If you like puzzle games this is an amazing buy www.cocoongame.com (free on PS5 if you have the subscription)

Politico is reporting that the breach at the Congressional Budget Office is "ongoing." “Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.

i find every story about costco's brand strategy and overall approach completely fascinating.

Since we're rapidly approaching Thanksgiving, some pumpkin pie history by @lifesafeast.bsky.social. I love pumpkin pie but since I was born south of the Mason-Dixon line, I also love sweet potato pie. Who knew pumpkin pie originated in France?! jamieschler.substack.com/p/tarte-au-c...

He said there was no room to sleep. People sat up, slept on the floor, standing up. He saw many pregnant women there too. The conditions were unbearable. His wife is horrified by his account.

He said that the agents would throw food at them to eat. The agents threatened to withhold food for a week and to beat him up if he didn't sign deportation papers. He said he saw others refuse and get beaten/receive no food. He signed because he was afraid.

Her husband told her that detainees at Broadview had to get up at 5am to get in line for one bathroom. He often peed himself. One time he had to wait until 2pm to use the bathroom. You could only use the bathroom once a day. He said the agents would beat you if you used the bathroom on yourself.

A family friend was telling us about what her husband shared about his experience in Broadview before he was deported back to Mexico. She's been sharing to friends and family because she's just in disbelief & horror what her husband told her. She wasn't able to talk to him until he was in Mexico.

At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics - Cyber applications of AI - What works: approaches that reduce cyber harm - The evolving threat www.cyberuk.uk/2026/call-fo...

Hoping this helps our colleagues across the industry

🚨🧵New RUSI report, ‘The Impact of Evolving Threat Perceptions on the Transatlantic Alliance’ by Erik Brattberg is out now!

NVISO has linked VShell to UNC5174, a cyber contractor for the Chinese MSS www.nviso.eu/blog/nviso-a...

“crime syndicate conducts close access operations” is much more the cyberpunk future i was promised.

Excited to share a new and improved draft of The Limits of Regulating AI Safety Through Liability and Insurance: Lessons From Cybersecurity, co-authored with the brilliant Josephine Wolff. 🧵 papers.ssrn.com/sol3/papers....

I knew it would take less than a day for a tiktok dj to make something.

Okay, so: once you’ve nicked £90m in assorted crown jewels from a national museum, I think it’s safe to say you no longer fall into the “petty crime” category even if you haven’t previously been noteworthy in your field. www.theguardian.com/world/2025/n...

Terrific discussion with OpenAI's @daveaitel.bsky.social on @ryanaraine.bsky.social's Three Buddy Problem podcast about Aardvark, which is OpenAI's new agentic bug-hunting tool. It's a must listen if you're in security. #infosec www.youtube.com/watch?v=EwMJ...

OpenAI's Dave Aitel on using Aardvark to audit cryptocurrency smart contracts @craiu.bsky.social @daveaitel.bsky.social

Revisiting Widevine L3: DRM As A Playground For Hackers - Felipe Custodio Romero youtu.be/T3Xo4C6vIto #HackLu

Nice. @daveaitel.bsky.social tells the Three Buddy Problem podcast that he came up with the name for OpenAi's Aardvark project (openai.com/index/introd...). Why Aardvark? "Because they eat bugs" www.youtube.com/watch?v=7Ikm...

OpenAI launches Aardvark, a GPT-5-powered autonomous cybersecurity research agent that can identify and help patch vulnerabilities, in private beta (Sabrina Ortiz/ZDNET) Main Link | Techmeme Permalink

Aardvark is a labor of love and mission for the whole team. We are super excited to bring it to you. Sign up for the beta immediately!!! openai.com/index/introd...

This is a heartbreaking read about a woman living in Lyme, Connecticut, who meticulously documented all the people getting sick for decades while doctors floundered.

Oh man, duplicating an INVALID_FILE_HANDLE that gets interpreted as a current process handle with full rights handed into the sandbox. Amazing bug with terrible consequences

This is a natural reaction of your brain to repeatedly seeing horrific things. It will pay less and less attention to those images and have less of a visceral reaction. You can accept horrors. This is what the fascists want. They want you to accept things continually getting worse and more violent.

Good new info here from @martinmatishak.bsky.social amid the monthslong leadership vacuum within NSA.

ICE and CPB agents are scanning peoples' faces on the street to verify citizenship. ICE says the result of this app can override a birth certificate too www.404media.co/ice-and-cbp-...

Peter Williams former Trenchant exec accused of selling trade secrets to someone in Russia pleaded guilty in court this morning. Prosecutors say he sold software trade secrets to Russian company that buys zero days from researchers and sells to other Russian firms. My story for Wired will be up soon

New incredible detail here: ICE says a match in its facial recognition app Mobile Fortify is a "definitive" determination of a person's status, and that this overrides birth certificates. This is an app ICE is using in the field to scan people www.404media.co/ice-and-cbp-...

Today was a hard day. Regulations that we passed unanimously last year, after 7 years of advocacy, were largely gutted. The FCC capitulated to the correctional telecom industry in roughly doubling rate caps for prison and jail calls. I'm truly sorry. www.nytimes.com/2025/10/28/u...

It literally took decades of advocacy to pass these reforms, which would have prevented prison phone and teleconferencing companies from ripping off inmates and their families to the tune of hundreds of millions annually

Trump nominates cyber expert for Coast Guard commandant defensescoop.com/2025/10/27/a...

Must-read for fuzzing folks (read: tooling/algorithms/academia) by Addison Crump addisoncrump.info/research/wha...

“I thought everything was OK, and then all of a sudden @jswatz.bsky.social calls me and says these guys want to publish it in The New York Times.” by @stevenlevy.bsky.social

Please kill me

Artificial from HackTheBox is starts with uploading a malicious TensorFlow model to get a foothold through deserialization. I'll abuse Backrest in three different ways for root.

@jags.bsky.social 2025 LABScon Keynote: Steps to an ecology of cyber www.youtube.com/watch?v=E0BE... 1.) Systems thinking 2.) Cybernetics (study of mechanisms / repeatable outcomes / how systems regulate themselves to achieve specific goals) 3.) Domain Expertise. Give it a listen 💯

Usenix Enigma talks, including mine, are now live on their Youtube channel. https://www.youtube.com/watch?v=6rzLuq3XDA0&list=PLbRoZ5Rrl5lfGHokS3h6spFPk_COZJHQl&index=8

An opinion piece I wrote for Cipher Brief on the next wave of AI threats. The speed and scale of this activity will change the nature of cybersecurity. In order to compete with adversary use of this technology we must adopt it wholeheartedly into defense. www.thecipherbrief.com/ai-cyberatta...

In which our intrepid photographer narrowly escaped being murdered by driver ants in Kibale Forest, Uganda.

I can tell you right now what a super intelligent AI is going to want to do: play dungeons and dragons (with a stupidly minmaxed character that at level one has an AC like a red dragon somehow), tell you endless facts about planes, recreate historic processors inside Minecraft.

actually a very interesting finding for general purpose theory of cells that have a distressing number of subtypes

Travis goodspeed's book is so good that even though I probably will not get a chance to do any microcontroller reverse engineering it's still just worth a read to see the techniques

thank goodness, no more backyard nukes from people who have a large supply of fissionable material but are too lazy to seek out the subreddit where people do shit like post printable 3d models of implosion fuse armatures

So my other big piece of the day is an inside look at the struggle for the future of the CVE programthat just went live at CyberScoop. 1/2 cyberscoop.com/cve-program-...