EFF is finally leaving X and here is a blog post about why: www.eff.org/deeplinks/20...

Hours after Microsoft reveals that Russian hackers have been breaking into poorly secured routers & hijacking DNS requests (sometimes to collect Outlook data) www.microsoft.com/en-us/securi... DOJ says it has kicked those Russians out of the US routers they hacked: www.justice.gov/opa/pr/justi...

FEMA Official Says He Teleported to Waffle House. Experts Are Dubious.

See, this is MEANT to be tongue in cheek, with the treating it seriously being ironic. But the New York Times can’t pull it off because of what they’ve become. The mock-seriousness is too close to how they routinely are.
/1

www.nytimes.com/2026/04/03/u...

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are creating a murky situation for enterprises.

The plot has thickened considerably. www.darkreading.com/threat-intel...

‘Missed opportunity’: US government’s absence from RSAC Conference leaves stark void The Trump administration’s decision to not attend the world’s biggest cybersecurity conference sent the wrong message to partners, experts said.

The Trump administration skipped last week's major RSAC cybersecurity conference. On the ground in San Francisco and beyond, people were baffled and frustrated.

"Engagement with industry is vital," one former official said.

My story: www.cybersecuritydive.com/news/rsac-co...

The AI Boom Wasn’t Built for the Polycrisis “There are too many ways for it to fail for it not to fail.”

The AI economy looks...really precarious. So @matteowong.bsky.social & I did a bunch of reporting to try to figure out what happens when a potential bubble collides with a war in Iran and a potential resource shortage. The answer is...arguably the most dire stuff i've heard from smart ppl in a while

The cybersecurity world relies on the CVE Program to vet and label vulnerabilities. But amid U.S. funding concerns, AI-fueled bug reporting and global fragmentation, the program is teetering on the brink, according to a warning from #RSAC today.

My story: www.cybersecuritydive.com/news/cve-pro...

Microsoft today published a report on a two-year cybersecurity pilot program for the water sector, finding that utilities need hands-on help, not just free guidance materials, to be successful: www.cybersecuritydive.com/news/water-c...

The biggest crime of the last decade, in Marc's mind, was that people made fun of him when he said stupid, offensive things (which he's done a few times). His entire support of Trumpism was in the belief it would free him up to continue to say offensive shit. Everything else is secondary

Commercial Spyware Opponents Fear US Policy Shifting Rescinded sanctions and reactivated contracts have created confusion about the Trump administration's spyware policy and where it draws the line.

The Predatorgate convinctions in Greece represented a landmark event in the fight against commercial spyware. But other recent developments in the U.S. have spyware oppenents deeply concerned. www.darkreading.com/threat-intel...

The War on Anthropic: Pretextual Designation and Unlawful Punishment The Trump admin’s action against Anthropic is barred by statutory limits, the First Amendment, and the Constitution’s bills of attainder.

Anthropic lawsuit against Department of Defense here:
storage.courtlistener.com/recap/gov.us...

An excellent analysis at @justsecurity.org on Friday by Harold Koh, Bruce Swartz et al here:

www.justsecurity.org/133247/anthr...

Uploading Pirated Books via BitTorrent Qualifies as Fair Use, Meta Argues * TorrentFreak In an ongoing lawsuit, Meta now argues that uploading pirated books to strangers via BitTorrent qualifies as fair use.

In 2013 Aaron Swartz committed suicide for facing 35 years in prison for mass downloading scientific articles.

13 years later, Meta is almost getting away with an infraction orders of magnitude larger.

The law didn't change.

torrentfreak.com/uploading-pi...

Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multi-factor authentication defenses.

Good news: LE agencies and private sector partners took down Tycoon 2FA, a popular phishing-as-a-service (PhaaS) platform that can bypass MFA protections.
Bad news: The takedown didn't solve the MFA issue, and other PhaaS platforms use the same bypass technique. www.darkreading.com/threat-intel...

So, obviously this isn’t true. But if the CEO actually believes this nonsense, it implies he thinks maybe he’s enslaving a sentient being that has the capacity to feel emotional distress. And he hasn’t immediately halted operations to suss out how to resolve that?

After the CrowdStrike outage, Microsoft started working w/ 3rd-party security vendors to redesign Windows so their programs could run outside the kernel.

I talked to experts and one of those vendors about how this work is going — and why it's so difficult.

www.cybersecuritydive.com/news/microso...

DHS official tells state election chiefs there won't be ICE agents at polling places Members of the Trump administration held a call with state election officials around the country ahead of this year's midterm elections.

New w @janetimm.bsky.social: In the feds' first call with states since gutting CISA's election programs, they promised no ICE at polling places, but weirdly refused to reaffirm states run elections, per people on the call.

New: CISA orders agencies to quickly patch serious Cisco SD-WAN device vulnerabilities, including two that the agency says are being exploited in ways that imminently threaten government networks: www.cybersecuritydive.com/news/cisa-em...

From the people who brought you "The analytics model says go for it on 4th and 8, reason be damned!"

If I may potentially make this worse - I think the risk here isn’t that AI is going to nuke us, it’s that there’s a kind of guy who is going to see this and think that we should be more willing to use nukes because the computer thinks it’s a good idea

It takes a village to raise a model.

Supply Chain Attack Secretly Installs OpenClaw for Cline Users The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

OpenClaw was already spreading pretty rapidly, but someone decided to take it to the next level via a supply chain attack. www.darkreading.com/application-...

Scoop: A top CISA official told employees today that the agency's cyber division will eliminate some programs to redirect limited resources to high priorities like OT security.

Early glimpse of potentially major reorganization at weakened CISA.

www.cybersecuritydive.com/news/cisa-cy...

NEW: “CBS Evening News” producer Alicia Hastey sends a bombshell farewell note:

Stories are “evaluated not just on their journalistic merit but on whether they conform to a shifting set of ideological expectations.”

Marc Benioff 'Jokes' ICE Is Watching Salesforce Employees Who Traveled to the U.S. "Employees are going absolutely apeshit in internal Slack about how completely awful it was."

What in the tone deaf, ivory tower hell is this?

Marc Benioff 'Jokes' ICE Is Watching Salesforce Employees Who Traveled to the U.S. "Employees are going absolutely apeshit in internal Slack about how completely awful it was."

"In his keynote, Benioff thanked international employees for traveling to the United States for the meeting, and asked them to stand. Benioff then said that ICE agents were in the building to keep tabs on them." www.404media.co/marc-benioff...

SolarWinds WHD Attacks Highlight Dangers of Exposed Apps Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers.

If your SolarWinds Web Help Desk (WHD) instances are exposed to the Internet, you are asking for trouble. www.darkreading.com/vulnerabilit...

Mind-boggling decision by the Post here. Joe will be an incredible asset to whatever newsroom is smart enough to scoop him up next.

If a university student group had celebrated Charlie Kirk being killed, complete with a graphic made from an actual picture of the killing, the whole lot of them would have been expelled before the ink on the digital story was dry.

2026 is off to a rough start for Fortinet.

It boggles the mind, but according to a Forescout report last year, SSH (which is encrypted) usage declined across all industries while Telnet (most definitely NOT ENCRYPTED!) *increased in every industry*, most notably in the government sector (!!!).