Wicked Pond

How CR’s Testing Team is Boosting Security—One Smart Product at a Time - Innovation at Consumer Reports Take a look inside CR’s testing lab, where our engineers are strengthening the security of connected devices and boosting consumer trust

The @consumerreports.org cybersecurity testing lab has helped improve security for several connected products. We showcase a few examples of what they have found and how they work with companies to improve product security. Also, if you're building a connected device, encrypt your traffic.

Canada says hacktivists breached water and energy facilities The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that c...

I'm struggling to understand why the attackers are classified as hacktivists and not nation-state attackers as when Salt Typhoon made similar compromises.

www.bleepingcomputer.com/news/securit...

Well doesn’t this @axios cybersecurity news item just sum up the state of consumer internet privacy

‘You can be an ethical hacker, not a criminal one’: the initiative guiding young gamers into cybersecurity Online criminal gangs are targeting young gamers for their coding skills. Yet a new partnership between Co-op and The Hacking Games seeks to harness these skills for good, providing potential careers ...

“If you’re being arrested at 17, you’re being weaponised at around 11. It’s not happening overnight & the entry point is gaming, which acts as a live lab for skill set development. These young people are modifying and hacking games to find the loopholes.” www.theguardian.com/from-play-to...

Контроль за работой «белых» хакеров предложили передать ФСБ ФСБ сможет устанавливать требования для «белых» хакеров: тем, кто им не будет соответствовать, запретят работать. Найденными «пробелами» в инфозащите программисты должны будут делиться и с компанией, ...

Full details (in Russian)
www.rbc.ru/technology_a...

Regulation of white hat hackers is coming soon to Russia. The FSB will be able to set requirements for white hats: those who do not comply with them will be banned from working. Programmers will have to share the found "gaps" in information protection with both the company and the special services

The surveillance empire that tracked world leaders, a Vatican enemy, and maybe you Inside the hidden world of First Wap, whose untraceable tech has targeted politicians, journalists, celebrities, and activists around the globe.

Mother Jones on First Wap's SS7 based tracker. The old an insecure phone system keeps giving.

www.motherjones.com/politics/202...

DEFCON talk on Linux kernel bugs drives AI slop row "The code would not compile or run. This all points to LLM hallucination..."

Was this DEFCON eBPF bug talk hallucinated?
www.thestack.technology/defcon-ebpf-...

No, It was Castle Hill Inn.

"L0pht Heavy Industries" Sticker for Sale by FancyFerret L0pht Heavy Industries • Millions of unique designs by independent artists. Find your thing.

Like this? www.redbubble.com/i/sticker/L0...

The kids aren’t alright: Why cybersecurity needs unconventional talent As the average age of cybercriminals gets younger, the cybersecurity industry is desperately short of the skills it needs to adapt and innovate. Turning cybersecurity ...

Hackers are getting younger and we need to stage an intervention.

“Twenty-five years ago, you had to use unconventional talent in cybersecurity because there were no degree programmes or bootcamps,”

We need to tap in to this talent like we did back then.

www.computing.co.uk/feature/the-...

Stellar weekend in Newport, RI. My daughter got married to a wonderful man! My son even played in the band. So happy and grateful for family!

YouTube video by BruCON Security Conference 03 - BruCON 0x11 - Epochalypse Now The Coming Collapse of Time Integrity Trey Darley Pedro Umbelino

Watch the presentation from BruCon. www.youtube.com/watch?v=L9m9...

Are you ready for the 2036 Epochalypse and the 2038 Time Rollover? This makes Y2K seem easy.

Donate to Supporting the Shea Family in Loving Memory of Caspian, organized by Debra Kavaler Wysopal On behalf of the Shea family, we have created this page of su… Debra Kavaler Wysopal needs your support for Supporting the Shea Family in Loving Memory of Caspian

gofund.me/ae3e52797
It is with great sadness I share the passing of Caspian Shea youngest son of Johanna and Dylan. We are asking for your support covering medical and funeral arrangements during this unimaginable time. Please consider donating - but do share far and wide

Donate to Supporting the Shea Family in Loving Memory of Caspian, organized by Debra Kavaler Wysopal On behalf of the Shea family, we have created this page of su… Debra Kavaler Wysopal needs your support for Supporting the Shea Family in Loving Memory of Caspian

I write this post with a sad and heavy heart. My close friends Dylan and Jo's child, Caspian, has died. You may know Dylan as FreqOut, a longtime member of the hacker community (cDc). The family faces significant medical and funeral costs. If you can, please donate or share: gofund.me/13b9506f0

Intercepting Talent: Turning Hackers Into Cyber Defenders Teen hackers are reshaping cybersecurity. Channeling their curiosity into ethical hacking could transform risks into the next wave of defenders.

Teen hackers aren’t villains-in-waiting, they’re untapped defenders. We can intercept talent early, show real career paths, and turn curiosity into cyber defense. My take on building ethical on-ramps for #cybersecurity www.forbes.com/councils/for...

Goggins was in Boston and saw the movie with us!

Movie poster for “Hackers”

30 years ago today, I saw Hackers in theaters with my crew @l0pht.bsky.social Later, I met my wife @debdebdeb.bsky.social on IRC. Then I co-founded a cybersecurity company @veracode.bsky.social with fellow L0pht hacker @dildog.l0pht.com What a journey! Anyone else feeling old? Post your story.

BOSTON AREA #synthsky! Hidden Fountain is having our video release show at the French Club in N Cambridge this Saturday. Music from us, Mute City, Bell System (sifu.tweety.fish), and Kathy Snax, followed by videos and short films from Coco Roy and AV Carraway! info/tix at hiddenfounta.in.

We may never know the answer to that question but all first responders are part of the World Trade Center Health Program which provides monitoring and treatment and the World Trade Center Health Registry which tracks health over time.

Smiling as she rings the radiation bell at the treatment center—celebrating an end-of-radiation milestone on Sept 10

On this Sept 11, we remember. My wife served at Ground Zero as a first responder. Yesterday she rang the radiation bell, a milestone on her road to beating breast cancer. Grief + gratitude, service + strength. Proud of her. #NeverForget #FirstResponder #BreastCancer

Cybersecurity research is getting new ethics rules, here's what you need to know - Help Net Security Cybersecurity research ethics is required at top conferences. A guide helps researchers balance innovation, risk, stakeholder responsibility.

Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis.
www.helpnetsecurity.com/2025/09/08/c...

Will software companies with CDUs utilize zero day that they know about in their shipping products? Will companies with endpoint agents they control use them for offense? So many questions.

Cybersecurity AI: Hacking the AI Hackers via Prompt Injection We demonstrate how AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks. Prompt injection is reminiscent of cross-site scripting (XSS): malicious text is hi...

Who hacks the hackers?

arxiv.org/abs/2508.21669

should be "use of prohibited legacy protocols"

During a routine cybersecurity review, DHS CIO discovered significant security vulns that gave a threat actor access to FEMA’s network.

FEMA CIO, CISO, 22 IT employees terminated

Lack of MFA, prohibited legacy protocols, failing to fix known and critical vulns, inadequate operational visibility.

The AI Vulnerability Crisis is Coming — Can Defenders Catch Up? AI is becoming an autonomous exploit engine. Experts warn of an AI-driven vulnerability crisis — but resilience, alliances, and action can blunt the impact.

The AI Vulnerability Crisis is Coming — Can Defenders Catch Up?
securityboulevard.com/2025/09/the-...

Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can't Legally Release His Software A firmware update broke a series of popular third-party exercise apps. A developer fixed it, winning a $20,000 bounty from Louis Rossmann.

An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it.

www.404media.co/developer-un...

A hacker used AI to automate an 'unprecedented' cybercrime spree, Anthropic says The company behind the Claude chatbot said it caught a hacker using its chatbot to identify, hack and extort at least 17 companies.

LLM automated attacks and extortion is here

www.nbcnews.com/tech/securit...