Attackers Are Hunting High-Impact Node.js Maintainers in a C... Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

🚨 New Investigation: Attackers are hunting the maintainers behind Lodash, Fastify, buffer, Pino, mocha, Express, and #Nodejs core, because compromising one of them means write access to packages downloaded billions of times a week.

socket.dev/blog/attacke...

How can this go on for another 3 years?

Cyber: Humans are the weakest link!

Also cyber: Human-in-the-loop is the only way to make AI safe!

Hmmm do you think this will happen more or less often after the company lays off 20 percent of its workforce

Never fund DHS again. Abolish it completely.

If someone wants to moan about "but but we have to ____" yeah fine we can discuss a new department, but *this* department has to go.

Datadog and Okta Combine for New Customer Detections Comprehensive monitoring of identity activity is crucial to the security of any organization. A compromised identity can lead to widespread data breaches and

We recently partnered with Okta to ship new identity threat detections, alongside contributing to Okta's open source Security Detection Catalog, so the broader security community benefits.

Big thanks to the Okta Cyber Defense team for the collaboration!

sec.okta.com/articles/202...

Also if you work in sales at a company, do not call me. Email, fine.

I love the Three Buddy Problem and listen to it religiously. My question for @ryanaraine.bsky.social @jags.bsky.social and @craiu.bsky.social - do you think the benefits of staying on Twitter outweigh the hazards?

Each one of those three missiles costs 33% more than the annual budget of the national park where I work.

I do not want AI in @1password.bsky.social. So naturally my next renewal will be a price increase because they’re stuffing AI into @1password.bsky.social.

We should do everything we can to help Democratic politicians leave Twitter behind. Help the AG out!

This is an excellent explainer. 👀 quote: “In rough terms, the workforce of CBP officers and Border Patrol agents commit crimes at an equal or even greater rate PER CAPITA than the population of undocumented immigrants do in the United States.”

Merry Christmas Day! Have a MongoDB security incident. Somebody from Elastic Security decided to post an exploit for CVE-2025–14847 on Christmas Day.

patch ye MongoDB, there's an exploit for a vuln which has been in the product for over a decade that allows the remote, unauth read of any memory - which includes plaintext creds.

Somebody posted an exploit on Christmas Day, Merry Christmas!

doublepulsar.com/merry-christ...

That feeling when @iverify.bsky.social tells you about an iOS update before Apple even issues a security bulletin 😍

CVE-2025-55182 (React2Shell): Remote code execution in React Server Components and Next.js

securitylabs.datadoghq.com/articles/cve...

Lifting awareness of male supremacy: an elevator pitch with a twist The source of much of what is wrong in the world today is male supremacy, awareness of which needs raising. Could one simple question do the trick?

A man and a woman get in an elevator, which one is doing risk assessment?

Ex-CISA officials, CISOs aim to stop the spread of hacklore : Don't believe everything you read

Afraid of connecting to public Wi-Fi? Terrified to turn your Bluetooth on? You may be falling for "hacklore." Dozens of CISOs and ex-CISA officials have launched an effort to dispel these myths and show you how not to get hacked for real.

Democratic leaders have failed us again. It's time to get new leaders. After yet another capitulation by Chuck Schumer and Senate Democrats, it's clear we need new leadership capable of mounting a serious opposition to Trump's authoritarian regime. We're launching our la...

After yesterday’s surrender, we’re launching the largest Democratic primary program that we’ve ever run.

We will not back any Senate primary candidate unless they call for Schumer to step down as Minority Leader.

If you’re as pissed as we are, join this campaign to rebuild the Democratic Party. 👇

How to Opt-Out of Airlines Selling Your Travel Data to the Government The Airlines Reporting Corporation (ARC), owned by major U.S. airlines, collects billions of ticketing records and sells them to the government to be searched without a warrant. I managed to opt-out…

When you book a flight through major travel sites, a data broker owned by U.S. airlines will sell details about your flight—your name, credit card used, and where you’re flying to the government.

We found out how to opt-out of ARC selling your travel data. A guide:
www.404media.co/how-to-opt-o...

Opinion | A jury of my peers agreed that the feds wrongly charged me for watching ICE I believe that filming what federal agents were doing that day counted as basic human decency.

“I’m a law-abiding citizen who never thought I’d be of such interest that the U.S. government would use my tax dollars & yours to try to send me to prison…[after being] manhandled by an Immigration and Customs Enforcement agent trying to remove my phone from my hand.”

www.msnbc.com/opinion/msnb...

So this story is super duper interesting for a whole ton of reasons, but one big one is its a very rare glimpse into the private valuation of high-end exploits held by major defense contractors

bsky.app/profile/lega...

The surveillance empire that tracked world leaders, a Vatican enemy, and maybe you Inside the hidden world of First Wap, whose untraceable tech has targeted politicians, journalists, celebrities, and activists around the globe.

Truly, SS7 is the surveillance gift that keeps on giving: www.motherjones.com/politics/202...

NEW: cost to 'poison' an LLM and insert backdoors is relatively constant. Even as models grow.

Implication: security doesn't scale with LLMs.

Super interesting: Prior work had suggested that as model sizes grew, it would make them cost-prohibitive to poison. 1/
arxiv.org/pdf/2510.07192

Veep wasn’t supposed to be a documentary

🎶Thicker than
A deep dish pie
Joints are sore
Blood pressure high
Pudding, flan
And crème brûlée
None are safe
From the Green Beignets🎶

You can protect me from a 22 Tbps DDoS attack on my website but you can’t protect me from the fact that Cloudflare’s 15th birthday is DDoSing my brain

Sickening behavior by this agent. The fact that Mayor Adams has rolled out the red carpet for ICE is a stain on our city.

Secret Service agents dismantle network that could shut down New York cellphone system Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.

1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.

Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.

Be sure you take a moment today to remember Charlie Kirk for exactly who he was.