Rapid7 Blog255IN STACK · 2026-04-08 13:39
FortiGate CVE-2025-59718 Exploitation: Incident Response Findings
Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving exploitation of CVE-2025-59718 against a vulnerable FortiGate appliance. In December 2025, Fortinet disclosed this improper verification of cryptographic signature vulnerability that facilitates an SSO login bypass on affected appliances. After the initial exploitation, the attackers maintained a low-profile posture, systematically compromising additional firewalls before moving to internal network hosts. Ul...
Simon Willison65 · 2026-04-08 23:07
Meta's new model is Muse Spark, and meta.ai chat has some interesting tools
Meta announced Muse Spark today, their first model release since Llama 4 almost exactly a year ago . It's hosted, not open weights, and the API is currently "a private API preview to select users", but you can try it out today on meta.ai (Facebook or Instagram login required). Meta's self-reported benchmarks show it competitive with Opus 4.6, Gemini 3.1 Pro, and GPT 5.4 on selected benchmarks, though notably behind on Terminal-Bench 2.0. Meta themselves say they "continue to invest in areas w...
Deeplinks14 · 2026-04-08 08:22
Digital Hopes, Real Power: How the Arab Spring Fueled a Global Surveillance Boom
This is the third installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings. You can read the first post here , and the second here . When people recall the 2011 uprisings across the Middle East and North Africa (MENA), they often picture crowded squares, raised phones, and the feeling that the internet had finally shifted the balance of power toward ordinary people. But the past decade and a half is also a story about how governments, companies, and plat...
Graham Cluley11 · 2026-04-08 23:27
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you're job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, California's crypto millionaires are learning that no amount of encryption can protect you from someone who knocks on your door pretending to deliver a pizza. All this and more in episode 462 of the “Smashing Security”...
Deeplinks8 · 2026-04-08 19:24
Banning New Foreign Routers Mistargets Products to Fix Real Problem
On March 23, the FCC issued an update to their Covered List, a list of equipment banned from obtaining regulatory approval necessary for U.S. sale (and thus effectively a ban on sale of new devices), to include all new routers produced in foreign countries unless they are specifically given an exception by the Department of Defense (DoD) or DHS. The Commission cited “security gaps in foreign-made routers” leading to widespread cyberattacks as justification for the ban, mentioning the high-pro...