Feedback & Followups
- A good example of why Bart has been going on and on about secret management in recent conversations with Allison: Massive GitLab scan finds 17,000+ valid secrets in public repositories — cyberinsider.com/…
- A nice illustration of why Agentic browsers are just not safe to use today: Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails — thehackernews.com/…
- We told you about Google scanning Gmail and other services to train its AI. Malwarebytes updated their story on this, explaining that they misunderstood the new wording from Google, and they are not training their AI on your Gmail: [Correction] Gmail can read your emails and attachments to power “smart features” | Malwarebytes
❗ Action Alerts
- Google fixes two actively exploited Android zero-days in December 2025 security update — cyberinsider.com/… (107 fixes in total)
- ⚠️ Android TV Users of SmartTube: SmartTube YouTube app for Android TV breached to push malicious update — www.bleepingcomputer.com/…
- “Until the developer transparently discloses all points publicly in a detailed post-mortem, users are recommended to stay on older, known-to-be-safe builds, avoid logging in with premium accounts, and turn off auto-updates.”
- The lede story on this SANS Internet Stormcast episode adds an interesting detail – the malware protections Google have been incorporating into the Google Play Services (so they can be updated by Google independently of Device manufacturers providing OS updates) appear to be working, because users got notifications that the app appeared to be malicious — overcast.fm/…
- ⚠️ ASUS Users: ASUS patches critical vulnerabilities in routers and PC software — cyberinsider.com/…
- ASUSWRT router firmware
- MyASUS app on PCs
Worthy Warnings
- Another deviously clever ClickFix evolution – abusing full-screen browser windows to display convincing Windows Update messages with dangerous instructions — www.bleepingcomputer.com/…
- Don’t paste important code into online prettifier tools, no matter how important the presentation you’re preparing is: Code beautifiers expose credentials from banks, govt, tech orgs — www.bleepingcomputer.com/…
- Yet another good example of why Bart has been going on and on about secret management in recent conversations with Allison
- 🇺🇸 FBI warns of virtual kidnapping scams using altered social media photos — www.bleepingcomputer.com/… (more AI-powered chicanery 🙁)
Notable News
- 🇪🇺 A nice reminder that there is no such thing as a verified X account: EU fines X $140 million over deceptive blue checkmarks — www.bleepingcomputer.com/…
- X are also in trouble for their opaque advertising database, and their blocking of researchers’ access to public data.
- This is the result of a Digital Services Act (DSA) investigation into the effectiveness of X’s measures to combat information manipulation and the dissemination of illegal content.
- 🇺🇸 Google expands Android scam protection feature to Chase, Cash App in U.S. — www.bleepingcomputer.com/…
- This is a relatively new feature that warns users when dangerous patterns of behaviour are detected, like screen-sharing a financial app
- The cybersecurity company GreyNoise launches a free tester to check if your home network is housing any botnet conscripts — check.labs.greynoise.io/…
- A nice explanation: GreyNoise launches free scanner to check if you’re part of a botnet — www.bleepingcomputer.com/…
- Not a scanner, but a check against GreyNoise’s DB of IPs observed participating in botnets
- Two nice updates from the privacy-focused Swiss company Proton:
- Proton Pass CLI debuts for encrypted vault access in the terminal — cyberinsider.com/… (Nice follow-up to the latest Taming the Terminal!)
- Proton launches encrypted spreadsheet tool Proton Sheets — cyberinsider.com/… (An End-to-End-Encrypted Google Sheets alternative)
Top Tips
- Cybersecurity Best Practices: Essential Tips for Modern Mac Security — www.intego.com/… (Lots of great advice and minimal up-sell for Intego products)
Palate Cleansers
- From Bart: this made me cry, in the good way — we love the nerd jokes on XKCD, but Randal Munroe is a true artist, and he shows it when he tackles major life issues: Fifteen Years — xkcd.com/…
- From Allison: With Alan Dye (responsible for Liquid Glass in Apple OSes 26) leaving to go to Meta, this gave me a good giggle: chaos.social/@podfeet…
Legend
When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| 🎧 | A link to audio content, probably a podcast. |
| ❗ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| 📊 | A link to graphical content, probably a chart, graph, or diagram. |
| 🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
| 💵 | A link to an article behind a paywall. |
| 📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| 🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |
| 🎦 | A link to video content. |