Tootfinder

CISA gives federal agencies one week to patch exploited Fortinet bug https://therecord.media/fortinet-fortiweb-vulnerability-cisa-advisory

Apparemment qu’un réseau de bots Russe a utilisé plusieurs serveurs mastodon incluant qlub.social pour diffuser de la propagande. C’est sorti y’a 1 mois, j’ai totalement manqué ça.
https://bsky.app/profile/antibot4navalny.bsky.social/post/3m2225xo3zs25

Inside First Wap, a European-led phone tracking company in Indonesia that has exploited the SS7 telecom protocol to target politicians, journalists, and others (Mother Jones)
https://www.motherjones.com/politics/2025/

The surveillance empire that tracked world leaders, a Vatican enemy, and maybe you
Inside the hidden world of First Wap, whose untraceable tech has targeted politicians, journalists, celebrities, and activists around the globe.

Only one day left in a very news-heavy work week, so don't miss today's Metacurity for the crucial cybersecurity news you should know, including
--Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium,
--DC US Attorney launches investigation into crypto scams,
--APT exploited Citrix Bleed2 flaws in Cisco ISE,
--CISA orders patching of Cisco ASA and Firepower devices,
--Extremist group 764 member faces charges related to online child exploitatio…

Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium
DC US Attorney launches investigation into crypto scams, APT exploited Citrix Bleed2 flaws in Cisco ISE, CISA orders patching of Cisco ASA and Firepower devices, Extremist group 764 member faces charges related to online child exploitation, Musk fumbles X security key switchover, much more

Apple and Google have released several software updates
to protect against a hacking campaign targeting an unknown number of their users.
On Wednesday, Google released patches for a handful of security bugs in its Chrome browser,
-- noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. 
Unusually for Google, the company provided no further details at the time.  But on Friday, Google updated the page to say that t…

Google and Apple roll out emergency security updates after zero-day attacks | TechCrunch
Apple released patches for all of its flagship devices to fix security flaws under attack. Google also updated Chrome to remediate one vulnerability exploited in the attacks.

CoLF Logic Programming as Infinitary Proof Exploration
Zhibo Chen (Carnegie Mellon University), Frank Pfenning (Carnegie Mellon University)
https://arxiv.org/abs/2510.12302 http…

CoLF Logic Programming as Infinitary Proof Exploration
Logical Frameworks such as Automath [de Bruijn, 1968] or LF [Harper et al., 1993] were originally conceived as metalanguages for the specification of foundationally uncommitted deductive systems, yielding generic proof checkers. Their high level of abstraction was soon exploited to also express algorithms over deductive systems such as theorem provers, type-checkers, evaluators, compilers, proof transformers, etc. in the paradigm of computation-as-proof-construction. This has been realized in l…

BlackIce: A Containerized Red Teaming Toolkit for AI Security Testing
Caelin Kaplan, Alexander Warnecke, Neil Archibald
https://arxiv.org/abs/2510.11823 https://

BlackIce: A Containerized Red Teaming Toolkit for AI Security Testing
AI models are being increasingly integrated into real-world systems, raising significant concerns about their safety and security. Consequently, AI red teaming has become essential for organizations to proactively identify and address vulnerabilities before they can be exploited by adversaries. While numerous AI red teaming tools currently exist, practitioners face challenges in selecting the most appropriate tools from a rapidly expanding landscape, as well as managing complex and frequently c…

Follow-the-Perturbed-Leader for Decoupled Bandits: Best-of-Both-Worlds and Practicality
Chaiwon Kim, Jongyeong Lee, Min-hwan Oh
https://arxiv.org/abs/2510.12152 https://

Follow-the-Perturbed-Leader for Decoupled Bandits: Best-of-Both-Worlds and Practicality
We study the decoupled multi-armed bandit (MAB) problem, where the learner selects one arm for exploration and one arm for exploitation in each round. The loss of the explored arm is observed but not counted, while the loss of the exploited arm is incurred without being observed. We propose a policy within the Follow-the-Perturbed-Leader (FTPL) framework using Pareto perturbations. Our policy achieves (near-)optimal regret regardless of the environment, i.e., Best-of-Both-Worlds (BOBW): constan…

FTC orders crypto platform Nomad to distribute $37.5 million after 2022 theft https://therecord.media/ftc-settlement-nomad-platform-return-customers-cryptocurrency

DeFi protocol Balancer says its V2 Composable Stable Pools suffered an exploit, which security experts estimate resulted in total losses worth about $128M (Ryan S. Gladwin/Decrypt)
https://decrypt.co/347173/balancer-exploited-128-million-across…

Balancer Exploited for $128 Million Across Ethereum Chains as Berachain Halts Network
Some $128 million in crypto was stolen from Balancer liquidity pools on Ethereum and beyond, with Berachain halting its chain as a result.