Python and crypto-strength random numbers by default

This paper describes reverse-engineering a malicious worm by watching a /8 to see which IPs the worm probed. From there, they determined PRNG state and seeds, and used that to deduce everything from the system uptime and disk count of the infected hosts, to tracking down the "patient zero" computer where the worm started:
http://www.icir.org/vern/papers/witty-imc05.pdf

This paper describes PRNG attacks and has some real-world examples of a many PHP applications with PRNGs that were vulnerable in some form. It seems like the most frequent attack is in things like password reset tokens: request a password reset yourself, check your email and figure out the server's PRNG state, request a password reset for your victim, and use the known PRNG state to predict their token:
https://media.blackhat.com/bh-us-12/Briefings/Argyros/BH_...

This page describes an online betting-type game where the attacker was able to predict results from previous ones:
http://jonasnick.github.io/blog/2015/07/08/exploiting-csg...

These slides describe an attack on WPS that involves figuring out the PRNG state (slide 15):
http://www.slideshare.net/0xcite/offline-bruteforce-attac...