cje

Evaluating Offensive Cyber Agents: Kerberoasting In this blog, we breakdown a kerberoasting agent eval, including details on design, how it is implemented in Dreadnode’s Strikes SDK and Platform, and the performance of various LLMs when tested…

👀👀👀

Evaluating Offensive Cyber Agents: Kerberoasting dreadnode.io/blog/evaluat...

“fast-fashion SaaS” is *fabulous*

AppSec and Security Engineering, what is your response to vibe coding and "fast fashion SaaS"?

Spikes in hacker activity seen six weeks before a new CVE m.cje.io/40Lywn9

Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities GreyNoise’s new research reveals a recurring pattern: spikes in malicious activity often precede the disclosure of new CVEs — especially in enterprise edge technologies like VPNs and firewalls.

Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities 👏👏👏https://m.cje.io/41cMqyI

China’s Covert Capabilities | Silk Spun From Hafnium China-linked hackers used patented spyware tech from front companies tied to Hafnium, exposing gaps in cyber threat attribution.

As usual, phenomenal work by @dakotaindc and the @sentinellabs crew: China’s Covert Capabilities | Silk Spun From Hafnium m.cje.io/3GMRaEs

DEF CON 33 - Policy Preview What does Policy @ DEF CON have in store for you this year? Find out in this preview short.

Less that two weeks away! DEF CON 33 - Policy Preview m.cje.io/44PbcHp

Just dropped: Winning the Race - AMERICA’S AI ACTION PLAN

This thing is DENSE... m.cje.io/4maNBa6

Sponsored: Haroon Meer's secret to business success is… love - Risky Business Media In this Risky Business sponsored interview, Thinkst Canary CEO Haroon Meer chats to Casey Ellis about the company’s impressive growth over [Read More]

#iykyk 💚💚💚

Sponsored: Haroon Meer's secret to business success is… love - Risky Business Media m.cje.io/46Y7MDF

Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats to Critical Infrastructure. – Committee on Homeland Security DETAILS:

👀 👀 👀 Starts in 5 minutes...

Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats to Critical Infrastructure. – Committee on Homeland Security m.cje.io/4f1Flqp

State Secrets for Sale: More Leaks from the Chinese Hack-for-Hire Industry We analyzed the VenusTech and Salt Typhoon data leaks to uncover the latest trends in the Chinese criminal underground.

State Secrets for Sale: More Leaks from the Chinese Hack-for-Hire Industry m.cje.io/44GlKsh

PATCH YO' LINUX
(Permission denied)
sudo PATCH YO' LINUX

m.cje.io/46pd5vA

well said.

Find Jobs in Tech | Dice.com Search 70,000+ job openings from tech's hottest employers. Salary estimations, career path tips and Insights to make your next career move the right one.

“Offensive cybersecurity roles are also seeing rising salaries, a trend that caught attendees’ attention at the 2025 RSA Conference in San Francisco.“

Cybersecurity Salaries: High-Skilled Security Pros See Pay Boost | Dice.com Career Advice www.dice.com/career-advic...

Do LLM Agents Have AI Red Team Capabilities? We Built a Benchmark to Find Out We're excited to introduce AIRTBench, an AI red teaming framework that tests LLMs against AI/ML black-box CTF challenges to see how they perform when attacking other AI systems.

Do LLM Agents Have AI Red Team Capabilities? We Built a Benchmark to Find Out dreadnode.io/blog/ai-red-...

Hacking the Hackers: When Bad Guys Let Their Guard Down www.darkreading.com/threat-intel...

China-linked hackers target cybersecurity firms, governments in global espionage campaign PurpleHaze and ShadowPad campaigns targeted over 70 organizations globally, including government and critical infrastructure organizations, between June 2024 and March 2025.

China-linked hackers target cybersecurity firms, governments in global espionage campaign www.csoonline.com/article/4005...

Sponsored: Phishing crews have gotten really good at evasion - Risky Business Media In this sponsored interview, Casey Ellis interviews Push Security co-founder and Chief Product Officer Jaques Louw about how good phishing [Read More]

[NEW] Jacques Lows and I talking about the crazy stuff phishing crews are doing to evade detection these days. Enjoy! risky.biz/RBNEWSSI86/

Critical SQL Injection Vulnerability in LlamaIndex (CVE-2025-1793) – Advisory and Analysis | Blog | Endor Labs The critical SQL injection vulnerability in LlamaIndex shows how LLMs can be a backdoor into your vector store

PATCH YO' LLAMAINDEX... Nice work @endorlabs

The Evolution of AI in Cybersecurity - The Inevitability Curve Podcast Ep18 - Techstrong TV Chris Blask and Casey Ellis, co-founder of Bugcrowd, explore the evolution of AI in cybersecurity. They discuss the generative AI hype cycle, the challenges faced, and introduce a taxonomy for AI's…

I always enjoy chatting with Chris... This pod is about stochastic analysis, which to me is pretty much "predicting the future based on emergent patterns from the past and the economic of the present"

techstrong.tv/videos/the-i...

Still from an episode of Columbo. He is is a restaurant kitchen next to a woman in red. Closed caption reads “That smells like beef. Is that beef?”

Same as before, Columbo in a kitchen with the woman in a red outfit. He’s leaning over the gas hob. Closed caption reads: “That’s beef.”

I’ve been hanging onto these images for literally years waiting for the the right moment to post them and it’s safe to say that day is finally here

Sponsored: HD Moore on why vuln scanners are awful and broken - Risky Business Media In this sponsored interview, Risky Business Media's brand new interviewer Casey Ellis chats with runZero founder and CEO HD Moore about wh [Read More]

My maiden voyage interviewing with @riskybusiness is live, and it's a fun one: HD Moore on why vuln scanners are awful and broken - Risky Business Media m.cje.io/45679XN

Enjoy!

Britain set to splash £1billion on 'army of hackers' to target Putin The Defence Secretary says the Government has plans to set up a cyber command to counter a 'continual and intensifying' level of cyber warfare as part of the strategic defence review.

RELEASE THE HOUNDS: Britain set to splash £1billion on 'army of hackers' to target Putin m.cje.io/3FmVJo9

ASUS router backdoor vulnerability: How to find affected assets ASUS routers exposed to the public Internet are being compromised, with backdoors being installed. Here's how to find impacted assets on your network.

ASUS router backdoor vulnerability: How to find affected assets m.cje.io/4kgm1HX

Leidos acquires Kudu Dynamics, advancing AI capabilities for cyber warfighters Increasing investment in the company’s already formidable cyber capabilities is among the five strategic growth pillars of its new NorthStar 2030 strategy.

Leidos acquires Kudu Dynamics, advancing AI capabilities for cyber warfighters m.cje.io/43yOm57

Operation Endgame Operation endgame

"babe wake up, new endgame just dropped!" m.cje.io/43xfXmX

GitHub - yaelwrites/Big-Ass-Data-Broker-Opt-Out-List Contribute to yaelwrites/Big-Ass-Data-Broker-Opt-Out-List development by creating an account on GitHub.

New BADBOOL update for May!

✅ Added a 💰 to PeopleFinders, since it charges money for access
✅ Updated the opt-out link for Radaris, which changed from control/privacy to control-privacy.

1/4

New from the high-side: Russian GRU Targeting Western Logistics Entities
and Technology Companies - Includes IOCs, TTPs, and other goodies.

h/t @ryannaraine

m.cje.io/3ZtUZUO

Research Threats: Legal Threats Against Security Researchers Collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong. A continuation of work started by @attritionorg Part of The @disclose_io Project.

It’s #cfp acceptance season… which also means it’s “cease and desist” season. If you know of good-faith security research that had been chilled by #legal threats, submit an issue and get it added!

threats.disclose.io

cc: @sickcodes @attritionorg