NP++ breach is a great general reminder that "power utilities" favored by IT pros are highly targeted for both supply chain and malvertising/seo poisoning. Just because you are a tech pro doesn't make you immune from attack, it makes you highly targeted. Cyber pros missed it, watch your back

NP++ June-december 2025 supply chain, rumors turned out to be true.
notepad-plus-plus.org/news/hijacke...

www.bleepingcomputer.com/news/securit...

cyberplace.social/@GossiTheDog...

Read the full transcript of Carney’s speech to World Economic Forum - National | Globalnews.ca Prime Minister Mark Carney gave a forceful speech in Davos, Switzerland, on the 'new world order' and how middle powers like Canada can benefit by working together.

globalnews.ca/news/1162087...

Recommended Reading
arxiv.org/abs/2601.04566

The Com, criminal hacking ethics, and off-ramps, this talk from Allison is compelling and excellent. Take a watch.

🚨 Another Internet blackout in Iran has begun at 12:50 UTC (4:20pm local). 🚨

Numerous Iranian service providers now offline in new national Internet blackout.

Predatory Sparrow are "hacktivists" that happens to be skilled at cyber war.
www.wired.com/story/predat...

iranian offensive cyber capacities are not resilient or coherent enough to engage in meaningful effects-delivery against hardened targets while their country is actively being blown to shit. also: despite a few minor successes, iran has never matched china or russia in scale of access to USCIKR.

"Over four months, LLM users consistently underperformed at neural, linguistic, and behavioral levels. These results raise concerns about the long-term educational implications of LLM reliance and underscore the need for deeper inquiry into AI's role in learning."

Cubs, Royals, and Brewers held Pride Nights today. Notable in Chicago was a community group called “Play Catch with a Dad” that serves members of the LGBTQ+ community who have been disenfranchised by their families.

SMB to RCE via Kerberos coercion, nasty vuln and great research. Get patching.

Are you referencing CVE-2025-33073? I think you may have typo'ed 33074
msrc.microsoft.com/update-guide...

"Don't look for breaches, so we don't have to disclose them"
Is the new "no logs, no breach"

www.nextgov.com/cybersecurit...

PR teams: just add "with Agentic AI" to end, then full send

Is the era of the “named actor” done?

As the OG adversary sets diverge, get promoted, or move on

actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)

AND the CTI models maturing…

APTs ⬇️⬇️

UNCs ⬆️⬆️

Friday vibes

SonicWall Sonicos Versions 7.1.x and 8.0.x Blog describes how Bishop Fox staff identified a vulnerability in SonicWall SonicOS 7.1.x and 8.0.x in the SSL VPN service and solutions for customers.

I made SonicWall’s hall of fame for this one. Patch your firewalls (again), folks!

bishopfox.com/blog/sonicwa...

actions on objective, which can be very important to whether the dwell time # is effective. This is easily observed from the differences of a smash and grab ransom, intentionally destructive attacks, to a intelligence gathering long operations.

Good industry metric, not always great inside measure

While it has a slight uptake this year according to MTrends, hard to say what that means yet. But measuring dwell time without a sophisticated program is perilous as a true measure, as not all incidents or red team engagements are created equal. Dwell time by itself does not correspond with measures

detection and response team's increased capabilities, but instead because one of the most prevalent breach types started announcing their presence in form of ransom notes.

Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling

Dwell Time became 'the metric' to track ~10 years ago. Since then it fell from averaging years to days. While this can be correlated with increased D&R capabilities, it also notably decreased from a changing threat landscape. As ransomware grew in popularity, Dwell time decreased regardless of

Dwell time back?

While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵

Challenger Winner of the 2024 Kirkus Nonfiction Prize • Shortlisted for the 2025 Andrew Carnegie Medal for Excellence in Nonfiction • A New York Times Notable...

For fans of root cause of catastrophic (often bureaucratic) failure, such as reports from CISA's Cyber Safety Review Board reports, recommend Challenger, by the same author of Incident Response required reading Midnight in Chernobyl. #RecommendedReading www.simonandschuster.com/books/Challe...

Seeing blue skies, even though it is grey here in Chicago.