{"id":36157,"date":"2026-06-21T13:32:05","date_gmt":"2026-06-21T20:32:05","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=36157"},"modified":"2026-06-21T13:32:05","modified_gmt":"2026-06-21T20:32:05","slug":"sb-2026-06-21","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2026\/06\/sb-2026-06-21\/","title":{"rendered":"Security Bits \u2014 21 June 2026"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Some notable anecdotes to illustrate why Bart and Allison are so cautious about agentic AI:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/meta-ai-support-data-breach-affects-20-000-instagram-accounts\/\">Over 20,000 Instagram accounts stolen in Meta AI support hack \u2014 www.bleepingcomputer.com\/\u2026<\/a> (An agentic support agent could be easily talked into resetting passwords without proof of account ownership!)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/openclaw-ai-agent-found-falling-for-phishing-attacks-spills-user-data\/\">OpenClaw AI agent found falling for phishing attacks, spills user data \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Agents can be phished too \ud83d\ude15)<\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2026\/06\/new-attacks-trick-openclaw-ai-agent.html\">New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets \u2014 thehackernews.com\/\u2026<\/a> (Patched, but there are many more where those came from!)<\/li>\n<\/ul>\n<\/li>\n<li>An interesting new variant of the supply chain attacks that are compromising so many sites at the moment: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack\/\">OptinMonster WordPress plugin hacked in CDN supply-chain attack \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>No malicious code was secretly added into a software update this time!<\/li>\n<li>Malicious code secretly added to web-hosted JavaScript code the company&#8217;s plugins loaded<\/li>\n<li>A single attack compromising multiple plugins!<\/li>\n<li>Vendor needed to fix their hosted code, but site owners didn&#8217;t need to patch anything<\/li>\n<li>Site owners are advised to check their sites for unauthorised admin accounts.<\/li>\n<\/ul>\n<\/li>\n<li>A useful response to the embarrassing VSCode store supply-chain hack of GitGub discussed last time: <a href=\"https:\/\/thehackernews.com\/2026\/06\/vs-code-adds-2-hour-extension-auto.html\">VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks \u2014 thehackernews.com\/\u2026<\/a> (A good first step, but much more needed!)<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/whatsapp-says-it-caught-nso-attempting-to-spy-on-users-again\/\">WhatsApp says it caught NSO attempting to spy on users again \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<li>\ud83c\uddec\ud83c\udde7 More strong criticism of misguided UK plans:\n<ul>\n<li><a href=\"https:\/\/cyberinsider.com\/signal-and-mullvad-warn-about-the-uks-plans-to-scan-peoples-phones\/\">Signal and Mullvad warn about the UK\u2019s plans to scan people\u2019s phones \u2014 cyberinsider.com\/\u2026<\/a> (to detect nudes on kids\u2019 phones)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/uk-to-require-id-or-face-scan-before-you-can-make-social-media-accounts\/\">UK to require ID or face scan before you can make social media accounts \u2014 www.bleepingcomputer.com\/\u2026<\/a> (to facilitate a social media ban for kids)<\/li>\n<li><strong>Related:<\/strong> Apple announced a big overhaul of parental controls for their \uf8ffOS 27 variants that are very much aimed at empowering parents rather than replacing them \u2014 <a href=\"https:\/\/www.macobserver.com\/tips\/round-ups\/ios-27-apples-child-safety-overhaul-everything-announced\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Apple have explained exactly how their Terminal click-fix protections work: <a href=\"https:\/\/support.apple.com\/en-us\/127377\">If your Mac blocks a Terminal command paste or script \u2014 \ud83d\udce3 Apple PR<\/a>\n<ul>\n<li>Interesting that they&#8217;re not targeting all the warnings at regular Terminal users, but focusing on users that rarely use the Terminal app \u2014 clever way to avoid alert fatigue<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\udde8\ud83c\udde6 Some good news from Canada for a change: <a href=\"https:\/\/cyberinsider.com\/canada-introduces-privacy-law-with-gdpr-like-penalties-for-data-breaches\/\">Canada introduces privacy law with GDPR-like penalties for data breaches \u2014 cyberinsider.com\/\u2026<\/a> (The start of the legislative process, not the end)<\/li>\n<\/ul>\n<h2>Listener Questions<\/h2>\n<aside class=\"small-aside\">Submit your questions for future shows to Allison using the contact details at the end of the show, or post them in the <em>security-bits<\/em> channel in the <a href=\"https:\/\/podfeet.com\/slack\" target=\"_blank\">Podfeet Slack<\/a>.<\/aside>\n<h3><strong>A tip from Joop<\/strong><\/h3>\n<p>This is not actually a listener question, but I&#8217;m gonna bend the rules a little \ud83d\ude42<\/p>\n<p>Nosillacastaway Joop asked if I&#8217;d seen the new open source iOS app <a href=\"https:\/\/cyberinsider.com\/new-open-source-app-loupe-reveals-how-iphones-are-fingerprinted\/\">Loupe<\/a>, which shows all the data your iPhone makes available to apps (I had, but hadn&#8217;t taken the time to actually install it yet).<\/p>\n<p>Inspired by Joop&#8217;s reminder, I installed it immediately and started exploring!<\/p>\n<p>The app is free and open source, and extremely transparent about what it does and how it does it, and with good reason! The information it reveals is more than a little thought-provoking!<\/p>\n<p>What the app does is show you every piece of information every iOS API makes available to apps installed on your device. Both the information apps can access without permission promts, and then with permission prompts.<\/p>\n<p>The information is grouped by category, and by permission prompt, making it clear what extra information each prompt is protecting.<\/p>\n<p>After spending quite some time exploring what the apps I choose to install onto my phone can  access (if their developers choose to call the relevant APIs), I have some thoughts!<\/p>\n<ol>\n<li>Those annoying prompts are really important, they are protecting some very sensitive data!<\/li>\n<li>Apple have done their best to limit the data available to apps without additional permission to just what&#8217;s needed to facilitate the kinds of rich apps we expect on our iPhones. There was nothing that made me think <em>&#8220;why on earth would you expose that!&#8221;<\/em><\/li>\n<li>The information available without additional permissions is directly concerning from a privacy point of view \u2014 there&#8217;s no way for developers to directly link your phone to you, the person.<\/li>\n<li><em>However<\/em>, when you collect all the individually innocuous data points together, you can build a robust fingerprint, enough to be used as a so-called <em>super cookie<\/em> by unscrupulous developers. could sell to data brokers who could then start connecting the dots across every unscrupulous app you have installed!\n<ul>\n<li>The risk from these fingerprints generally doesn&#8217;t come from an individual developer using it to join the dots between your activities on two of their apps (there are simpler, more direct ways of doing that, like having you log in with the same account!)<\/li>\n<li>The risk comes from data brokers and ad networks paying developers to share your data with them. This is how free apps generate income!<\/li>\n<\/ul>\n<\/li>\n<li>The information being exposed without granting extra permissions is absolutely <em>anonymous<\/em>, so when you read an App Store nutrition label, and it says the app sends data <em>&#8220;not associated with you&#8221;<\/em>, it&#8217;s almost certainly sending a fingerprint to one or more data brokers as a revenue source!<\/li>\n<li>All ad-powered apps and many ad-free free apps declare that they share anonymous information \u2014 that&#8217;s how they monetise their otherwise free apps!<\/li>\n<\/ol>\n<p>Thinking about it for just a few seconds, I could see immediately that I have a very unique fingerprint from these utterly sensible and innocuous data points! Apps on my phone can see that I have three keyboard languages installed \u2014 <code>en-IE<\/code>, <code>nl-IE<\/code>, and <code>ga-IE<\/code> (English, Dutch, and Irish with an Irish keyboard layout), and that my preferred locale for number and currency formatting is  <code>IE<\/code> (Ireland). Other API calls reveal to apps that I&#8217;m currently using an orange iPhone 17 Pro Max with a specific disk capacity, and my current IP address, sampled over time, reveals that I spend most of my time on educational and residential ISPs in the greater Dublin area. How many Irish Orange iPhone 17 Pro Maxes with my storage capacity are there with those language preferences? I&#8217;d be prepared to wager there&#8217;s exactly one, mine!<\/p>\n<p>There are hundreds of data points. I stand out because of my language preferences, but somewhere, in all those individually mundane data points, we&#8217;re all a little bit unusual in our own ways! For example \u2014 accessibility features only work well when apps obey them, so the APIs have to reveal your current settings in terms of contrast, animation level, font size, and so on. Of the people who enable at least one accessibility feature, you can rest (un)assured that few other people who share your ISP pattern have exactly those settings!<\/p>\n<p>Do you have even one custom font installed?<\/p>\n<p>I could go on, but you get the idea!<\/p>\n<p>Great apps need these APIs, so Apple have done as much as it is possible to do, but nothing Apple do can change the reality that installing an app is an act of trust!<\/p>\n<p>All in all, this little peek under the covers confirms my strong belief that the only way to avoid being tracked is to follow the money, read those nutrition labels, and pay for apps and services with your money rather than your privacy!<\/p>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/cyberinsider.com\/google-chrome-emergency-update-fixes-actively-exploited-flaw-in-v8\/\">Google Chrome emergency update fixes actively exploited flaw in V8 \u2014 cyberinsider.com\/\u2026<\/a> (all platforms, and technical details withheld to give users time to patch)<\/li>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2026\/06\/a-record-breaking-patch-tuesday-for-june-2026\/\">A Record-Breaking Patch Tuesday for June 2026 \u2014 krebsonsecurity.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-june-2026-patch-tuesday-fixes-3-zero-day-200-flaws\/\">Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Microsoft&#8217;s nemesis strikes again with another <strong>two<\/strong> zero-days irresponsibly published right after Patch Tuesday<\/li>\n<li><em>RoguePlanet<\/em>, a local privilege escalation flaw in Defender \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-defender-rogueplanet-zero-day-grants-system-privileges\/\">www.bleepingcomputer.com\/\u2026<\/a> (not catastrophic since malicious code needs to get into your device to abuse this kind of bug, but bad)\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-working-on-defender-patch-for-rogueplanet-zero-day\/\">Microsoft working on Defender patch for RoguePlanet zero-day \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><em>GreatXML<\/em>, another BitLocker full disk encryption bypass \u2014 <a href=\"https:\/\/thehackernews.com\/2026\/06\/new-greatxml-exploit-bypasses-windows.html\">thehackernews.com\/\u2026<\/a> (Like his previous BitLocker flaws, this does not break the encryption, and it requires physical access to the unlocked drive, so not relevant to regular NosillaCastaways)<\/li>\n<\/ul>\n<\/li>\n<li>\u26a0\ufe0f <strong>Beats Studio Buds Users:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/apple-fixes-beats-studio-buds-flaw-that-let-hackers-spy-on-conversations\/\">Apple fixes Beats Studio Buds flaw that let hackers spy on conversations \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\u26a0\ufe0f <strong>NGINX users:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities\/\">F5 issues out-of-band patches for critical NGINX vulnerabilities \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Patchy-patchy-patch-patch!)<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>\u26a0\ufe0f <strong>Facebook Users:<\/strong> <a href=\"https:\/\/thehackernews.com\/2026\/06\/meta-to-use-off-site-business-data-for.html\">Meta to Use Off-Site Business Data for Feed and AI Personalization \u2014 thehackernews.com\/\u2026<\/a> (The torrent of data web stores, websites, and apps get paid to send Meta about everything Facebook users do across those participating sites, including purchases, will be fed into their LLM training data \u2014 maybe a worthy <em>final straw<\/em>?)<\/li>\n<li>\u26a0\ufe0f <strong>Apple App Store Users:<\/strong> <a href=\"https:\/\/www.macobserver.com\/news\/researchers-say-apple-records-every-tap-you-make-in-the-app-store\/\">Researchers Say Apple Records Every Tap You Make in the App Store \u2014 www.macobserver.com\/\u2026<\/a> (apparently part of Apple&#8217;s personal suggestions feature, and not for targeted ads, but nonetheless, very off-brand for Apple \ud83d\ude41)<\/li>\n<li>\u26bd <strong>Soccer Fans:<\/strong> A good topic-specific warning about the kinds of scams fans need to be aware of: <a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-avoid-world-cup-scams\/\">How to Avoid World Cup Scams, Fake Streams &amp; Phishing \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><strong>Firefox AI Plugin Users:<\/strong> <a href=\"https:\/\/cyberinsider.com\/firefox-ai-chatbot-feature-exposed-users-to-email-theft-risk\/\">Firefox AI Chatbot feature exposed users to email theft risk \u2014 cyberinsider.com\/\u2026<\/a> (Problem with the API the browser provides for all AI plugins to use, and current <em>fix<\/em> is not really a fix, just a crude workaround)<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 \u26a0\ufe0f <strong>US-based Heart Patients:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/irhythm-discloses-data-breach-says-hackers-stole-patient-info\/\">iRhythm discloses data breach, says hackers stole patient info \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<strong>Very<\/strong> sensitive data, and the company are not being communicative \ud83d\ude41)<\/li>\n<li>\ud83c\uddec\ud83c\udde7 \ud83c\uddea\ud83c\uddfa <strong>Google Users:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-to-use-uk-and-eu-user-ip-addresses-for-ad-personalization\/\">Google to use UK and EU user IP addresses for ad personalization \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<strong>Reminder:<\/strong> if you value your privacy, you can buy high-quality privacy-protecting search from <a href=\"https:\/\/kagi.com\/\">Kagi<\/a>!)<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>There&#8217;s a lot of misunderstanding about just how Siri AI will integrate with Gemini, and I&#8217;m hearing poorly informed people wrongly say Apple are giving up on their privacy focus; that couldn&#8217;t be more wrong \u2014 <a href=\"https:\/\/cyberinsider.com\/apple-intelligence-expands-to-google-infrastructure-with-privacy-safeguards\/\">cyberinsider.com\/\u2026<\/a><\/li>\n<li>Apple will unify the email domains used by Sign in with Apple and iCloud+ Hide My Email under the\u00a0<code>private.icloud.com<\/code> domain \u2014 <a href=\"https:\/\/developer.apple.com\/news\/?id=sus6t6ab\">developer.apple.com\/\u2026<\/a>\n<ul>\n<li>This will make it possible for unscrupulous websites to deny the use of Apple&#8217;s anonymous email addresses.<\/li>\n<li>I agree with John Gruber that this is not a bad thing. Any site that does that is clearly the kind of site you want to avoid \u2014 <a href=\"https:\/\/daringfireball.net\/linked\/2026\/06\/18\/new-domain-for-signinwithapple-and-icloudhidemyemail\">daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/26\/06\/18\/a12-a13-apple-devices-face-an-unpatchable-securerom-vulnerability\">A12 &amp; A13 Apple devices face an unpatchable SecureROM vulnerability \u2014 appleinsider.com\/\u2026<\/a>\n<ul>\n<li>This bug requires physical access and booting the phone into recovery mode, but it bypasses secure boot, allowing unsigned and modified OSes to boot on these devices.<\/li>\n<li>For typical NosillaCastaways, this is not a security concern, but high-risk users can no longer use these older devices.<\/li>\n<li>The most notable thing about these bugs is that they provide a permanent jailbreaking opportunity.<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/cyberinsider.com\/proton-vpn-passes-no-logs-audit-that-found-no-user-activity-retention\/\">Proton VPN passes no-logs audit that found no user activity retention \u2014 cyberinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>A good first-hand report on what Anthropic Mythos can and can&#8217;t do: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/xbow-tests-anthropics-mythos-preview-for-offensive-security\/\">XBOW tests Anthropic&#8217;s Mythos Preview for offensive security \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Just Because it&#8217;s Cool \ud83d\ude0e<\/h2>\n<aside class=\"small-aside\">Stories that are not important, that don&#8217;t require you to do anything, and that you don&#8217;t even have to worry about.<\/aside>\n<ul>\n<li>\ud83c\udfa7 Hear a security researcher tell the fascinating tale of how Stuxnet and Fast16 sabotaged Iran&#8217;s centrifuges and nuclear calculations: <a href=\"https:\/\/www.npr.org\/2026\/06\/17\/nx-s1-5859441\/computer-malware-security-iran-stuxnet-fast16\">Planet Money: Can computer hackers get inside your mind? \u2014 www.npr.org\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong>\n<ul>\n<li>\ud83d\uddbc\ufe0f <a href=\"https:\/\/apod.nasa.gov\/apod\/ap260615.html\">NASA Astronomy Picture of the Day for 15 June 2026: Triple Shockwave from Sun Crossing Rocket \u2014 apod.nasa.gov\/\u2026<\/a><\/li>\n<li>\ud83c\udfa7 Some of my favourite podcasts and podcasters are producing amazing content to celebrate the 250th anniversary of the US Declaration of Independence:<\/li>\n<li>The <a href=\"https:\/\/shows.acast.com\/originallegacy\">Legacy podcast<\/a> from the UK did an excellent series on the so-called <em>founding fathers<\/em>, and expanded the concept to the <em>founding mothers<\/em>. There are amazing episodes making up the mini-series both before and after this recommended one: <a href=\"https:\/\/overcast.fm\/+ABSdOTH24xY\">Legacy: 1776 &#8211; The Founding Mothers \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>99% Invisible is partnering with the BBC to tell the story of America through 100 objects \u2014 <a href=\"https:\/\/99percentinvisible.org\/100-objects\/\">99percentinvisible.org\/\u2026<\/a><\/li>\n<li>Malcolm Gladwell is partnering with President Obama to re-examine the story of the Reconstruction era: <a href=\"https:\/\/overcast.fm\/+ABW9QxLrP_k\">Reconstruction: The Unfinished Promise: Prologue- Malcolm Gladwell and President Obama \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>\ud83c\udfa6 The Fascinating Story of the Victorian Mechanical Computers that still keep many British railways running safely: <a href=\"https:\/\/youtube.com\/watch?v=omYfLDlt-MA&#038;is=Y5hN5Bk1kual8oya\">Why do some British trains still rely on old levers? \u2014 youtube.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Some notable anecdotes to illustrate why Bart and Allison are so cautious about agentic AI: Over 20,000 Instagram accounts stolen in Meta AI support hack \u2014 www.bleepingcomputer.com\/\u2026 (An agentic support agent could be easily [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[147,214],"tags":[65,233,2079,114,50,569,7067],"class_list":["post-36157","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-exploit","tag-microsoft","tag-patch","tag-privacy","tag-security","tag-security-bits","tag-zero-day-2"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/36157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=36157"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/36157\/revisions"}],"predecessor-version":[{"id":36158,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/36157\/revisions\/36158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=36157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=36157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=36157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}