Tootfinder

Is it just me or are those security vulnerablities in Citrix never stopping.... 🙄
https://securityaffairs.com/189908/security/citrix-netscaler-critical-flaw-could-leak-data-update-now.html

Citrix NetScaler critical flaw could leak data, update now - Security Affairs
Citrix warns of a critical NetScaler flaw (CVE-2026-3055) that could leak sensitive data; users are urged to apply security updates immediately.

iOS 26.4 und Co.: Das steckt an Sicherheitsverbesserungen in den Updates
Apple hat einmal mehr zahlreiche Sicherheitsprobleme in seinen Betriebssystemen behoben. Warum eine Aktualisierung gerade jetzt wichtig ist.

EU sichert sich Rohstoffe: Freihandelsabkommen mit Australien steht
Die EU und Australien haben ihre Verhandlungen über eine umfassende Handelspartnerschaft erfolgreich abgeschlossen und rücken damit auch technologisch zusammen.

This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-w…

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.
Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

This some pretty classic Google fail here.
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

More than 5,500 GitHub repositories were infected with malware in a supply chain attack, dubbed Megalodon, on May 18 that relies on automated commits (Ionut Arghire/SecurityWeek)
https://www.securityweek.com/over-5500-github-repositories-…

Over 5,500 GitHub Repositories Infected in 'Megalodon' Supply Chain Attack
The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

Simon & Schuster plans to release Bob Woodward's new memoir, Secrets, on September 29; Woodward says it will reveal stories about deceased sources (Mike Allen/Axios)
https://www.axios.com/2026/03/24/bob-woodward-plans-long-awaited-memoir-secr…

Scoop: Bob Woodward's memoir, "Secrets," to reveal stories about deceased "forever sources"
Bob Woodward's memoir, "Secrets," to reveal stories about deceased "forever sources"

This is cray cray
This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts
https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts/

This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts
WebinarTV hosts 200,000 “webinars.” A Zoom call you may thought was private might be one of them.

Vibe Coding Has a Security Problem, and Shipping Code You Do Not Understand Is Not a Strategy
AI-assisted coding is speeding up software development, but it is also making it easier to ship insecure defaults, weak access controls, poisoned dependencies, and code nobody on the team can confidently defend.
🧑‍💻

Vibe Coding Has a Security Problem, and Shipping Code You Do Not Understand Is Not a Strategy
AI-assisted coding is speeding up software development, but it is also making it easier to ship insecure defaults, weak access controls, poisoned dependencies, and code nobody on the team can confidently defend.

Mythos: von Anthropic: Schwachstellen-KI wirft neue Sicherheitsfragen auf
Ein neues KI-Modell zur Suche nach Schwachstellen sorgt für Aufsehen. Inzwischen wird die Frage gestellt, was Mythos für die Sicherheit hierzulande bedeutet.