The Wild, Wild World of Exploits With Caitlin Condon YouTube video by Decipher

This podcast was nominated for Best Side Eye by a Lead Actress @catc0n.bsky.social

youtu.be/VLvtO5QxHXE?...

Local folks:

VulnCheck - Outpace Adversaries Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

VulnCheck is #hiring (senior) exploit developers in the U.S. and UK! If you love writing RCE exploits but also want to help customers detect exploitation and assess exposure, this is a fantastic place to learn and grow! Open roles here - we're also looking for UK engineers: www.vulncheck.com/careers

But keep reading

Fortinet CVE-2025-64446 Under Active Attack - Decipher That vulnerability (CVE-2025-64446) affects several versions of FortiWeb and CISA  has added it to its Known Exploited Vulnerabilities catalog.

“Silently patching vulnerabilities is an established bad practice that enables attackers and harms defenders." @catc0n.bsky.social

decipher.sc/2025/11/17/f...

C R Y I N G this is so perfect lmao

x: www.instagram.com/reel/DQ7cPSf...

If AI is going to economically and environmentally doom us all anyway, could it at least make iOS keyboards less godawful?

Posted by Block Club Chicago: "Cycling x Solidarity's latest mutual aid effort takes cyclists on group rides through Pilsen and other neighborhoods to buy out tamale vendors so they can stay home as ICE swarm the city. They pass out to food to people in need."

Forgive me, Chicago, I was not aware of your game

90% of Americans plan to skip the No. 1 piece of Social Security advice, study finds Financial pros recommend waiting as long as possible to claim your Social Security benefits. Most Americans say they're ignoring that advice.

"Plan to skip No. 1 piece of advice" is a wild way to say "cannot afford to wait until the recommended age because of the high cost of basic expenses throughout their lives" www.cbsnews.com/news/social-...

What Your Favorite Author Says About You (Behind Your Back) Agatha Christie: “I bet I could murder them and get away with it.” Ernest Hemingway: “For sale. Two testicles. Never used.” George R. R. Martin: “H...

*Charlotte and Emily Brontë:* "He has no clue which one of us is which."

More governors need to stand up like this.

I'm no fan of Newsom generally, but he's at least not rolling over for the administration. California is better off for it.

I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.

It seems like there’s still a piece of the story missing re: the private key.

It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2 We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035. Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible inte...

Pretty unfortunate update on Fortra GoAnywhere MFT CVE-2025-10035 from the folks at watchTowr labs.watchtowr.com/it-is-bad-ex...

Federal agencies given one day to patch exploited Cisco firewall bugs Vulnerabilities in some models of Cisco's Adaptive Security Appliances (ASA) have been exploited by "an advanced threat actor," according to a warning from CISA.

Federal agencies have about 24 hours to patch two critical bugs in a line of Cisco firewalls

patch CVE-2025-30333 and CVE-2025-20362 asap

therecord.media/cisco-asa-fi...

I don’t think I’ve ever loved anything as much as ICE loves violently attacking women.

The Secret Service isn't claiming it foiled any plot targeting the UN General Assembly. Just that a big collection of SIMs (probably used for fraud) could have *potentially* disrupted NYC cell service. The SIMs were in a *35 MILE* radius of the UN.

These headlines are all pretty egregiously wrong:

This is incredible stuff

CVE-2025-10035: Critical Vulnerability in Fortra GoAnywhere MFT | Blog | VulnCheck A new critical vulnerability was disclosed in Fortra's GoAnywhere managed file transfer product, which has been targeted in the past by ransomware and extortion groups

Last night, Fortra disclosed a critical vulnerability in their GoAnywhere MFT file transfer product. CVE-2025-10035 has a virtually identical description to CVE-2023-0669, which was exploited by ransomware crews. Unclear if this one has been exploited. Patch now. www.vulncheck.com/blog/cve-202...

Diagram titled 'Possible causes of your problems'. On the left hand side, subtitled 'Yes': Funding removed from local councils, growing gap between rich and poor, multinational companies not paying their taxes, lack of new affordable housing, government not investing sufficiently in schools and healthcare. On the right hand side, subtitled 'No': Picture of small boat, with arrow; 'People fleeing horrific situations that you and I can't imagine'.

Possible causes of your problems. It’s a diagram that (sadly) still seems relevant in 2025, so reposting a year and a bit on.

VulnCheck - Outpace Adversaries Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Hey, security research friends! You know how vulnerability disclosure coordination is the most painful part of vuln research? Good news: VulnCheck will do it for you! You get credit, we handle the CVEs + vendor discussions.

Report vulnerabilities for disclosure here: vulncheck.com/advisories/r...

When to call the witches 1-800 dark magic

A beautiful, tender piece about grief and aging and friendship and the sacred call to haunt: joysullivan.substack.com/p/when-to-ca...

We need community notes here to clarify that in fact Michelle Wu ended his campaign

A meme with the black spinning top from the movie "Inception". It's on a beige-ish background and the text of the meme says "It's like...a third-order command injection."

Quote from the VulnCheck team exploit mines 2025-09-11T19:24:00Z

Overachievers

Gen Z in Nepal burned down the parliament, burned down the homes of government officials, forced the prime minister to resign, and paraded the finance minister through the streets nearly naked.

VulnCheck Insights: CVE Context at the Hover of Your Cursor | Blog | VulnCheck Instead of bouncing between tabs, you now get instant, current context the moment a CVE appears on your screen.

I know NPM and SAP and probably other acronyms are on fire today, but @vulncheck.bsky.social put out a Chrome extension for #CVE and #exploit intel and it's saving me kind of a lot of tab-switching effort, so you get 🎉 🤠posts from me instead of 🗑️🔥 posts www.vulncheck.com/blog/vuln-ch...

Friends, for your Friday, here's a new image of planets being born.

The inverse of this skeet is "Some enterprising young sys admins used example machine keys for production deployments, which is also significantly less surprising than anyone reading docs."

There is something soothing about watching a baseball diamond get steamrolled.