Please take some time to look through some of the discoveries photographed in 2025. It should interest some invertebrate enthusiasts. yes? yes? bit.ly/nickybay2025

Sharks, as an evolutionary pathway, are older than the rings of Saturn.

German energy company Vereinigte Stadtwerke suffered a cyberattack. Supply chain attack: compromise of the company's external IT service provider, then access to breach VS itself. Data leaked from one server. www.vereinigte-stadtwerke.de/presse/cyber...

Treasury removes sanctions for three executives tied to spyware maker Intellexa therecord.media/treasury-san...

I can’t even keep up with this talk, they just showed two different(?) PoCs that spoof perfectly credible signatures from Satoshi and Angela Merkel. The talk started with them booting a spoofed Fedora ISO after checking the signature. 14 vulns, 9 unpatched.

ColdFusion++ Christmas Campaign: Catching a Coordinated Callback Calamity https://www.labs.greynoise.io/grimoire/2025-12-26-coldfusion/

Christmas Eve miracle: Fortinet admits new exploitation of a 2020 bug www.fortinet.com/blog/psirt-b...

Password vaults stolen from LastPass at the end of 2022 were cracked and used to steal cryptocurrency as recently as this year, with the stolen funds being laundered through Russia-based cryptocurrency exchanges www.trmlabs.com/resources/bl...

At Insomni'hack 2025, Christian & Marcel introduced EL3XIR, a framework for fuzzing TrustZone-based TEEs. Get your ticket for 2026 now and gift a spot for those wishing more security innovations: insomnihack.ch?utm_source=b... #InsomniHack #Cybersecurity #Infosec #INSO2026

A group of endangered “galaxy frogs” are missing, presumed dead, after trespassing photographers reportedly destroyed their microhabitats for photos. Melanobatrachus indicus lives under logs in the lush rainforest in Kerala, India. #ClimateChange www.theguardian.com/environment/...

Yall it’s not taking you to an ad. It’s taking you to a Consumer Experience

Do you think, if you opened Google Maps and there was a quest marker a mile away, you’d go there

Is nobody even trying things before claiming AI can't do something? One of my main uses for LLMs is analyzing a codebase and telling me about, answering my questions about it, and finding things deep inside big ones that would take forever to find. And they've been good at this for a while now

An absolutely superb podcast from my colleague @tom.risky.biz and @thegrugq.bsky.social featuring Hamid Kashfi discussing the evolution of Iranian APTs. 10/10 risky.biz/BTN148/

As you may know, I have stopped using Twitter, and have decided to reproduce some of my more memorable threads here for posterity. Here’s one I hold wrote after a particularly engaging swordfighting lesson. Buckle up, swordfighting fans, because I *have* studied my Agrippa! [BIG ASS THREAD]

"people with renaissance-level art skills don't exist anymore" yes they do their username is something like 03748218_ and they spend all their time drawing pornography so deranged it'd kill hugh hefner a second time

I don't really understand pepper like black pepper that people put on everything and I'm not sure why. I feel like it's some kind of conspiracy or marketing magical thing

please buy The Originalism Trap--my writing is better, my analysis is sharper, and I have never been professionally or personally involved with RFK Jr bookshop.org/p/books/the-...

SKULL OF THOMAS AQUINAS: TAKE A LEFT NOW PRIEST: No, the GPS says we have to keep going— SKULL: I KNOW A SHORTCUT PRIEST: Do you remember the last ti— SKULL: FOR THOSE WITH FAITH, NO EVIDENCE IS NECESSARY; FOR THOSE WITHOUT IT, NO EVIDENCE WILL SUFFICE

The names of two partial owners of contractor firms linked to China's Salt Typhoon hacker group also appeared in records for Cisco's "Networking Academy" global training program—years before those hackers targeted Cisco's devices in their sweeping spy campaign. www.wired.com/story/2-men-...

This is where originalism is really spiritually aligned with straussianism—you, the clever contemporary scholar, are capable of uncovering the true hidden meaning that for centuries has eluded all those other chumps

A Chinese think tank has published a hit piece on seven cybersecurity and policy experts specializing in Chinese cyber operations www.guancha.cn/xinzhiguanch...

A gallery of Cephalotes turtle ants, denizens of the treetops in tropical American forests.

I am often asked: What is the best telescope to buy for someone just getting into astronomy? 🪐🔭👀 As a theorist, I am absolutely useless and can tell you nothing. HOWEVER, my friend the wonderful @philplait.bsky.social is NOT useless and has great advice & relevant links here! ⤵️

who controls the context window controls the future

who controls the present controls the training dataset

Post a photo of an animal that looks Gen-AI but is 100% real. Hegemona lineata, Belize.

This looks rad as hell

Very sad to hear that anti-virus veteran Vesselin Bontchev has cancer. He's posted about it up here on LinkedIn: www.linkedin.com/posts/bontch... Or you can read his blog post where he shares his recent experiences at the hospital: bontchev.nlcv.bas.bg/bye.html

i think to understand the meaning of the birthright citizenship clause to the framers of the 14th amendment, you have to understand significance of dred scott to the civil war republican party. dred scott wasn't just a bad ruling, it was understood as a rejection of the declaration itself.

How cool is this cover?

Great book

#FUZZING'26 CALL FOR PAPERS ────── ✨ After 5 years, we will be again co-located with NDSS! 🔗 fuzzing-workshop.github.io 📅 11. Dec (Submission) //cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)

Rest in peace stealth :( www.thc.org/404/stealth/...

According to AhnLab, the N. Korean Lazarus Group, responsible for the recent massive theft from crypto exchange Upbit, has engaged in 31 cyberattacks, followed by DPRK's Kimsuky, which has launched 27 cyberattacks, over the past year. en.yna.co.kr/view/AEN2025...

[Correcting an earlier post] This is creepy. The Iranian hacking group Handala hacked an Israeli nuclear scientist’s car and left a threatening message. www.ynetnews.com/article/s161...

You take the heros you can get: How Craig Jones Is Trolling the Culture Warriors Taking Over His Sport - The New York Times share.google/SOIhkOx8Qud2...

As SBOMs slowly progress at the federal level and in enterprises, the rise of AI coding assistants is fueling optimistic—and, some experts argue, “kind of insane”—claims about a future with vulnerability-free software. Check out my latest CyberScoop piece. 1/2 cyberscoop.com/sbom-adoptio...

On the heels of @dlshad.net and @davidmagnotti.bsky.social’s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...

Our study of time processing in bumblebees 🐝 covered by @cnn.com here edition.cnn.com/2025/11/12/s... . Our summary is here youtu.be/hsGxU65OMQk and the original paper royalsocietypublishing.org/doi/full/10.... @royalsocietypublishing.org

We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...

Recent outages from major US cloud providers have jolted Germany into confronting America’s tech dominance. 

Here's a different species, from Ecuador.

Finding 0day is the one unsaturated LLM eval left

Dan Geer has a new essay on the shift toward indeterminism in computing and implications for security. “The limiting factor in offensive capability is not finding vulnerabilities, it is having the talent to turn them into dependable tools”. @daveaitel.bsky.social www.computer.org/csdl/magazin...