2025.12.15 13:36:50 (Mastodon 115723849595618649, Twitter 2000560696392839347) from Daniel J. Bernstein:
Posted a fast demo https://cr.yp.to/2025/20251215-recover-isc-key.c for CVE-2025-40780, where https://gitlab.isc.org/isc-projects/bind9/-/commit/6876753c7ccd67d445a6a2341219fe79cff6c77f says it was "discovered during research for an upcoming academic paper" that BIND's ID RNG is predictable. The attack is easy; what's interesting is why such a poor RNG ended up deployed.