Spanky's Avatar

Spanky

@spankowitz.bsky.social

I like threat intel, purple team, and turtles.

78 Followers  |  409 Following  |  21 Posts  |  Joined: 05.07.2023  |  1.7599

Latest posts by spankowitz.bsky.social on Bluesky

From Epstein to Notepad++: Redactions, Zero-Days and Supply Chain Attacks
YouTube video by Three Buddy Problem From Epstein to Notepad++: Redactions, Zero-Days and Supply Chain Attacks

This week's show is up on YouTube (presented by Thinkst Canary @thinkstcanary.canary.tools)

WATCH www.youtube.com/watch?v=fvKM...

10.02.2026 17:04 β€” πŸ‘ 6    πŸ” 6    πŸ’¬ 1    πŸ“Œ 1
Preview
Programming Languages and Serialization CVEs Taking a look at a recent critical Solar Winds CVE

If Pentesting, AppSec, Bug Bounties or Security Engineering is your focus the Security Bugs section of my blog may be for you. Here I explore a serialization CVE in SolarWinds and prevention methods

Programming Languages and Serialization CVEs

teriradichel.substack.com/p/programmin...

30.01.2026 22:24 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
A destructive cyberattack in Poland raises NATO 'red-line' questions - Security Conversations (Presented by Material Security: We protect your company’s most valuable materials β€” the emails, files, and accounts that live in your Google Workspace and Microsoft […]

πŸ”₯ #ThreeBuddyProblem Ep83 has been pushed to your earholes. Poland CERT on Russian wipers, Sandworm or not Sandworm, new FortIvanti nightmares + some KasperSekrets chit-chat @craiu.bsky.social @jags.bsky.social

securityconversations.com/episode/a-de...

30.01.2026 20:20 β€” πŸ‘ 7    πŸ” 4    πŸ’¬ 1    πŸ“Œ 1

No.

20.01.2026 03:10 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
a bald eagle surrounded by stars and stripes and the text "oh my god, what the fuck"

a bald eagle surrounded by stars and stripes and the text "oh my god, what the fuck"

07.01.2026 18:43 β€” πŸ‘ 2180    πŸ” 633    πŸ’¬ 15    πŸ“Œ 39
Post image

Today’s Daily Cartoon, by Teresa Burns Parkhurst. #NewYorkerCartoons

07.01.2026 23:00 β€” πŸ‘ 281    πŸ” 62    πŸ’¬ 2    πŸ“Œ 5
Preview
Jan. 6, 2021: A visual archive of the Capitol attack NPR’s Jan. 6 archive brings together reporting, video, documents and testimony to show what really happened during the Capitol riot. Explore the timeline, cases and evidence behind the attack.

NPR built a visual archive of the Jan. 6, 2021, attack on the Capitol, showing exactly what happened through the lenses of the people who were there. In "Chapter 2: Stop the Steal," we look at how false claims of a stolen election mobilized Trump supporters.

06.01.2026 13:27 β€” πŸ‘ 1154    πŸ” 555    πŸ’¬ 20    πŸ“Œ 76
Preview
Don't get angry, but the 2025 Oxford Word of the Year is 'rage bait' The 2025 selection follows its predecessors, "brain rot" from 2024, "rizz" from 2023 and "goblin mode" from 2022.

The 2025 selection follows its predecessors, "brain rot" from 2024, "rizz" from 2023 and "goblin mode" from 2022.

28.12.2025 13:32 β€” πŸ‘ 189    πŸ” 35    πŸ’¬ 9    πŸ“Œ 8
Preview
What's behind US gov push to 'privatize' cyber operations?

A fresh problem has been pushed to your podcast platforms! @craiu.bsky.social @jags.bsky.social

- Spotify open.spotify.com/episode/68US...

- Apple podcasts.apple.com/us/podcast/w...

Presented by our friends at ThreatLocker 😍

20.12.2025 18:31 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
LLMs & Ransomware | An Operational Accelerator, Not a Revolution LLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.

AI isn’t reinventing ransomware β€” it’s industrializing it.

That’s the core finding from new @sentinellabs.bsky.social research on how threat actors are actually using LLMs today. s1.ai/llm-rw

17.12.2025 20:07 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Outgoing GAO chief warns of β€˜taking our foot off the gas’ at CISA Gene Dodaro, who is set to retire from the watchdog at the end of this month, shared final concerns with senators Tuesday about how the government is prioritizing cybersecurity.

Outgoing 15-year head of GAO says he's worried the government is "taking our foot off the gas at CISA" and would "live to regret it." He also said CISA's one-third workforce cut was "obviously untenable" and "they may not be postured" to support the midterm elections. fedscoop.com/cisa-workfor...

17.12.2025 20:30 β€” πŸ‘ 20    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Post image

The BloodHound Query Library, launched by @martinsohn.dk & @joeydreijer.bsky.social, democratizes tradecraft with a shared, searchable ecosystem. With 180+ Cypher queries & counting, the library is an increasingly valuable tool for the BloodHound community!

Browse ➑️ ghst.ly/bql_eoybsky

11.12.2025 23:07 β€” πŸ‘ 2    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image

Today’s Daily Cartoon, by Brendan Loper. #NewYorkerCartoons

10.12.2025 00:00 β€” πŸ‘ 78    πŸ” 14    πŸ’¬ 2    πŸ“Œ 0
Preview
An Evening with Claude (Code) - SpecterOps This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.

AI tooling and MCP servers are entering enterprises fast, often faster than security teams can assess the risks.

During a recent engagement, @xpnsec.com found a new Claude Code vuln (CVE-2025-64755) while exploring MCP abuse paths.

πŸ‘€ Read the details: ghst.ly/49ybl4W

21.11.2025 16:33 β€” πŸ‘ 10    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
White Knight Labs: Part 2 - Phillip Wylie About the Guests: Greg Hatcher and John Stigerwalt are co-founders of White Knight Labs, a boutique cybersecurity company specializing in offensive security services and advanced training programs. Greg’s background includes a remarkable career as a Green Beret in the U.S. Army, transitioning into cybersecurity with a focus on penetration testing and red teaming. John’s journey…

White Knight Labs: Part 2

02.12.2025 22:47 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Caffeine raises my heart rate and makes me sweat. Team decaf rise up!!!

01.12.2025 23:53 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
A woodcut of a bird beside the text "OH MY GOD SHUT THE FUCK UP"

A woodcut of a bird beside the text "OH MY GOD SHUT THE FUCK UP"

27.11.2025 22:27 β€” πŸ‘ 561    πŸ” 74    πŸ’¬ 1    πŸ“Œ 10
Post image

A U.S. District Judge has ruled that interim U.S. Attorney Lindsey Halligan (who had no prosecutorial experience before this role) was improperly appointed by the Trump administration, agreeing with Comey’s defense team.

The ruling means that both federal indictments are dismissed. trib.al/WZbNPi9

24.11.2025 22:43 β€” πŸ‘ 101    πŸ” 25    πŸ’¬ 3    πŸ“Œ 0

As long as it's not a clear alcohol...

19.11.2025 22:37 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@cyberwarcon.bsky.social how do you get so much talent packed into one day? This is my favorite conference. Every talk is a banger.

19.11.2025 21:02 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Chess boxers fight to win by hook or by rook Chess boxing got its start in a graphic novel. Now actual competitors fight for knockouts and checkmates. Russia has dominated for years, but the sport's popularity is growing in the U.S.

When Matt Thomas dropped out of law school, he devoted himself to a sport he initially thought was a joke: chess boxing. cbsn.ws/3LB3nOz

18.11.2025 13:00 β€” πŸ‘ 11    πŸ” 3    πŸ’¬ 1    πŸ“Œ 1
Preview
Sanford grandfather, born in refugee camp, nabbed by ICE after 70 years in U.S. Paul Bojerski never gained official residency, but he checked in regularly with ICE for years. Then in July, at age 79, he was detained and sent to Alligator Alcatraz.

79-year-old Paul Bojerski was born to Polish parents in a WWII German refugee camp. His family legally emigrated to the U.S. when he was 5.

He’s been taken by ICE in Florida.

www.orlandosentinel.com/2025/11/16/s...

17.11.2025 14:18 β€” πŸ‘ 4528    πŸ” 2705    πŸ’¬ 170    πŸ“Œ 420
Video thumbnail

This Thursday @strandjs.bsky.social join us to talk about China!

A cross between history and technology John breaks down exactly what he will be discussing in his webcast here!

Interested? Come join us and register here: events.zoom.us/ev/AhsoFeh2O...

11.11.2025 23:00 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Cybersecurity breach at Congressional Budget Office remains a live threat Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.

Politico is reporting that the breach at the Congressional Budget Office is "ongoing."

β€œDo NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.

10.11.2025 21:40 β€” πŸ‘ 310    πŸ” 189    πŸ’¬ 13    πŸ“Œ 39
Post image

I found myself using this career advice slide a lot lately and thought I would share it more broadly.

10.11.2025 10:59 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
What GreyNoise Learned from Deploying MCP Honeypots GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet β€” revealing how attackers interact with this new layer of AI infrastructure.

We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel

05.11.2025 19:15 β€” πŸ‘ 15    πŸ” 9    πŸ’¬ 0    πŸ“Œ 0
Preview
The Case That A.I. Is Thinking ChatGPT does not have an inner life. Yet it seems to know what it’s talking about.

The rushed and uneven rollout of A.I. has made it tempting to conclude that it’s all hype. But its advancement may have profound implications for the field of neuroscience.

03.11.2025 16:01 β€” πŸ‘ 71    πŸ” 13    πŸ’¬ 45    πŸ“Œ 19

I hope Buck sees this and appreciates it.

29.10.2025 19:56 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
AI of a Thousand Faces What happens now that AI is everywhere and in everything? WIRED can’t tell the future, but we can try to make sense of it. Behold: 17 readings from the furthest reaches of the AI age.

πŸŽ‡New package alert @wired.com! This one has been in the works for months. If WIRED was going to tackle AI -- something we cover daily -- we had to go big. So here are 17 different stories about the way AI is changing us, even as the technology itself keeps moving www.wired.com/ai-issue/

27.10.2025 11:21 β€” πŸ‘ 187    πŸ” 79    πŸ’¬ 5    πŸ“Œ 5

Summary of the Amazon DynamoDB Service Disruption in Northern Virginia (US-EAST-1) Region

I bet someone wishes they had checked for an empty value in this code right about now:

The root cause of this issue was …

24.10.2025 16:44 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

@spankowitz is following 20 prominent accounts