Sometimes I post paywalled Post articles. Usually I post marketing ones, free with account creation unless you have one. Sometimes I post free archive versions, which you also can figure out how to find without me.
This week is not the time to shout at me for posting a version that pays reporters.
03.02.2026 19:48 β π 18 π 3 π¬ 3 π 0
With perfect pitch, Joe Engressia Jr, aka #Joybubbles, discovered that he could whistle specific tones into a phone handset and bend the analog network to his will
(If youβre noticing a similarity between Engressia and the character Whistler in Sneakers, thatβs not a coincidence)
03.02.2026 00:10 β π 15 π 8 π¬ 1 π 0
Fortinet and WinRAR Exploitation, Google's IPIDEA Disruption, and Our Favorite Cybersecurity Creators
π¨ New @deciphersec.bsky.social podcast is up!
πͺ² New Fortinet SSO auth bypass exploitation
πͺ² Attacks on old WinRAR flaw
π₯οΈ Google disrupts IPIDEA proxy network
πΉ And shoutouts to some fave creators: @ryanaraine.bsky.social @johnhammond.bsky.social @mattjay.com
open.spotify.com/episode/5k9x...
30.01.2026 15:52 β π 5 π 2 π¬ 0 π 1
Message from "Signal Support"
Dear User, this is Signal Security
Support ChatBot.
Our system has detected a recent login attempt to your account from an unrecognized device or location. As a security measure, we have blocked this attempt and sent a verification code via
SMS to your registered phone number.
If this was NOT you: To secure your account and block this unauthorized access, please reply to this message with the verification code
you just received.
If this WAS you:
You can safely ignore this message. The login attempt will be automatically approved shortly.
Thank you for helping us keep your
account secure.
Signal will never message you like this.
If you get a message like this, SOMEONE IS TRYING TO HACK YOUR SIGNAL.
DO NOT GIVE THEM THAT CODE.
26.01.2026 02:16 β π 1996 π 1307 π¬ 16 π 12
Security Update Guide - Microsoft Security Response Center
Wow - Office security feature bypass patched OOB after active exploitation detected. Path now - CVE-2026-21509. At least the Preview Pane isn't an attack vector. msrc.microsoft.com/update-guide...
26.01.2026 17:40 β π 8 π 6 π¬ 0 π 1
oss-security - GNU InetUtils Security Advisory: remote authentication by-pass in
telnetd
This is how you start a security advisory: "If you are tired of modern age vulnerabilities, and remember the good
old times on bugtraq, I hope you will appreciate this one."
www.openwall.com/lists/oss-se...
21.01.2026 15:21 β π 1 π 1 π¬ 0 π 0
The RedVDS Takedown, Yet Another Chinese APT Emerges, and the StackWarp AMD Bug
This week, we talk about how Microsoft disrupted a long-running, large-scale cybercrime-as-a-service platform called RedVDS that has been active since 2019 and was used in high-volume phishing and BEC...
π¨ This week's podcast is up now! In this episode we break down:
β
The RedVDS cybercrime platform takedown by
@security.microsoft.com
β
New @talosintelligence.com research on UAT-8837 Chinese APT activity
β
The very cool StackWarp bug by @rayiizzz.bsky.social and team
decipher.sc/podcasts/the...
16.01.2026 18:24 β π 1 π 1 π¬ 0 π 0
Microsoft Disrupts RedVDS Cybercrime Platform - Decipher
The takedown marks a significant blow to the cybercrime-as-a-service ecosystem, which fuels large-scale, automated fraud.
βMicrosoft tracks the threat actor who develops and operates RedVDS as Storm-2470. We have observed multiple cybercriminal actors, including Storm-0259, Storm-2227, Storm-1575, Storm-1747."
decipher.sc/2026/01/14/m...
14.01.2026 17:50 β π 0 π 1 π¬ 0 π 0
YouTube video by Decipher
The Future of Vulnerability Management With Jeremiah Grossman and Robert "RSnake" Hansen
Our latest podcast is out and it's a very fun and insightful conversation with Jeremiah Grossman and Robert Hansen on vulnerability management, building a new platform from scratch at Root Evidence, and very fast cars ποΈ
youtu.be/5eSgyYSEP0s?...
13.01.2026 15:05 β π 2 π 0 π¬ 0 π 1
Coming up tomorrow on the podcast: Jeremiah Grossman
and Robert Hansen join @dennisf.bsky.social to talk about Jeremiah's car collection. Oh, and some vulnerability management stuff they're building at Root Evidence. Subscribe here: www.youtube.com/@DecipherSec
12.01.2026 16:43 β π 0 π 1 π¬ 0 π 0
Whoa this looks rad. Might be good for one of our hacker movie podcasts!
09.01.2026 20:14 β π 1 π 0 π¬ 0 π 0
A New Chinese APT Debuts and React2Shell Attacks Spike
Security Without Fear
First podcast of 2026 is up! ποΈ
β
New Chinese APT UAT-7290 gets busy
β
Attacks against CVE-2025-55182 React2Shell π
β
News about upcoming podcast guests (spoiler alert!)
decipher.sc/podcasts/a-n...
09.01.2026 15:42 β π 1 π 0 π¬ 0 π 1
Listen to our buddies. (They actually are our buddies, which is cool, right??)
06.01.2026 18:31 β π 1 π 2 π¬ 0 π 0
Exec Prod β Joybubbles @ Sundance
π¬ Sci-Fi Filmmaker
π Academic
π Immersive Theatre Fan & Creator
πΊοΈ SF Bay Area
Director: https://cameowood.com
Work: @CharmingStranger.com
SBOM Champion. Full service technocrat. Now at @CISAgov, formerly NTIA. Lapsed{engineer, academic, author}. Personal Account. Food, drink, dogs, SBOM
Cloudflare is the worldβs leading connectivity cloud, and we have our eyes set on an ambitious goal β to help build a better Internet.
π± | Duo.com
π | Duo is now a part of @Cisco.com
π | Human-Centered Security Solutions
Fighting malicious use of technology.
Deputy CISO @ Stripe. I like art. cDc β€οΈοΏΌπ«΅
// Somehow a CTO
// JHU SAIS @alperovitch.institute adjunct
// @istorg.bsky.social adjunct sr tech advisor
// Former USCYBERCOM/CNMF
// Retired US Marine Corps
// Personal views and invective
All things cybersecurity, incident response, threat Intel, AI, and law. Founded @AdvancedCyberLaw.com after forever @MSFT. Host of @AdvancingCyber.com Podcast on Apple Podcast and Spotify. Mom to humans, dog, and cat. Seeks big mountains and lakes.
Digital Forensics and Incident Response
@Google :: I write open source tools :: Creator of OpenRelik and Timesketch
https://openrelik.org/
https://timesketch.org/
#DFIR β’ Posts are my own β’ he/him
Product Security Leadβ¨@Salesforce. Technology enthusiast, security nerd, grey beard developer. Opinions are my own.
Cyber security, climbing, caving and diving! π
Substack: http://lcamtuf.substack.com/archive
Homepage: http://lcamtuf.coredump.cx
Startup CISO. BSidesLV Lockpick. Hacker lawyer. Amzn & Google alum, USCG wife, Wellesley, GMU Law. IAAL but IANYL.
Writer for WIRED. Author of SANDWORM. Latest book, TRACERS IN THE DARK: The Global Hunt for the Crime Lords of Cryptocurrency, out now. agreenberg@wired.com. Andy.01 on Signal.
Immigrant. VP Security Intelligence @Forescout, Co-founder @RespectInSec. Board @vaultree, Cybersecurity Futurist, Researcher, Award-winning writer/producer. He/Him. Pussy in bio.
Substack - Ferguson.ink
Slava Ukraini πΊπ¦
Journalist at Bloomberg News in DC. Signal: @howelloneill.01, email: patoneill1@bloomberg.net https://www.bloomberg.com/authors/AXb8dLPHBFc/patrick-howell-oneill
Recorded Future - Ransomware Researcher
Owner @greenarcher.io - Yours Truly, Johnny Dollar | The Press Guardian | The Clock | The Green Archer
Weird mix of security, comics, photography and wine!
www.greenarcher.io
Itβs me. Sherrod DeGrippo
Scientist, safecracker, etc. McDevitt Professor of Computer Science and Law at Georgetown. So-called expert on election security and a few other things. Slow photographer. RF nerd. Occasionally blogs at https://mattblaze.org/blog
