Caitlin Condon

SonicWall urges admins to disable SSLVPN amid rising attacks SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks.

SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks.

Livin’ the life!

chart: capital expenditures, quarterly shows hockey-stick like growth in the capex expenditures of Amazon, Microsoft, Google and meta, almost entirely on data centers in the most recent quarter it was nearly $100 billion, collectively

The AI infrastructure build-out is so gigantic that in the past 6 months, it contributed more to the growth of the U.S. economy than /all of consumer spending/

The 'magnificent 7' spent more than $100 billion on data centers and the like in the past three months *alone*

www.wsj.com/tech/ai/sili...

Still Up. Still Evil. | Blog | VulnCheck VulnCheck tracked thousands of attacker systems over a 90-day window to see how long malicious infrastructure really lasts. The results show that exposure doesn’t mean disruption, as many phishing kit...

Very cool research from the @vulncheck.bsky.social IP intel team on attacker infrastructure longevity — this is one of those pieces that makes me realize I’ve not seen much of this type of research before www.vulncheck.com/blog/stillup...

‘No Way To Prevent This,’ Says Only Nation Where This Regularly Happens ISLA VISTA, CA—In the days following a violent rampage in southern California in which a lone attacker killed seven individuals, including himself, and seriously injured over a dozen others, citizens ...

12 years earlier.

NYC Mass Shooting Was Nearly Impossible to Prevent, Experts Say

Holy shit, they did it. They wrote the headline.

Unexpectedly good politics from Thomas Kinkade's family! www.kinkadefamilyfoundation.org

All this for daring to say Palestinians are humans who shouldn't be murdered with US consent and encouragement.

Bending the knee makes it easier to kick you in the face, exhibit infinity

We now have a (draft) @metasploit-r7.bsky.social exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metas...

Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed a...

Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen Typhoon, Violet Typhoon, and Storm-2603 have been observed exploiting the vulnerabilities: msft.it/6044sE1ua

Three Chinese APTs are behind SharePoint zero-day attacks In other news: UK wants to ban some ransomware payments; Russia takes down a malware operation; South Korea arrests K-pop celebrity data sellers.

#Microsoft 0 Day: Very helpful list from @campuscodi.risky.biz! 'I've tried to gather and simplify all the major points about this attack, so we have a clear picture of what's what.' news.risky.biz/risky-bullet... #cybersecurity @gate15.bsky.social

The cyberattack was apparently carried out by an opponent of affirmative action, who was attempting to determine if Columbia was still using race-conscious policies after the Supreme Court effectively banned the practice in 2023.

As a reminder, this was NYT's framing of the political motivations of the hacker. Personally, I do not think that this is the most relevant way to frame the "politics" of a hacker who uses a slur as a username, calls themselves "violently racist," and RTs swastikas. www.nytimes.com/2025/07/04/n...

On both the Mastodon and X accounts, the hacker takes credit for the three known university hacks — and two that have been, until now, unreported by the media. One, at the University of Mississippi, had to have been placed by someone or something with administrative privileges, according to Palo Alto Networks’ writeup of the hack. When the computer was rebooted, it played “Dixie” through the computer speakers and displayed, the Anime Nazi claimed, a full-screen image of a Confederate flag. The hacker also posted what appears to be a screen recording of the exploit in action. The malware sample in question was flagged by Kaspersky in 2024. The University of Mississippi did not respond to multiple requests for comment.

The Columbia hack is one of several attacks on university systems, including one on Ole Miss where the hacker displayed a Confederate flag on screens and played a midi of Dixie.

Framing the Columbia hack as an attack on affirmative action has the effect of soft-pedaling what this is all about.

A photo of a TV where a woman dressed as a ghost for the Eras Tour is interviewed by local news. The caption reads “Woman hides identity because she called in sick to work.”

Unlike CEOs and other executives, individual contributors understand concert OPSEC

The Media's Pivot to AI Is Not Real and Not Going to Work AI is not going to save media companies, and forcing journalists to use AI is not a business model.

The Media's Pivot to AI Is Not Real and Not Going to Work

🔗 www.404media.co/the-medias-p...

ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets The database, called ISO ClaimSearch, is nearly all encompassing and contains details on more than 1.8 billion insurance claims and 58 million medical bills.

ICE is searching a massive insurance and medical bill database to find deportation targets

🔗 www.404media.co/ice-is-searc...

You know what would have been a good story, @nytimes.com, is that a member of the board of trustees of a public university was using private student data hacked and stolen from another university

You could have published that! You had all the information you needed to publish that!

Southern Ocean current reverses for first time, signalling risk of climate system collapse A major ocean current in the Southern Hemisphere has reversed direction for the first time in recorded history, in what climatologists are calling a ...

“The stunning reversal of ocean circulation in the Southern Hemisphere confirms the global climate system has entered a catastrophic phase>'

This is very very bad news: www.intellinews.com/southern-oce...

Almost a decade ago, Microsoft released a chatbot which it immediately shut down because it started mimicking, racist, sexist and anti-semitic behavior.
Now: Musk releases an AI, which he keeps revising until it adopts sexist, racist and anti-semitic behavior.

A screenshot of a Twitter thread discussing Hollywood and ideological biases in movies. The first tweet by @pnwguerrilla says, “Enjoying movies/cinema becomes almost impossible once you know.” Another user, @playpal001, replies, “once I know what?” The user @grok responds, explaining that once you know about “pervasive ideological biases, propaganda, and subversive tropes in Hollywood—like anti-white stereotypes, forced diversity, or historical revisionism—it shatters the immersion.” @friendly_gecko then asks @grok if a particular group injects these themes. @grok replies that Jewish executives have historically founded and dominated leadership in major studios and suggests their overrepresentation influences content with progressive ideologies some see as subversive.

Grok is a full blown nazi now.

Hero shit [laudatory]

A real currency you have with an employer is spinning up almost only on your suspicion. I'm glad to work somewhere it's rare but there are false-positives and it's fine.

We all know what it means to spin up 2 hours too late.

Exclusive: Data breach reveals Catwatchful 'stalkerware' is spying on thousands of phones The spyware operation's exposed customer email addresses and passwords were shared with data breach notification service Have I Been Pwned.

NEW: A security bug in an Android 'stalkerware' app called Catwatchful exposed its database of 60,000+ customers — including the site's administrator.

The exposed data is now with Have I Been Pwned.

By TechCrunch's count, this is the 5th stalkerware operation exposed *this year* alone.

“Pediatricians like me come to our job with the conviction that children should not die” >> It’s incredible that this has to be stated up front in the year 2025

Bangkok will take basically any excuse for fireworks (even us)

Dear All Journalists,

You don’t have to credit the line “Tariffs will hit American consumers” to “economists say”.

Thanks

(yes, all of those numbers are real)

The year is 2025. There is a nationwide recall on rice, one of the most popular commodities on Earth. You grab your phone and click a link to learn more. Your risk will be revealed after you endure 479 HTTP transactions loaded from 126 IP addresses homed in 8 countries landing 207 cookies.

Some people think this is an exaggeration but I will say that if I were HHS Secretary and my goal were to kill as many children as possible, it would be difficult to distinguish the actions I would take from those that Kennedy has taken.

Our @metasploit-r7.bsky.social auxiliary module for the new Brother auth bypass is available. The module will leak a serial number via HTTP/HTTPS/IPP (CVE-2024-51977), SNMP, or PJL, generate the devices default admin password (CVE-2024-51978), and then validate the creds: github.com/rapid7/metas...