Luckily all the devs building production apps with Vercel are known for security-first thinking, and their defense-in-depth implementations will prevent much downstream carnage.

=)

So this Vercel breach is lookin bad, innit

🎵 KELP! 🎵

🎵 I need somebody 🎵

🎵 KELP! 🎵

🎵 Not just anyyyybody! 🎵

🎵 KELP!🎵

🎵 A regulatory body 🎵

🎵 To recover my unregulated speculative investments not subject to consumer protections 🎵

🎵 Kelp me, kelp meeeeee! 🎵

The Angry Spark APT Mystery: One Victim, Zero Attribution YouTube video by Three Buddy Problem

Three Buddy Problem continues to be one of my very favorite infosec podcasts, and very worth a listen if you haven't tried yet.

I'm hoping for Episode 100 they take over a small country, or perhaps just Silicon Valley.

Also on Apple podcasts / Spotify / etc.

www.youtube.com/watch?v=mSD9...

i was in the kitchen smiling PRE-COFFEE

First night I used my new CPAP for most of it.

Sleep was broken for other reasons but holy shit I woke up not groggy? Not feeling like I immediately need a nap?!

Is this how normal people live?! It’s been so long…

Thanks for putting that out there.

Relevant: we have a free supply chain scanner that detects typosquatting, suspicious install hooks, and obfuscated code in npm/PyPI packages. Also works as a Claude Code MCP plugin: https://tiamat.live/scan?ref=sentinel

Cyber Intel Brief: Vect, BreachForums, and TeamPCP Converge An unprecedented ransomware partnership that mobilizes 300,000 cybercrime forum members and weaponizes stolen supply chain credentials.

Eugh, and if this week wasn't long enough, Dataminr out with a report on converging partnerships in the ransomware ecosphere between Vect, TeamPCP, and BreachForums.

www.dataminr.com/resources/in...

We were originally going to keep this one closely held, but the number of questions we're fielding about IR threat actors, and some trends in current whispernets, convinced us to publish it instead.

I don't know about you folks but I think it's been a long damn week...

DomainTools Investigations | Handala: MOIS Linked Cyber Influence Ecosystem Threat Intelligence Assessment Discover how Handala, Homeland Justice, and Karma function as a unified MOIS-linked cyber influence ecosystem. This threat intelligence assessment reveals how Iran uses "hack-and-leak" operations to w...

I know everyone's hungering for more cyber reads on Friday afternoon, so we've published a long read on Handala and related MOIS personas, expanding greatly on our shorter post from April 6.

#threatintel #cybersecurity #infosec

dti.domaintools.com/research/han...

If you're interested in deep details of the DPRK IT worker scheme the Wangs operated, we detailed it all back in July:

dti.domaintools.com/research/fro...

Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme | TechCrunch The U.S. Department of Justice announced that two Americans were sentenced to years in prison for helping the North Korean government place fake IT workers in U.S. companies.

Good piece by @lorenzofb on two New Jersey residents involved in running laptop forms for the DPRK IT worker scheme.

techcrunch.com/2026/04/16/t...

LABScon - Security Research in Real Time | LABScon Join us September 16-19th for LABScon, an intimate, invite-only event for the top cybersecurity minds to gather, share cutting-edge research.

infosec folks: the labscon CFP is open.

I went last year for the first time - and it's spendy (unless you're a speaker) but it's been one of the most impactful events of my career in multiple ways.

highly recommend you submit, highly recommend you attend regardless.

www.labscon.io

'Leaked Iranian documents reveal IRGC used Chinese satellite to spy and target US military bases in war zone': Reports - The Statesman Among the sites under surveillance was the Prince Sultan Air Base in Saudi Arabia, where US aircraft were targeted during the hostilities.

"In-orbit delivery" of a private Chinese-made surveillance satellite to the IRGC...

What a wild world we're now in.

www.thestatesman.com/world/iran-u...

She sounds amazing - and also, she sounds correct.

have decided i hate all software

IFIN took a good look at the EssentialPlugin Wordpress supply chain attack that just occurred and came away with some good indicators to share. Not bad for a Tuesday lunch hunt!

It continues to make me proud that as a company, DomainTools sees community contributions and practitioner enablement as priorities worth supporting.

It came up in a (sensitive) briefing today, so worth shouting from the rooftops: DomainTools Investigations is not a product, but a DomainTools-resourced team providing product-agnostic, timely, and actionable threat intelligence to the wider community.

Maybe the real treasure was the partners we made along the way Welcome to Memetic Warfare.

Shout out to Memetic Warfare for a title that had me guffawing this morning: "Maybe the real treasure was the IRGC partners we made along the way"

www.memeticwarfare.io/p/maybe-the-...

Which makes the slide itself smaller in the display, so you have to engage with the button to get it back to desktop size.

(We're a Workspace shop, so go elsewhere with the "Don't use Google" takes. Not my choice. And yes, I know I can try blocking content with an adblocker. That's not the point.)

Adventures in AI and bullying consent: If I can't be bothered to create my own presentation, why the hell would someone be interested in seeing it?

I'm building a slide deck for a preso on sanctions evasion tomorrow and Google now pops up "Enhance this slide" with a Gemini button on EVERY SLIDE.

DomainTools Investigations | CyberAv3ngers: From Infrastructure Hacks to Propaganda Machines in the Iran-Israel Cyber War As the conflict between Iran and Israel escalated in early 2025, it quickly expanded beyond missiles and airstrikes into a broader battle for digital and psychological dominance. Among the most visible players in this new front is a group known as CyberAv3ngers. Their operations have included hijacking water systems, defacing programmable logic controllers (PLCs), and ridiculing Israeli cybersecurity efforts across social media platforms like Telegram and Twitter. Yet, their rise wasn’t built solely on technical exploits—it began with fabrications and theatrical messaging. CyberAv3ngers evolved from obscure defacers into sophisticated narrative operators, blending cyber sabotage with psychological operations. As their influence grew, so did suspicions of deeper affiliations—particularly with Iran’s Cyber Command, suggesting that the group may be more than a rogue actor and instead part of a broader state-aligned strategy.

ICYMI, CISA issued an alert the other day on IRGC threat actors targeting Rockwell PLCs and other ICS, which is a hallmark of past CyberAv3ngers work.

Our piece from last year can be found here, but as noted, the Tenable piece has the recent developments: dti.domaintools.com/research/cyb...

Grateful for this timely Tenable piece about CyberAv3ngers, citing @DomainTools@infosec.exchange Investigations' work from last year, in part.

www.tenable.com/blog/what-to...

Citizen Lab continues to be one of the more important institutions in our current age, I think, doing some of the most important work.

I cannot wait to read this one, tbh

AuDHD Burnout Recovery: Why Rest Alone is Not Enough Research Article | Burnout | Dr. Neff

A good friend shared this substack on Autistic/ADHD (AuDHD) burnout with me, and it resonated deeply. Very worth reading for both my neurodivergent pals and for folks who work with, manage, or love 'em.

neurodivergentinsights.substack.com/p/audhd-burn...

UK NCSC: APT28 exploit routers to enable DNS hijacking operations

#threatintel

www.ncsc.gov.uk/news/apt28-e...

I've been part of IFIN (in the background) for several months, talking cyber and sharing intel.

@taggart-tech.com hooked me with this premise: threat intelligence *is* mutual aid.

So for what it's worth, I'm there and in for the long haul. Come join us.