Jealous of Maryland rn

Canary in the privacy coal mine ⬇️

Antitrust laws continue to be ignored, broken, and bent to suit a political agenda. The fact that Dentsu, GroupM and Publicis didn't fight back on this speaks volumes about what they are going to do with client ad money in the future. 💸💸💸

www.texasattorneygeneral.gov/sites/defaul...

Identity Resolution - Firewalls Don't Stop Dragons Podcast There are all sorts of things that can be used to identify us online and in the real world, beyond our names, addresses, and...

It's one thing to collect data on us everywhere we go, but it's quite another to tie all those tidbits back to a single identity (you). Today @thezedwards.bsky.social and Iesha White explain just how bad it is and how you can try to avoid it.

podcast.firewallsdontstopdragons.com/2026/04/13/i...

Advertisers and advocacy groups have a right to share their opinions about brand unsafe networks and big ad tech companies. These witch hunts have gone on far too long.

Congrats to everyone in Hungary! What amazing news for the world.

👀Coming Monday!

🎉

Justice Department disrupts botnet networks that hijacked 3 million devices The Aisuru, Kimwolf, JackSkid and Mossad botnets enabled cybercriminals to initiate thousands of attacks. A crackdown targeting large-scale botnets continues amid growing challenges.

Good morning to everyone but botnet admins!

Great piece from @mattkapko.com, appreciate having a few of my comments in it! 🖖🌩️⚖️
cyberscoop.com/botnet-disru...

I suspect TTD would have more auditor advocates for supply path cleanups if they made it a requirement to expose the supply chain object client side. As it stands, only ad tech organizations get this data server side, and the amount of research about flipping traffic is minimal because of it.

Great reporting ⬇️⛈️⚖️

👀⛈️⚖️

How Cops Cracked a $500 Million Catalytic Converter Crime Ring The metals inside part of a car’s tailpipe are so valuable that they’ve become prized by sawzall-wielding thieves. Then a Tulsa officer named Kansas Core got involved.

www.bloomberg.com/features/202...
"That December, Core obtained a warrant to mount a 24-hour surveillance camera outside Curtis Cores, installed surreptitiously on a utility pole along Highway 51."... " They would uncover the story of a dark supply chain that saw $545 million in cash..." 🌩️⚖️

⛈️⚖️🖖🏻

Sorry to hear this, you’re an excellent journalist and your work speaks for itself. Hoping for the best for everyone impacted by the layoffs.

I also had a nice video call with Meg Whitman and some folks on her team when this research came out. There was some very interesting shenanigans being conducted by one of their vendors that I found and they immediately went 10 alarm fire on them about it. Was a solid response plan imo! 🖖

Facebook‘s Ongoing VIP-User Data Exfiltration Vulnerability via Adobe’s Marketo Software & Why… Over the last 2 months, Facebook has quietly changed several ways they deploy Adobe’s Marketo email software across core Facebook…

a similar issue impacted Facebook + Adobe and I had like 2 weeks of arguments with them before FB paid me a data breach bounty and Adobe changed the entire structure of their a specific URL token
medium.com/@thezedwards...

Quibi, JetBlue and Others Gave Away Email Addresses, Report Says (Published 2020)

just reported another subtle email address data supply chain breach to a major corporation who yeeted my email to their vendors due to a dumb URL structure -- this problem always comes up! some of my previous research on it: www.nytimes.com/2020/04/29/b...

We need to dramatically improve ad libraries as a core way to slow down scams.

a basketball game between the heat and the lakers is being played Alt: a basketball game between the heat and the lakers is being played - kobe bryant makes a fade away jump shot as a defender tries to block it at the buzzer, the shot is perfect and goes in to win the game as the clock goes to zero above the backboard.

that feeling when you finish and publish the massive client report you've been working on for ages right before the new year

As both the House & Senate look to repeal Section 230, I'm curious who they think should be held liable for the comments they've left open on the Epstein photo dump...? Them? Dropbox?

Do they have a trust & safety team watching the comments?

My Youtube account was unsuspended but the video in question is still private. Based on their vague feedback it seems possible that YouTube now has a tool to scrape videos for URLs (like from my screen sharing research session) and then flag videos which in any way reference a known malicious URL.

Silent Push Completes Strategic Acquisition of HYAS, Expanding Customer Base and Securing Global Leadership in Preemptive and Proactive Cyber Defense Acquisition strengthens Silent Push’s capabilities to deliver deeper visibility, stronger intelligence, and enhanced defensive outcomes.

P.S. Silent Push announced we acquired Hyas today 🚀
www.silentpush.com/news/silent-...

Shining a Light on the Global Bulletproof Hosting Ecosystem Silent Push developed this white paper on the current state of Bulletproof Hosting and lesser-known technical dynamics we’re observing.

Our team will be speaking more about BPH’s in the coming months as we encourage more law enforcement actions and private responses to these growing challenges.

Read our final 2025 White Paper "Shining a Light on the Global Bulletproof Hosting Ecosystem" @ www.silentpush.com/white-papers...

Threat actors love a wild policy NiceNic has which requires 3rd parties to have a “Power of Attorney” over any brands that are mentioned on malicious infrastructure being reported by that 3rd party. So to get a network down that impersonates dozens of brands, it would require dozens of POAs...

Bulletproof Registrar NiceNic is given some special attention... oh what's that, you've never heard of a Bulletproof Registrar? Well what happens if you combine a BPH + a BPR? ⚖️📴

If you don’t know about NiceNic, you’re way behind the threat actors...

Reminder, CISA + NSA + FBI + DOD + international law enforcement wrote about the threat of Bulletproof Hosting Providers last month and included details about Infrastructure Laundering from FUNNULL in their report:

www.cisa.gov/resources-to...

This is the *newest form of Bulletproof Hosting*

a man in a blue jacket with stars on it is singing into a microphone at a party . Alt: lil dicky the rapper is in a blue jacket with stars on it dancing

FUNNULL is illicitly acquiring IPs and mapping them into their network in order to make their network faster for U.S. victims connecting to their scam websites and likely saving money by doing this.

This is the dance that FUNNULL admins do when they steal western IPs without ramifications.

Real Estate Its Free Real Estate GIF Alt: Real Estate Its Free Real Estate GIF

Infrastructure Laundering from FUNNULL CDN & Triad Nexus is the newest and nastiest form of bulletproof hosting, where this network uses “account mules” to illicitly acquire IPs from major cloud providers like Amazon, Microsoft, Cloudflare and Google...

a couple of women standing next to each other with the words peer pressure on the bottom Alt: a couple of women standing next to each other with the words peer pressure on the bottom

BPH’s get online through “peering agreements” w/ other ASNs. In the white paper we’re using the free data from Hurricane Electric to explain why folks really need to be more focused on peering relationships. If you find a BPH, how are they getting online & who are their ASN peers? We need more: