Tootfinder

Some state and local elections officials say they no longer have working relationships with the federal government
and do not trust the expertise they used to tap into on election security.
https://c.im/@cdarwin/115633975364257626

Changes to CISA have left some states without support during elections; California said CISA provided little support during the Nov. 4 election on redistricting (Associated Press)
https://apnews.com/article/election-security-…

Changes to the agency that helps secure elections lead to midterm worries
The federal agency that oversees the security of election systems was largely absent from planning before elections this month in several states. That's leading many state election officials to be concerned about how engaged the Cybersecurity and Infrastructure Security Agency will be for next year’s midterms. Officials are citing the shifting priorities of the Trump administration, as well as staffing reductions and budget cut. Some officials say they've begun scrambling to fill the anticipa…

"In Phrack Magazine, this author learned at the end of the 1990s the subtle art of smashing the stack, an exploit that would become the starting point of many a computer security book afterward.
There is one magazine that has been around for a decade: the “International Journal of Proof-of-Concept or Get The Fuck Out”, or “PoC||GTFO”.
(I should have probably warned readers about the profanity in the title, but nah, I assume them to be adults at this point.)"

Pastor Manul Laphroaig, T.G. S.B.
Paraphrasing a well-known software mogul who shall remain nameless in the pages of this magazine, insecure software is eating the world. The reasons of such sad state of things are varied and range from social to economic; the technological aspect is usually the one that concerns me the least. In this sea of unusable things and insecure networks, there is a “subculture” (a horrible word, but bear with me) of highly skilled individuals who teach each other how broken those things are. And ye…

At least Rubio says what it is...
"US senators say Rubio told them Trump’s Ukraine peace plan is Russia’s ‘wish list’"
https://apnews.com/article/ukraine-peace-plan-security-confernece-halifax-senators-6041a181…

US senators say Rubio told them Trump's Ukraine peace plan is Russia's 'wish list'
U.S. senators critical of President Donald Trump’s approach to ending the Russia-Ukraine war say they spoke with Secretary of State Marco Rubio who told them that the peace plan Trump is pushing Kyiv to accept is a “wish list” of the Russians and not the actual U.S. plan. The 28-point peace plan was crafted by the Trump administration and the Kremlin without Ukraine’s involvement. It acquiesces to many Russian demands that Ukrainian President Volodymyr Zelenskyy has categorically reject…

🧩 The state of the Rust dependency ecosystem
#rust

The House Homeland Security Committee asks Dario Amodei to testify at a December 17 hearing about how Chinese state actors used Claude Code for cyber-espionage (Sam Sabin/Axios)
https://www.axios.com/2025/11/26/anthropic-google-cloud-quantum-xch…

Exclusive: Anthropic CEO called to testify on Chinese AI cyberattack
The request comes weeks after Anthropic said China used Claude Code in an espionage campaign.

Before you head out for the weekend, check out today's Metacurity for the most critical infosec developments you should know, including
--Chinese state hackers used Anthropic to automate cyber intrusions,
--UK MoD knew of Excel's security risks before Afghan data leak,
--NHS investigates Clop's attack claims,
--ASUS patches DSL router critical flaws,
--DoorDash reveals October security incident,
--US feds warn of Akira's expanded encryption …

Chinese state hackers used Anthropic to automate cyber intrusions
UK MoD knew of Excel's security risks before Afghan data leak, NHS investigates Clop's attack claims, ASUS patches DSL router critical flaws, DoorDash reveals October security incident, US feds warn of Akira's expanded encryption capabilities, Kraken is testing how fast it can encrypt, much more

Trump administration abruptly recalls over two dozen career ambassadors
The Trump administration has recalled more than two dozen
career diplomats from ambassador positions and other senior posts around the world
as it works to enforce adherence with Donald Trump’s “America First” agenda.

The directive has infuriated State Department personnel
who say it will leave key embassies without critical leadership
and may effectively end the careers of many ambass…

Trump administration abruptly recalls over two dozen career ambassadors
A senior State Department official called it a bid to ensure adherence to the “America First” agenda while others called it a devastating blow to America’s diplomatic corps.

Big changes to the agency charged with securing elections lead to midterm worries (Associated Press)
https://apnews.com/article/election-security-cisa-2026-secretaries-state-midterms-6d18799c6c5fdd1bc001544b2dca12bf
http://www.memeorandum.com/251123/p21#a251123p21

Georgia arrests ex-spy chief over alleged protection of scam call centers https://therecord.media/republic-of-georgia-former-spy-chief-arrested-scam-centers

President Donald Trump signs law strengthening stadium security against drones https://www.nytimes.com/athletic/6903655/2025/12/19/trump-drone-law-stadium-security/

"These deals represent the corporate capture of the UK state including, our cloud capacity, National Health Service, and now our military establishment...
Starmer’s inability to speak the truth is not diplomacy. It’s evidence." @…

Peter Thiel's New Model Army
The Palantirisation of the UK military is a national security disaster

Two explosions targeted a railway line that connects Poland and Ukraine. Prime Minister Tusk is calling these attacks “an unprecedented act of sabotage aimed at the security of the Polish state and its citizens.”
[@… on Bluesky]

If you have a problem with secureblue being open and honest, we’re not the same.
"secureblue is for those whose first priority is using Linux, and second priority is security. secureblue does not claim to be the most secure option available on the desktop. We are limited in that regard by the current state of desktop Linux standardization, tooling, and upstream security development. What we aim for instead is to be the most secure option for those who already intend to use Linux. …

Kimi Onoda, Japan's new Minister of State for Economic Security, is a 43 year old half-Irish ex-game industry PR femcel with an extensive history of defending her exclusive attraction to anime boys on twitter

Amazon Threat Intelligence observed sustained targeting of global infrastructure between 2021-2025, with particular focus on the energy sector, by Russian state-sponsored threat actors.
https://aws.amazon.com/blogs/security/

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined. This tactical adaptation enables the same […]

For more than a decade, Russia’s so-called #probiv market
– a term derived from the verb
“to pierce” or
“to punch into a search bar”
– has operated as a parallel information economy built on a network of corrupt officials,
traffic police,
bank employees and l
ow-level security staff willing to sell access to restricted government or corporate databases.
While l…

> In this case, the state-owned Sanchar Saathi app is already available on the App Store and Google Play Store, but this order would make it mandatory and prevent it from being disabled or deleted.
https://www.theverge.com/news/834998/india-sanchar-saathi…

India is ordering Apple and other phone makers to preinstall a state-owned app
Apple, Samsung, Oppo, and other manufacturers are being ordered to preload the state-backed Sanchar Saathi security app on all new phones sold in India.

In the closing days of the Biden administration, deputy national security adviser for cyber and emerging technology Anne Neuberger warned,
“China is targeting critical infrastructure in the United States.”

That sounds like the sort of thing the U.S. government might want to do something about.
But apparently not;
On Dec. 3, the Financial Times reported that the Trump administration had
“halted plans to impose sanctions on China’s Ministry of State Security

What Trump lets China do for buying U.S. soybeans
The president is buddy-buddy with Xi and won’t let cyberattacks or saber-rattling get in the way.

"Two members of Elon Musk’s DOGE team working at the Social Security Administration were secretly in touch with an advocacy group seeking to “overturn election results in certain states,” and one signed an agreement that may have involved using Social Security data to match state voter rolls."

#RedHat Enterprise #Linux 10.1 is out. It among others brings:
* Soft-reboots. This new systemd capability cuts downtime by letting administrators alter system state without fully rebooting.
* Reproducible builds for container tools in image mode.
* Cloud-crossing consistency w…

🎅 🌲 💫
Weihnachtlich erstrahlen Gassen
Auf zum Einkauf hasten Massen
Drinnen leuchten Kerzen hell
Nur Systemadministratoren
Lauschen bang dem Netz-Rumoren
Horch! Es naht #React2Shell!

China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components has a maximum Common Vulnerability Scoring System (CVSS) score of 10.0 and affects React versions […]

Markus Frohnmaier was among some ‌20 state, federal and EU lawmakers from the far-right Alternative for Germany party to attend the annual black-tie gala hosted by the New York Young Republican ‌Club.
Buoyed by the new U.S. security strategy that praises Europe's far-right parties,
the senior German lawmaker called for an alliance between U.S. and German nationalist parties

German far-right lawmaker calls for US-German nationalist alliance at MAGA gala
By Hussein Waaile and Sarah Marsh NEW YORK/BERLIN, Dec 14 (Reuters) - A senior German far-right lawmaker called for an alliance between U.S. and German...

On Dynamic Programming Theory for Leader-Follower Stochastic Games
Jilles Steeve Dibangoye, Thibaut Le Marre, Ocan Sankur, Fran\c{c}ois Schwarzentruber
https://arxiv.org/abs/2512.05667 https://arxiv.org/pdf/2512.05667 https://arxiv.org/html/2512.05667
arXiv:2512.05667v1 Announce Type: new
Abstract: Leader-follower general-sum stochastic games (LF-GSSGs) model sequential decision-making under asymmetric commitment, where a leader commits to a policy and a follower best responds, yielding a strong Stackelberg equilibrium (SSE) with leader-favourable tie-breaking. This paper introduces a dynamic programming (DP) framework that applies Bellman recursion over credible sets-state abstractions formally representing all rational follower best responses under partial leader commitments-to compute SSEs. We first prove that any LF-GSSG admits a lossless reduction to a Markov decision process (MDP) over credible sets. We further establish that synthesising an optimal memoryless deterministic leader policy is NP-hard, motivating the development of {\epsilon}-optimal DP algorithms with provable guarantees on leader exploitability. Experiments on standard mixed-motive benchmarks-including security games, resource allocation, and adversarial planning-demonstrate empirical gains in leader value and runtime scalability over state-of-the-art methods.
toXiv_bot_toot

Check out today's Metacurity for the critical infosec developments you should know, including
--European authorities dismantle the Cryptomixer service,
--Indian government wants smartphone makers to preload state-owned security app,
--Indian government wants to bar comms apps from working on SIM-less devices,
--Korea launches probe into Coupang breach and threatens punitive damages,
--DPRK hackers target S. Koreans with fake tax invoices,
--Malware-laden…

European authorities dismantle the Cryptomixer service that laundered illicit Bitcoin
Indian government wants smartphone makers to preload state-owned security app, Indian government wants to bar comms apps from working on SIM-less devices, Korea launches probe into Coupang breach and threatens punitive damages, DPRK hackers target S. Koreans with fake tax invoices, much more

The United States has urged its citizens to 👉leave Venezuela immediately
amid reports that ⚠️armed paramilitaries are trying to track down US citizens,
one week after the capture of the South American country’s president, Nicolšs Maduro.
In a security alert sent out on Saturday,
the state department said there were reports of armed members of pro-regime militias,
known as #colectivos

MI5 warns of Chinese spies using LinkedIn to gain intel on lawmakers https://therecord.media/mi5-warns-chinese-spies-using-linkedin-lawmakers

https://www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
Sandworm hackers use data wipers to disrupt Ukraine's grain sector

Sandworm hackers use data wipers to disrupt Ukraine's grain sector
Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine's education, government, and the grain sector, the country's main revenue source.

Until now, Social Security disability benefits got easier to qualify for as a person reached 50 and above. The Trump plan would end that.

New Work World: The administration contends that injured laborers have more access to technology and more nonphysical job options than in the past.

Red State Blues: Under the plan, millions — particularly in states that voted for Trump — could find it more difficult to qualify for disability benefits in the future.

Red State Workers Could Lose Out on Disability Benefits as Trump Administration Rewrites Eligibility Rules
Planned changes to Social Security’s disability program could leave hundreds of thousands of older blue-collar workers ineligible for aid. These changes would fall disproportionately on some of President Trump’s most loyal supporters.

The Department of Homeland Security (DHS) announced it had started an immigration enforcement operation in New Orleans today.
The department said the offensively titled "Operation Catahoula Crunch"
would target
“criminal illegal aliens roaming free thanks to sanctuary policies”.
New Orleans is the latest Democratic-run city (albeit in a Republican-led state) to see federal immigration agents on its streets.
Most recently, the Trump administrationtargete…

It is always disturbing when MAGA politicians go off halfcocked about socialism.
Here are some of the “radical left” socialist programs that Warner must be complaining about:
Medicare
Medicaid
The Affordable Care Act
Social Security
SNAP (food stamps)
Meals on Wheels and Office of Aging services
Every single one of these programs was once characterized by right-wing politicians as a
“socialist program.”

This MAGA politician's disturbing rant shows a party hellbent on hurting its own
“It is hard to watch other states and cities across our nation leap toward socialism… Let’s keep our state moving forward by always rejecting the falsehoods sold by the radical left.” — Secretary of State Kris Warner, Facebook post, November 5, 2025. Although I should be accustomed to it, it is alw...

https://www.richardsilverstein.com/2025/12/30/iranian-hackers-break-cell-phone-of-scandal-plagued-netanyahu-aide/
Israeli hacking group Handala exposed dozens of names and phone numbers of Israel’s security detail …

Iranian Hackers Break Cell Phone of Scandal-Plagued Netanyahu Aide – Tikun Olam תיקון עולם إصلاح العالم
Exposing secrets of the Israeli national security state

The largest #protests in #Iran for three years entered a fifth day on Thursday
amid reports of deadly clashes between protesters and security forces,
with state-affiliated media confirming at least two people had been #killed.…