters.com/business/google-cl

State Dept's Foreign Terrorist Designations Undermine Claims of "Antifa" Threat (Tom Joscelyn/Just Security)
https://www.justsecurity.org/125072/fto-sdgt-antifa/
http://www.memeorandum.com/251119/p28#a251119p28

Democratic lawmakers repeatedly called on Homeland Security Secretary Kristi Noem to resign
as they confronted her on Trump’s immigration crackdown during a heated House Homeland Security Committee hearing Thursday.
Congressmember Delia Ramirez, announced that she would begin taking steps for her impeachment.
The Department of Homeland Securityis “operating as a criminal organization” under Noem’s leadership, Ramirez tells Democracy Now!
“She thinks that she is above…

“A Force of Terror”: Rep. Delia Ramirez on ICE Abuses & Her Push to Impeach DHS Chief Kristi Noem
Democratic lawmakers repeatedly called on Homeland Security Secretary Kristi Noem to resign as they confronted her on Trump’s immigration crackdown during a heated House Homeland Security Committee hearing Thursday. We speak with Congressmember Delia Ramirez, who reiterated her call during the hearing for Noem to resign and announced that she would begin taking steps for her impeachment. The Department of Homeland Security is “operating as a criminal organization” under Noem’s leadershi…

https://www.thecrimson.com/article/2025/10/14/harvard-security-breach-russian-cybercrime-group/
Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data

Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data | News | The Harvard Crimson
Harvard is investigating a data breach after a Russian-speaking cybercrime organization claimed it was preparing to release information stolen through a vulnerability in a software suite used by the University.

Memo: TikTok CEO Shou Zi Chew says ByteDance's US entities will retain direct control over core US revenue drivers, including ecommerce, ads, and marketing (Financial Times)
https://www.ft.com/content/7a778d46-8bf8-4b11-af4e-5e5bd891cb9d

TikTok says Chinese owner will retain core US business
Oracle, Silver Lake and MGX to invest in new data security joint venture as part of Trump-brokered deal

Criminal Illegal Alien Who Offered $10,000 Bounties to Murder ICE Agents Arrested in Dallas, TX (Department of Homeland Security)
https://www.dhs.gov/news/2025/10/17/criminal-illegal-alien-who-offered-10000-bounties-murder-ice-agents-arrested-dallas
http://www.memeorandum.com/251018/p42#a251018p42

Happy Grift Day!
Coast Guard Buys Two Private Jets for Noem, Costing $172 Million
https://www.nytimes.com/2025/10/18/us/politics/kristi-noem-dhs-gulfstream.html?smid=nytcore-ios-share&referringSou…

Coast Guard Buys Two Private Jets for Noem, Costing $172 Million
Public documents show the Department of Homeland Security has contracted to purchase a pair of top-of-the-line Gulfstream jets for the secretary and other top officials.

Meta says its 2Africa subsea cable project remains incomplete in the southern Red Sea segment due to security risks; Google's Blue-Raman cable is also delayed (Bloomberg)
https://www.bloomberg.com/news/articles/2025-11-17…

Before you head out for the weekend, check out today's Metacurity for the most critical infosec developments you should know, including
--Chinese state hackers used Anthropic to automate cyber intrusions,
--UK MoD knew of Excel's security risks before Afghan data leak,
--NHS investigates Clop's attack claims,
--ASUS patches DSL router critical flaws,
--DoorDash reveals October security incident,
--US feds warn of Akira's expanded encryption …

Chinese state hackers used Anthropic to automate cyber intrusions
UK MoD knew of Excel's security risks before Afghan data leak, NHS investigates Clop's attack claims, ASUS patches DSL router critical flaws, DoorDash reveals October security incident, US feds warn of Akira's expanded encryption capabilities, Kraken is testing how fast it can encrypt, much more

Prisma Photonics, which develops AI-based tech for monitoring infrastructure using existing optical fiber networks, raised $30M, taking total funding to $80M (Meir Orbach/CTech)
https://www.calcalistech.com/ctechnews/article/rjjneb66lg

Prisma Photonics raises $30 million to expand AI-based infrastructure monitoring
The Tel Aviv deep-tech firm turns ordinary fiber networks into global security and power-grid sentinels.

U.S. to repatriate survivors of drug boat strike to Colombia, Ecuador (Washington Post)
https://www.washingtonpost.com/national-security/2025/10/18/detainees-drug-boat-us-venezuela-colombia-ecuador/
http://www.memeorandum.com/251018/p41#a251018p41

Towson University students moved their “No Kings” rally off campus
after a school official told them speakers’ names would be run through federal government databases and vetted for security reasons.
The demonstration, one of dozens planned in Maryland on Saturday,
will protest authoritarian policies of President Donald Trump.
Students moved the event, fearing that speakers would be targeted by the Trump administration,
which has threatened to pursue and punish …

Towson U. ‘No Kings’ rally relocates over speaker background checks
Towson University students moved their “No Kings” rally off campus after school officials told them speakers’ names would be run through federal government databases and vetted for security reasons.

Trump signs the annual defense bill with provisions authorizing the president to screen and restrict US financing of Chinese tech companies (Anvee Bhutani/Wall Street Journal)
https://www.wsj.com/politics/national-secu

Amazon Threat Intelligence observed sustained targeting of global infrastructure between 2021-2025, with particular focus on the energy sector, by Russian state-sponsored threat actors.
https://aws.amazon.com/blogs/security/

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined. This tactical adaptation enables the same […]

Despite congressional action, quick release of Epstein files is in doubt (Washington Post)
https://www.washingtonpost.com/national-security/2025/11/19/epstein-files-justice-department-release/
http://www.memeorandum.com/251119/p142#a251119p142

John Woodrow Cox writes about
“H,” an Afghan man who supported the US during the war in Afghanistan.
After arriving here through the humanitarian parole program, he applied for asylum and built a life
—and raised two US-born kids
—with his wife.
But the Trump administration has since terminated the protections that allow Afghans like H to stay,
with one Homeland Security staffer calling him an “unvetted alien from a high threat country.”
H is anythin…

He supported the U.S. war in Afghanistan. Now he may be deported to the Taliban.
He supported America’s war, escaped Afghanistan and started a family in the U.S. Then ICE arrested him. If he is deported, he expects the Taliban to kill him.

France charges a crew member of an Italian passenger ferry for allegedly infecting the ship with a remote access tool on behalf of a foreign power (Sergiu Gatlan/BleepingComputer)
https://www.bleepingcomputer.com/news/security/fr…

Justice Dept. acknowledges full grand jury never saw final Comey indictment (Washington Post)
https://www.washingtonpost.com/national-security/2025/11/19/comey-trump-abuse-power-hearing/
http://www.memeorandum.com/251119/p124#a251119p124

Portugal updates cybercrime law to exempt security researchers
https://www.bleepingcomputer.com/news/security/portugal-updates-cybercrime-law-to-exempt-security-researchers/

Portugal updates cybercrime law to exempt security researchers
Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions.

The US, the UK, and Australia sanction Russian bulletproof hosting provider Media Land, which provided services to cybercrime marketplaces and ransomware groups (Sergiu Gatlan/BleepingComputer)
https://www.bleepingcomputer.com/news/secu

Blanche says DOJ won't release full Epstein files to Congress by Friday deadline (Rebecca Beitsch/The Hill)
https://thehill.com/policy/national-security/5656765-blanche-says-doj-wont-release-full-esptein-files-to-congress-by-friday-deadline/
http://www.memeorandum.com/251219/p43#a251219p43

https://cyberscoop.com/bugcrowd-mayhem-security-acquistion-ai-security-testing/
Omg so happy for the great David Brumley!

In a lawsuit, California-based TP-Link says Netgear orchestrated a smear by planting false claims with journalists and influencers about TP-Link's China ties (Bloomberg)
https://www.bloomberg.com/news/articles/2025-11-19/n…

Ex-Trump national security adviser John Bolton indicted on charges of mishandling classified information (Caitlin Doornbos/New York Post)
https://nypost.com/2025/10/16/us-news/ex-trump-national-security-adviser-john-bolton-indicted-on-charges-of-mishandling-classified-information/
http://www.memeorandum.com/251016/p111#a251016p111

Since Ghislaine Maxwell’scontroversial transfer to a low-security prison camp this summer,
her time at Texas’s FPC Bryan has prompted uproar over alleged favorable treatment
– including claims this week that she was provided custom-made meals and access to a puppy
Some of the recent accusations were in a 9 November letter that Jamie Raskin sent to Donald Trump.
The Democratic representative’s letter, which cited whistleblower information, demanded answers about Maxwel…

Prime Security, which develops AI agents that help with security design during software development, raised a $20M Series A led by Scale Venture Partners (Chris Metinko/Axios)
https://www.axios.com/pro/enterprise-software-deals/2025/12/09…

Exclusive: Agentic AI startup Prime Security raises $20M
Scale Venture Partners led the Series A round.

North Carolina Elections Chief Demands Voters' Full Social Security Numbers From DMV (Yunior Rivas/Democracy Docket)
https://www.democracydocket.com/news-alerts/north-carolina-elections-chief-demands-voters-full-social-security-numbers-from-dmv/
http://www.memeorandum.com/251016/p148#a251016p148

Some experts question Anthropic's claims of cyberattack breakthroughs using its tools, noting that white-hat hackers report modest gains from AI-aided hacking (Dan Goodin/Ars Technica)
https://arstechnica.com/security/2025/

Researchers question Anthropic claim that AI-assisted attack was 90% autonomous
The results of AI-assisted hacking aren’t as impressive as many might have us believe.