I appreciate their attempt to put some water on the flames, but saying the 271 vulns Mythos discovered could’ve been identified by a human doesn’t really help. “Thankfully Fred got hit by a car, much better than getting hit by a train.”
blog.mozilla.org/en/privacy-s...
This still holds true. Models similar to Mythos and GPT 5.4-Cyber will only increase the volume, veracity, and velocity of vulnerabilities and attacks in the not too distant future. The underlying fundamentals of cyber defense still hold true; however, approaches to applying them will need to change
A more pragmatic review of Mythos that doesn’t involve gas, hair, and matches.
www.aisi.gov.uk/blog/our-eva...
To be fair, I would say there’s an Easter egg in there…
Foreign actors have been compromising domestic routers for years because they’re unpatched and/or end of life, so they ban foreign routers. By summer, after years of foreign actors compromising domestic telcos also because of poor cyber hygiene, they will ban foreign telcos.
lester freamon looking off to the right of the frame
follow malware and you get malware authors and malware payloads. follow the infrastructure and you don't know where the fuck it's gonna take you.
Agreed. Salt Typhoon - espionage/successful intrusions; Russian use of Acid Rain - attack.
First repeatable attribution framework for threat intel teams since the Diamond Model as far as I know…
First VoidLink, now HONESTCUE. Fair to assume AI generated malware frameworks are only going to exponentially grow…
cloud.google.com/blog/topics/...
“The uncomfortable lesson of Salt Typhoon is not that Beijing has futuristic capabilities. It’s that Washington often treats major intrusions as proof of overwhelming adversary sophistication, when in reality, basic, preventable weaknesses still account for much of the vulnerability.” 🎯
Germany’s foreign intelligence agency (BND) intercepted phone conversations of former President Barack Obama while he was aboard Air Force One over several years. The interceptions exploited vulnerabilities in the aircraft’s encryption and known frequencies.
www.zeit.de/politik/ausl...
T-Mobile users like, “There’s no way coverage is that good.”
Scoop: The lone employee behind CISA's Pre-Ransomware Notification Initiative resigned on Friday rather than take a forced reassignment to FEMA.
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
The US is woefully behind China in both renewable and nuclear energy production, the former because its connection with climate change, which is seen as a “hoax”, and the latter because of the waste it produced, which is more than offset by the amount of power generated compared to fossil fuels.
Success in AI won’t just be because of chips and algorithms, but just as, if not more, importantly, data centers and power generation.
www.nytimes.com/2025/12/22/c...
In order: data security and management, cloud security, identity management. Goes without saying, protections should follow data - but what does that mean in a world of AI? How are you ensuring only those authorized to see or know certain things, are? www.cybersecuritydive.com/news/ai-secu...
Where is the closest rooftop? There is something I would like to shout.
“AI is currently a force multiplier on existing attacker tradecraft, not a source of fundamentally new TTPs.”
www.recordedfuture.com/blog/ai-malw...
Straight up, I developed and taught — and @kikta.net now teaches — an entire course at the @alperovitch.institute that boils down to “you can shape adversary cyber activity but you can’t deter it because that’s how intelligence operations work”. Being mad at China for playing the game is ridiculous.
I explained to my class week that despite all the panic about state actor capabilities:
-The biggest threat to electricity is squirrels
-Minecraft skids have the best DDoS capabilities
-No amount of disruption could ever beat misconfiguration, with DNS at the top of the list
EXCLUSIVE: President Donald Trump has decided not to nominate Army Lt. Gen. William Hartman to be the next leader of U.S. Cyber Command and the National Security Agency.
On @therecordmedia.bsky.social
therecord.media/william-hart...
Data center security being the Achilles heel of AI has been the topic of concern for the last year or two. I think the biggest takeaway from this piece is the need for a business continuity plan - being ready to go back to manual processes where AI has taken over.
www.scworld.com/perspective/...
Peter Kyle raised eyebrows last year when he said he was made, just hours into office, “very very aware that there was a cybersecurity challenge that our country faced that I simply wasn’t aware of before.”
We report a secret briefing by intel chiefs was responsible: therecord.media/cyberattack-...
Microsoft: Multiple subsea fiber cuts in the Red Sea impacting global communications
azure.status.microsoft/en-us/status
Interesting attack vector. Essentially the AI equivalent of domain squatting, except with AI model names.
www.securityweek.com/ai-supply-ch...
🚨New research drop: Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
It was a pleasure collaborating with Sreekar Madabushi and @kennethkinion.bsky.social from Validin!
Read our blog post: s1.ai/nk-ops
Legislation to renew two federal cybersecurity laws has finally begun moving through Congress, but it’s unclear if lawmakers will be able to pass both bills before an end-of-the-month deadline.
On @therecordmedia.bsky.social
therecord.media/house-homela...
New by me - Citrix have forgot to tell you a zero day was under exploitation earlier this year to successfully backdoor devices at "critical" organisations, and no vendor released technical details.
More to come, including on CVE-2025-7775 too.
doublepulsar.com/citrix-forgo...
