Ben Read

Follow this thread 👇

With the inaugural SOS just 18 days away, we'll be highlighting a few of the amazing talks you'll be hearing on October 28 in Brussels!

stateofstatecraft.com/agenda

Get a ticket while you still can! 🎟️🎟️🎟️

"What if, in the process of trying to ban AI products that quite actually encourage children to kill themselves, we wind up banning chatbots that help children cheat on their homework, diminish their propensity for critical thought, and lead to the development of other forms of AI psychosis?"

Berlin

The Comey Indictment Is Not Just Payback — The Atlantic It’s an advance glimpse of Trump’s next attempted seizure of power

“James Comey’s rights and liberties are not the only ones at risk today. So is your own right to participate in free and fair elections in order to render a verdict on Trump’s invasion of those rights and liberties.” From @davidfrum.bsky.social apple.news/AX8_ub4UHR0G...

🚨 #Shai-Hulud: Major npm supply chain attack.

100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.

Guidance + detections inside

www.wiz.io/blog/shai-hu...

Airlines Sell 5 Billion Plane Ticket Records to the Government For Warrantless Searching New documents obtained by 404 Media show how a data broker owned by American Airlines, United, Delta, and many other airlines is selling masses of passenger data to the U.S. government.

New from 404 Media: airlines are selling *5 billion* ticketing records to the government for warrantless searching, per new docs we obtained. ARC is a data broker owned by United, American, Delta, etc. Then sells peoples' travel info to ICE, Secret Service, FBI etc www.404media.co/airlines-sel...

A private individual with power to get public servants fired, put them at physical risk, get them investigated, threaten their post government careers, go after their families and defame them with fantasies is an enormous threat to our national security and public well being. This can't stand.

Wiz Uncovers SES Abuse Campaign Using Stolen AWS Access Keys | Wiz Blog From leaked AWS access keys to large-scale spam: Wiz Research uncovered a live Amazon SES abuse campaign, turning insights into early-warning detections.

A fun investigation from the team here at @wizsecurity.bsky.social www.wiz.io/blog/wiz-dis...

Showing how leaked/stolen AWS keys can be used to enable other financially motivated schemes. (s/o to our friends at Proofpoint who helped us get some context on the phishing emails)

Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.

Cinnamon Toast Crunch with Strawberry

Cinnamon Toast Crunch with Strawberry. Doesn't seem like it would add much, but who knows.

I can't speculate on Trump's health in this new press conference but he just ribbed Alabama Senator Tommy Tuberville over Bama losing badly on Saturday. Tuberville coached Auburn, Bama's big in-state conference rival.

TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io

#threatintel #threathunting #cti #reverseengineering #detection 1/9

The summer of 2025.

What we were promised

Vs

What we got

Photo of DOGE staffer Nate Cavanagh, a 28-year-old white man in a blue pullover, carrying a black backpack.

Photo of 53-year-old Afghan scholar Mohammad Halimi. He is sitting, wearing white pants and shirt with a brown vest.

On the left: Nate Cavanagh, a 28-year-old DOGE staffer and college dropout.

On the right: Mohammad Halimi, a 53-year-old exiled Afghan scholar.

This is the story of how DOGE targeted Halimi on social media.

Then the Taliban took his family. 🧵

Tracking Candiru’s DevilsTongue Spyware in Multiple Countries Recorded Future's Insikt Group uncovers active infrastructure linked to Candiru’s DevilsTongue spyware across multiple countries. Discover how this stealthy spyware targets high-value individuals and ...

1/ We've just released a new report uncovering new infrastructure tied to multiple activity clusters linked to the Israeli spyware vendor #Candiru across several countries. Full report: www.recordedfuture.com/research/tra...

This one seems fairly straightforward:
Cinnamon Toast Crunch Hershey's Kisses.

⚡Meet our Lightning Talk speakers at #BindingHookLive: @euben.bsky.social, @melissakgriffith.bsky.social, @benread.bsky.social, @disclosing.observer, Lena Riecke and Selena Larson! Request your invite: bindinghooklive.com

GitHub - pstirparo/machofile: machofile is a module to parse Mach-O binary files machofile is a module to parse Mach-O binary files - pstirparo/machofile

🍎 machofile 🍏 first official release is finally live: github.com/pstirparo/ma...

It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.

#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3

This thread has somehow hit 20 different Cinnamon Toast Crunch-related products.

Cinnamon Toast Crunch Iced Coffee, made with Victor Allen's

Now with Caffeine: Cinnamon Toast Crunch Iced Coffee. Featuring an amazing 30g of sugar. It was sandwiched between Twix and Snickers iced coffees.

Open Position Career Opportunity: Volexity is currently looking to hire Senior Threat Intelligence Analyst to join its rapidly growing services team.

@volexity.com is looking to grow our Threat Intelligence team. New job posting for Senior Analyst role is up here:

www.volexity.com/company/care...

If you have any questions, don't hesitate to ask.

The final interesting thing is that in the most recent incident, the releases were done by local police in Guangzhou.

The MSS was likely involved in the investigation, but having local officials lead the public communication suggests a pretty open mandate for public attribution to Taiwan.

This group (Green Spot, APT-C-01) has been linked to Taiwan since at least 2015 in industry reporting, so it's not a new claim, but the MSS seems content to coast on private sector credibility, as they offer no direct evidence of their own to support their attribution.

Redacted picture of 20 Taiwanese hackers named by the MSS

The MSS seems to be escalating this campaign. They're increasing the number (3, 4, then 20) of individuals and releasing more types of information. (just names in the first, then, dates of birth and ID numbers in later releases).

First, a shout out to @shakirov2036.bsky.social who had a great thread on this a few months ago

New from me: China has been ramping up its public attribution against Taiwan, likely in an attempt to shift the conversation on cyber intrusions and pressure the island and they're using their private sector cybersecurity companies to do it. Read the piece, but a few highlights, take aways in this 🧵

China is using cyber attribution to pressure Taiwan Mirroring Western tactics, China’s main intelligence agency and private sector allies are publicly unmasking alleged Taiwanese hackers in a gambit to sway domestic and international opinion

#PublicAttribution of cyber activities is #China’s latest technique for pressuring #Taiwan and shaping the international dialogue around #cybersecurity. @benread.bsky.social digs into the details on Binding Hook: bindinghook.com/articles-hoo...

Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting  | Proofpoint US Key findings  Between March and June 2025, Proofpoint Threat Research observed three Chinese state-sponsored threat actors conduct targeted phishing campaigns against the Taiwanese

New from the one and only pun-king @mkyo.bsky.social on the increased and ongoing Chinese targeting of semiconductor-related organisations in Taiwan. Edge device exploitation may be the TTP of the moment, but Chinese groups still go phishing when the chips are down www.proofpoint.com/us/blog/thre...