Tootfinder

Weekends are never slow for cyber news, particularly this past weekend. Check out today's Metacurity for the top infosec developments you might have missed, including
--DHS warns of likely Iranian cyberattacks after Trump's missile strikes
--Authorities warn of Salt Typhoon threats in Canada,
--Aflac struck by likely Scattered Spider attack,
--DPRK likely behind BitoPro $11m theft,
--CoinMarketCap hit by wallet-draining attack,
--Hacker stole $250K …

DHS warns of likely Iranian cyberattacks following Trump's missile strikes
Authorities warn of Salt Typhoon threats in Canada, Aflac struck by likely Scattered Spider attack, DPRK likely behind BitoPro $11m theft, CoinMarketCap hit by wallet-draining attack, Hacker stole $250K from Hacken using leaked key, Garden Finance accused of laundering stolen crypto, much more

London-based OneBalance, which lets developers integrate crypto features into their apps, raised a $20M Series A led by Cyber Fund and Blockchain Capital (Catherine McGrath/Fortune)
https://fortune.com/crypto/2025/06/11/

Crypto software company OneBalance raises $20 million from cyber•Fund and Blockchain Capital
Crypto company OneBalance plans to use the funding to support additional blockchains.

The human aspects of the Ukrainian operation Spider's Web i find the most amazing, driving all those trucks through Russia, having drone operators on site (!), evading all checks and controls within Russia. Very likely a lot of bribing was involved, the extreme level of corruption makes Russia weak.
#ukraine

This https://arxiv.org/abs/2408.16220 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

Place Protections at the Right Place: Targeted Hardening for Cryptographic Code against Spectre v1
Spectre v1 attacks pose a substantial threat to security-critical software, particularly cryptographic implementations. Existing software mitigations, however, often introduce excessive overhead by indiscriminately hardening instructions without assessing their vulnerability. We propose an analysis framework that employs a novel fixpoint algorithm to detect Spectre vulnerabilities and apply targeted hardening. The fixpoint algorithm accounts for program behavior changes induced by stepwise hard…

Oh wow, MacOS's new liquid glass themes look genuinely cool. I hope the ricing community picks it up.
https://www.apple.com/newsroom/2025/06/apple-introduces-a-delightful-and-elegant-new-software-design/

This friday, I will be speaking at @… in Hamburg. I'll be showing a neat cryptography-based vulnerability that we found in a project a while back, and discuss what it can teach us about defensive software architecture. If you're there, come say hi :).
Really looking forward to the event, had some great discussions last year.

In a few days I’ll have a CSV/json of exported Cryptpad answers for some kind of census. Are there any open source softwares out there that make analysing these kind of stuff easier?
Instead of just like opening it on a fucking libreoffice spreadsheet or something.
Ideally it’d give me like the amount of people who selected each option on a question, same for written ones (being able to set aliases like “abcd = ABCD” and “Guix = GNU Guix” bc people can’t be consistent when answering polls), with the ability to understand comma-separated replies to those questions as if they were multiple selections on a checkbox question).
Maybe being able to generate some graphs too, but at least giving me a list with like “question1, reply1, amount” for each so I can easily make graphs myself.

President Trump signs an EO scrapping or revising several Biden- and Obama-era cybersecurity programs, including for AI security and post-quantum cryptography (Eric Geller/Cybersecurity Dive)
https://www.cybersecuritydive.com/news/tru

Trump scraps Biden software security, AI, post-quantum encryption efforts in new executive order
The White House accused the Biden administration of trying to “sneak problematic and distracting issues into cybersecurity policy.” 

This https://arxiv.org/abs/2405.08965 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csPL_…

Meaning-Typed Programming: Language Abstraction and Runtime for Model-Integrated Applications
Software development is shifting from traditional logical programming to model-integrated applications that leverage generative AI and large language models (LLMs) during runtime. However, integrating LLMs remains complex, requiring developers to manually craft prompts and process outputs. Existing tools attempt to assist with prompt engineering, but often introduce additional complexity. This paper presents Meaning-Typed Programming (MTP) model, a novel paradigm that abstracts LLM integratio…

KHIFC-user friendly program for studying Heavy ion fusion barrier characteristics
H. C. Manjunatha, P. S. Damodara Gupta, N. Sowmya, K. N. Sridhar
https://arxiv.org/abs/2506.13823

KHIFC-user friendly program for studying Heavy ion fusion barrier characteristics
We have developed an application for studying heavy ion fusion barrier characteristics such as such as fusion barrier heights ($V_B$), positions ($R_B$) and curvature of the inverted parabola ($\hbarω$). We call this application as KHIFC (Kolar Heavy Ion fusion barrier Characteristics). This software application hosted in the domain "https://systematics-of-heavy-ion-fusion.vercel.app/". This KHIFC produces fusion cross-sections with the simple input of projectile, target and center of mass ene…