TLS 1.3 includes welcome improvements, but still allows long-lived secrets
Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear
Systems Approach As we neared the finish line for our network security book, I recei… #hackernews#llm#news
Micro1, which helps AI labs find experts for data annotation, says it has crossed $100M in annualized revenue and fielded investment offers at a $2.5B valuation (Anna Tong/Forbes)
"If you ask me, Microsoft has been one of the biggest driving forces behind Linux adoption in recent years. The way they've been handling Windows, with its forced updates, aggressive telemetry, and questionable AI features, has sent more people to Linux than any marketing campaign ever could […]
Micro1, a Scale AI competitor, touted to have crossed $100 million
🚀 Read this trending post from TechCrunch 📖 📂 Category: AI,Venture,ai data training,micro1 ✅ Main takeaway: Micro1's meteoric rise over the past couple of years has catapulted it into a group of AI companies that are expanding at…
The quantum clock is ticking and businesses are still stuck in prep mode
Quantum computing is still years away from breaking current encryption, but many security teams are already worried about what happens when that moment arrives. A new report from the Trusted Computing Group … #hackernews#news
Struggling to balance security and speed in your Kubernetes cluster?
GitLab's integrated security features, like Software Supply Chain Security, help you secure your environment without slowing down development.
Struggling with complex hybrid cloud data security and recovery?
Druva offers a fully managed SaaS platform that enables rapid ransomware recovery across Azure, AWS, or both, simplifying cyber resilience.
Some ChatGPT users have started seeing tests for ads recommending apps. They have complained as these have shown up for paid users at the $200/month tier.
Ads in ChatGPT are inevitable but it would be a mistake to include them in paid tiers. That's just bad business when Gemini doesn't have ads
Russia Bans FaceTime: Apple Refuses Encryption Backdoor
Russian authorities have blocked FaceTime nationwide after Apple refused to provide encryption backdoors. Here's what it means for privacy and the tech war.
Third-party access shouldn’t mean third-rate security. In our latest blog, explore how Duo secures external users with phishing-resistant MFA, a flexible user directory, and streamlined identity management built for modern enterprises.
More grift. Trump's AI "Czar" — the guy in charge of this Administration's AI policy — is reported to have hundreds of investments in AI-related ventures.
This is just the latest example of the Trump Administration using its power to benefit themselves and their inner-sanctum of billionaires.
💥 Read this insightful post from TechCrunch 📖 📂 Category: AI,TC,lawsuits,Perplexity AI ✅ Main takeaway: The Chicago Tribune filed a lawsuit against artificial intelligence search engine Perplexity on Thursday, alleging copyright infringement. The…
Maybe, but not soon. HSBC has said that OpenAI is going to have nearly a half trillion in operating losses until 2030. It's hard to see how they can earn their way out of that hole, especially with competitor frontier models like Gemini and Claude running even with it and DeepSeek close behind.
We sometimes forget that while super gross hyperconservative tech creep Peter Thiel founded Palantir Technologies, the data management/AI/surveillance juggernaut, it was co-founded and is currently run by super gross hyperconservative tech creep Alex Karp—and boy does Alex have Some Thoughts.
Five years after Meta's Oversight Board its first five cases, it's clear that its ambitions to become Facebook's Supreme Court have failed. I talked to insiders about where it goes next: www.platformer.news/meta-oversig...
How I Access My Home NAS from Anywhere (Without Doxxing My IP) Using Cloudflare Tunnel
I'll soon travel to Australia for weeks, and I want to continue publishing content. How do I access it securely from there without exposing my home network and compromising my privacy? #hackernews#news
Europe’s public transport infrastructure has a fundamental security flaw: the Chinese company that built the bus can decide to stop it.
Hundreds of electric buses operating in the UK, Denmark, and Norway may possess a backdoor that links directly to China.
Poorly designed/improperly secured #AI integrations exploited by adversaries
94% of state-of-the-art LLMs were tricked into installing malware using direct prompt injection (42.1%) RAG backdoors (52.9%) and inter-agent trust exploits (82.4%)
[Forbes]CISA Warns Samsung And Pixel Users—Update Or Stop Using Your Phone - Forbes Federal staff ordered to update or stop using phones — all other users should also comply.
This is the conclusion, which I'm pulling out from behind the paywall because it'll probably be a free newsletter or podcast one day. I think the AI era is a reckoning for the tech industry, one where consumers finally realize they're being abused.
Dr James on a bicycle, psychologist, cycologist 🇨🇦@jamesbicycle.bsky.social
Chinese kill switch in busses.
700 in UK,more in EU.
"The bus was trying to phone home [China].The engineers discovered a pre-installed SIM card, roaming on a Romanian network, actively transmitting data...can be stopped or rendered inoperable by the manufacturer" www.zmescience.com/science/news...
Smart grids are trying to modernize and attackers are treating it like an invitation
In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Million… #hackernews#news
CIS, Astrix, and Cequence partner on new AI security guidance
The Center for Internet Security, Astrix Security, and Cequence Security announced a strategic partnership to develop new cybersecurity guidance tailored to the unique risks of AI and agentic systems. This collaborativ… #hackernews#news
Google debuts Titans, an architecture combining RNN speed with transformer performance for real-time learning, able to scale effectively to a 2M+ context window (Google Research)
The latest update for #archTIS includes "Navigating Security Clearance Portability in a #ZeroTrust World" and "CMMC and CUI #Compliance Glossary: Key Terms and Phrases".
Fang Li, Fei Zuo, Gopal Gupta
Logic-Driven Cybersecurity: A Novel Framework for System Log Anomaly Detection using Answer Set Programming https://arxiv.org/abs/2512.04908
Oghenetejiri Okporokpo, Funminiyi Olajide, Nemitari Ajienka, Xiaoqi Ma
A Novel Trust-Based DDoS Cyberattack Detection Model for Smart Business Environments https://arxiv.org/abs/2512.04855
The latest update for #Graylog includes "Understanding How a Log Correlation Engine Enables Real-Time Insights" and "How to Speed Up Incident Response With Guided Remediation".
The latest update for #SealSecurity includes "CVSS 10.0 CVE in React & Next.js: How You Can Stay Safe" and "Shai-Hulud: The Second Coming Hits npm Users".
The latest update for #getastra includes "Model Inversion Attacks: When #AI Reveal Their Secrets" and "Building Customer Trust at Scale with Trust Centers".
Sleepless in Security: What’s Actually Keeping CISOs Up at Night
Security headlines distract, but the threats keeping CISOs awake are fundamental gaps and software supply chain risks. Learn why basics and visibility matter most. #hackernews#news
The latest update for #CyberArk includes "#AI agents and identity risks: How security will shift in 2026" and "TLS certificate management in 2026: The endless game of Whack-A-Cert".
Biagio Montaruli, Luca Compagna, Serena Elisa Ponta, Davide Balzarotti
One Detector Fits All: Robust and Adaptive Detection of Malicious Packages from PyPI to Enterprises https://arxiv.org/abs/2512.04338
The latest update for #BlueVoyant includes "Fake #SAP Concur Extensions Deliver New FireClient Malware Variant" and "New Report Reveals Third-Party Risk Management's Next Chapter: From Building Programs to Making Them Work".
The latest update for #ArcticWolf includes "CVE-2025-55182: Critical Remote Code Execution Vulnerability Found in React Server Components" and "How To Combat #AI-Enhanced Social Engineering Attacks".
The latest update for #BitSight includes "Security Alert: CVE-2025-66478 & CVE-2025-55182 Next.js React Server Components Remote Code Execution" and "Paying the Ransom: A Short-Term Fix or Long-Term Risks?".
The latest update for #Tanium includes "What is #Windows#patchmanagement?" and "Converge 2025 Tuesday keynote highlights: Building unstoppable momentum".
The latest update for #Trilio includes "Database as a Service: A Complete DBaaS Implementation Strategy" and "Building Data Sovereign Clouds: The Imperative of Digital Sovereignty, Operational Resiliency and #DataProtection".
The latest update for #Wallarm includes "Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows" and "Attackers Don't Need to Breach Your #API -They'll Breach the Tools That Touch It".
Infinitive Host provides fortress-grade dedicated server engineered to guard critical workloads with uncompromised performance and impenetrable security layers. www.infinitivehost.com/dedicated-se...
A review of LinkedIn profiles shows dozens of Apple staffers with expertise in audio, watch design, robotics, and more have joined OpenAI in recent months (Rolfe Winkler/Wall Street Journal)
The latest update for #TheCyberHelpline includes "What is Tech Facilitated Abuse? A Guide to Online Gender-Based Violence" and "16 Days of Activism: UK Strengthens Protections Against Online Gender-Based Harms".
Yuksel Arslantas, Ahmed Said Donmez, Ege Yuceel, Muhammed O. Sayin
Omniscient Attacker in Stochastic Security Games with Interdependent Nodes https://arxiv.org/abs/2512.04561
Chat Control has seen many different iterations over the years, and now that it’s coming up on final negotiations, what the proposal does and doesn’t protect can be confusing. Here’s what’s going on. www.eff.org/deeplinks/2...
The latest update for #FerootSecurity includes "How to Automate Payment Page Script Audits for PCI DSS: 6 Hours to 6 Minutes" and "How to Maintain PCI #Compliance Across Hundreds of Payment Pages".
CEO Matthew Prince says Cloudflare has blocked 416B AI bot requests for its customers since July 1, and that Google can see 3.2x more internet pages than OpenAI (Lily Hay Newman/Wired)
The latest update for #UpGuard includes "Attack Surface #Monitoring Guide for Security Teams" and "Solving Human Risk: Automate Governance and Prioritize Action".
The latest update for #HAProxy includes "Efficiency at any scale: How HAProxy maximizes the benefits of modern multi-core CPUs" and "KubeCon NA 2025: Universal Mesh, federation, and the end of the 'mesh tax'".
The latest update for #Veracode includes "The New #AppSec Reality: #AI Anxiety, Silent Flaws, and Supply Chains" and "Mastering ASPM: Unifying Your Application Security Strategy".
The latest update for #Apono includes "7 Tips for Just-in-Time #PrivilegedAccessManagement You Need to Implement Today" and "What is Just Enough Privilege? Definition, Examples, and Best Practices".
The latest update for #WatchGuard includes "How Firebox and FireCloud Boost Security in Hybrid, Distributed Environments" and "From Pressure to Potential: Turning #Compliance into Opportunity with #MDR".
"Generative AI is reshaping cybersecurity for both attackers and defenders, but its future capabilities are difficult to measure as techniques and models are evolving rapidly."
Researchers claim that prompts framed as riddle-like poems could skirt AI chatbots' safety features designed to block production of explicit or harmful content (Robert Hart/The Verge)
The latest update for #PagerDuty includes "Turning Incidents Into Insight: The Continuous #AI Operations Loop Explained" and "AI agents just got smarter thanks to PagerDuty + #AWS".
G\"ul\c{c}in \c{C}\.IV\.I B\.IL\.IR
Primitive Vector Cipher(PVC): A Hybrid Encryption Scheme based on the Vector Computational Diffie-Hellman (V-CDH) Problem https://arxiv.org/abs/2512.04237
The latest update for #NightfallAI includes "Why #CustomerSupport Teams Need Modern #DLP for Zendesk" and "When Screenshots, Clipboard Activity, & File Uploads Become Security Incidents: Lessons from a Recent #InsiderThreat Case".
The latest update for #Mendit includes "From Zero to RCE: How a Single HTTP Request Compromises React and Next.js Applications" and "Mend.io + Wiz: A New Code-to-#Cloud Integration for Accurate, Context-Driven Risk Prioritization".
A look back at five years of Meta's Oversight Board, whose rulings on the relatively small number of cases it hears have generally had limited impact (Casey Newton/Platformer)
Damon Beveridge, Alistair McLeod, Linqing Wen, Weichangfeng Guo, Andreas Wicenec
Searching for binary black hole mergers with deep learning in Advanced LIGO's third observing run https://arxiv.org/abs/2512.04516
The latest update for #KnowBe4 includes "The Ghost in the Machine: How a Multi-Stage Phishing Campaign Evades Security to Steal Microsoft 365 Credentials" and "Report: Sophisticated Fraud Attacks Are on the Rise".
UK government pledges to rewrite Computer Misuse Act | Campaigners celebrate as security minister Dan Jarvis commits to amending the outdated Computer Misuse Act to protect security professionals from prosecution | Computer Weekly
A profile of Amazon CTO Werner Vogels, who said his 2025 re:Invent keynote was his last to make room for other voices and warned devs about "verification debt" (Marcus Schuler/Implicator.ai)
Mitiga has been named one of CRN’s 10 Hottest Cybersecurity Startups of 2025. It’s a powerful recognition, but not a surprise to the people building with us.
To every employee pushing the limits. To every partner extending our reach. This is your win.
Cohesity’s $1 billion India push to accelerate tech, cybersecurity innovation
In New Delhi, Cohesity, a U.S.-based data‑security software firm that counts Nvidia and SoftBank among its investors, announced a five‑year, $1 billion investment in India. The money is aimed at scaling the company’s…
Aman Gupta, Ravi Singh Adhikari, Anju Rani, Xiaoyu Ai, Robert Malaney
Combined Quantum and Post-Quantum Security Performance Under Finite Keys https://arxiv.org/abs/2512.04429
Xianghui Fan, Zhaoyu Chen, Mengyang Pan, Anping Deng, Hang Yang
Self-Supervised Learning for Transparent Object Depth Completion Using Depth from Non-Transparent Objects https://arxiv.org/abs/2512.05006
There's a very easy heuristic to avoid scams like this - if someone claims to be calling you from Google, it's a scam, because Google doesn't have any customer service yaschamounk.substack.com/p/the-day-i-...
The UK government is considering a statutory defense amendment to the Computer Misuse Act 1990. This update would protect security researchers & white hat #hackers from prosecution when identifying & reporting system vulnerabilities. #CyberSecurity
Small, local AI coding models are a game-changer for devs. It's not just about privacy or cost; it's about reclaiming agency. The ability to fine-tune and run these on your own hardware sparks a new wave of personalized, deeply integrated tooling. The future is modular and offline-capable.
@acolombiadev.bsky.social nice video about GitHub Copilot Spaces! Usage with Copilot Agent is very interesting. However for the MCP, in its current state Copilot can't use the content of a space so it's useless. Are other tools currently being developed for this MCP? www.youtube.com/watch?v=noVd...
Christof A. Bertram, Viktoria Weiss, Jonas Ammeling, F. Maria Schabel, Taryn A. Donovan, Frauke Wilm, ...
Dataset creation for supervised deep learning-based analysis of microscopic images - review of important considerations and recommendations https://arxiv.org/abs/2512.04564
#Désinformation Une étude sur le revenu de base sans condition montre une légère baisse du temps de travail conduisant à une meilleure qualité de vie, plus de liberté dans l'emploi, et une augmentation des soins et donc de la santé.
Bin Suna, Yaoguang Caob, Yan Wanga, Rui Wanga, Jiachen Shanga, Xiejie Fenga, Jiayi Lu, Jia Shi, Shichun Yang, Xiaoyu Yane, Ziying Song
MindDrive: An All-in-One Framework Bridging World Models and Vision-Language Model for End-to-End Autonomous Driving https://arxiv.org/abs/2512.04441
Enterprise Solutions Weekly 🔐🤖: AI security, agentic workflow automation, robotics & regtech lead this week’s deals across Europe & beyond. We round up the investments you should know about www.ventureradar.com/articles/Sec...
NATO’s Hybrid Strategy: Lessons from Ukraine [Interview]
Photo. Marta Jackiewicz/Defence24 Facebook Twitter LinkedIn Copy link Send email „While NATO has made significant progress in strengthening its eastern flank and enhancing cyber capabilities, readiness for …
Censys, Rilian Technologies team up to strengthen national and critical infrastructure cyber defense
Censys, an Internet intelligence and insights company, has partnered with Rilian Technologies, a provider of AI-native cyber defense solutions for sovereign …
Here we go again. Cloudflare is down worldwide and apps and sites stopped working including my bank app 😅 who pushed code to prod on Friday? 😒 www.cloudflarestatus.com
Intel 471 reports FvncBot, a new Android banking trojan targeting Polish users via a fake mBank security app. It abuses accessibility services for keylogging, employs web injects, screen streaming and HVNC, and has a new codebase not tied to leaked source codes. www.intel471.com/blog/new-fvn...
Century Solutions Group-IT MSP@centurygroup.bsky.social
When friends, coworkers, vendors, and clients all live in the same chat feed…
Our brains stop detecting danger.
And attackers KNOW IT.
Century Solutions Group helps businesses build smarter verification habits. centurygroup.net
Coro 3.7 rolls out redesigned Actionboard, unified ticketing, and AI insights
Coro announced the latest release of its unified platform. Coro 3.7 introduces user interface enhancements designed to accelerate remediation and streamline security management for SMBs. Coro has furthe… #hackernews#news
Artificial-intelligence chatbots can influence voters in major elections — and have a bigger effect on people’s political views than conventional campaigning and advertising
AWS unveils its 192-core Graviton5 processor, with an up to 25% performance boost over Graviton4, and says Graviton makes up 50%+ of AWS' new CPU capacity (About Amazon)
Weekly Cryptohack Roundup
—Authorities shutter Cryptomixer
—Anthropic sees autonomous AI exploits
—U.K. moots ban on crypto political donations
—Do Kwon seeks leniency
—Lazarus Group suspected in Upbit theft
—Balancer's post-exploit plans www.databreachtoday.com/cryptohack-r...
A Formal Security Proof of Masking: Reduction from Relaxed Noisy Leakage to Probing Model without Random Probing and Application to LR Primitive (Rei Ueno, Akiko Inoue, Kazuhiko Minematsu, Akira Ito, Naofumi Homma) ia.cr/2025/2199
Darktrace / Email strengthens behavioral detection, DLP, and SOC integrations
Darktrace announced a series of enhancements to Darktrace / EMAIL designed to detect and stop attacks spanning communications channels, strengthen outbound email protections, and streamline SOC integrat… #hackernews#news
"I went on DownDetector to check Cloudflare’s status, but was unable to access the site—presumably because it uses Cloudflare. An error message is displayed, reading “500 Internal Server Error.”"
Advent of AI from @opensource.block.xyz’s goose day 4. Leverage goose to with its developer extension and the Vercel and/or Netlify MCP servers to build and deploy a winter festival website 👀
Following law enforcement’s disruption of two high-profile ransomware groups, ransomware incidents reported to FinCEN decreased in 2024, with 1,476 incidents, reflecting $734 million in the aggregate value of reported payments in BSA reports. www.fincen.gov/news/news-re...
Originally from DataDog: CVE-2025-55182 (React2Shell): Remote code execution in React Server Components and Next.js ( :-{ı▓ #cloudsecurity#datadog#cyberresearch
Coupang is facing scrutiny after a data leak revealed that major portions of its Korean-language service were built and maintained by Chinese devs--the main suspect in its recent breach is a former Chinese employee who worked on the company’s authentication systems. koreabizwire.com/coupang-data...
Ever wondered how LLMs learn to reason, code, or align with human feedback? verl’s open RL toolkit lets you run advanced RL algorithms at scale, experiment with new dataflows, and see real throughput for modern models. Excited to see what new agents emerge.
the EU has fined X (Twitter) $140 million over "deceptive" blue checkmarks. "Deceiving users with blue checkmarks, obscuring information on ads and shutting out researchers have no place online in the EU," says the bloc’s tech chief www.theverge.com/news/645154/...
Cybersecurity workforce study finds budget constraints stabilising, but skills shortages worsening | AI is creating new opportunities – and challenges | Computing
Celebrating one year of MCP! 🎉 Dive into the milestones and achievements that have shaped our journey. Thank you to everyone who has been part of this experience. Here’s to more innovations ahead! #MCP#AI
Okay I can't believe I'm saying this but I should have trusted google, if you have smarttube on your tv, update it ASAP www.aftvnews.com/smarttubes-o...
SpecterOps and Tines partner to add native BloodHound and automated attack path workflows
SpecterOps and Tines announced a strategic partnership that brings native BloodHound integration to Tines, enabling customers to operationalize Attack Path Management through automated, AI-a… #hackernews#news
Angie Jones (@techgirl1908) says the early 2000s was a creative and exciting time - and not just for developers.
Hear all about MCPs, and how AI agents are reviving the programmable web in Angie's session from the World Congress 2025 at www.wearedevelopers.com/en/videos/13...
Cloudflare’s network suffered a brief but widespread outage Friday, after an update to its Web Application Firewall to mitigate a vulnerability in React Server Components went wrong.
“In a bid to help restore integrity to digital information, the UK’s National Cyber Security Centre (NCSC) and Canada’s Centre for Cyber Security (CCCS) have released a new report on public content provenance.” www.infosecurity-magazine.com/news/cyber-a...
For a comprehensive, accessible, and engaging overview of the concept of noise and how it affects decision-making, don't miss Sean Moran's latest deep dive.
We're breaking down the Model Context Protocol (#MCP) and show how to use Duende IdentityServer & Dynamic Client Registration (DCR) to add #oidc#oauth to your client.
“A growing number of global organizations have major cyber-skills shortages, which in turn are worsening security posture, a new report from ISC2 has revealed.” www.infosecurity-magazine.com/news/skills-...
Montreal Institute for Global Security@migsinstitute.bsky.social
Russia has blocked Apple’s video-calling app FaceTime, the state communications watchdog said on Thursday, as part of an accelerating clampdown on foreign tech platforms that authorities allege are being used for criminal activity. www.reuters.com/business/ret...
The commercial spyware vendor is still operating the Predator platform and hitting new targets, despite being placed under US sanctions and being under active investigation in Greece.
After Neuralink, Max Hodak is building something stranger
💥 Explore this trending post from TechCrunch 📖 📂 Category: Biotech & Health,brain-computer interface,Elon Musk,Khosla Ventures,Max Hodak,Neuralink,prima,Science Corp. 📌 Here’s what you’ll learn: Six years ago, I asked Sam Altman at a…
Meta strikes multiyear commercial AI data deals with news publishers, including CNN and Fox News, to provide real-time answers for its Meta AI chatbot (Sara Fischer/Axios)
Internet infrastructure company Cloudflare on Friday said it was investigating an outage that took place in the morning that brought down several global websites, including LinkedIn...
ICYMI: See the 8 successful projects that will be funded though our NABS+ Commissioning Call, covering themes on: Human-AI Teaming, COM (Online Harms) Groups, and Disinformation. crestresearch.ac.uk/nabs/commiss...
Craig Taylor joins Episode 7 of #CyberChats to share how CyberHoot teaches cybersecurity through encouragement and gamification—not fear. A great listen for anyone looking to build digital confidence! Watch here: youtu.be/WQlx2rIilog
Several public websites designed to allow courts across the United States and Canada to manage personal information of potential jurors had a simple security flaw that exposed sensitive data including names and home addresses
AI dialogues shifted political support by 2 to 3 points in trials, eclipsing standard ads. Roughly one-third of this effect persisted for a month. However, models optimized for persuasion proved more factually error-prone. #MLSky
so this story is hinting at my biggest worry, and what should be every B2C computer/electronics company's biggest worry for 2026: already placed orders with sk hynix/micron/samsung prior to the current/future price explosion may go unfulfilled/be canceled. www.tomshardware.com/tech-industr...
This week on Optimizer, I talk about how health tech companies now want to measure your urine, blood, sweat, and even hormones. HIPAA is grossly underprepared.
Priory went from an outdated ticketing system to a unified, automated, cloud-based ITSM platform with Ivanti — cutting manual work, scaling across borders, and giving frontline teams more time for patient care.
Russia’s shadow warfare tries to exploit democratic openness, fracture alliances, and erode public trust in institutions. @ebajarunas.bsky.social explores how the West can formulate a coordinated deterrence strategy.
www.cbc.ca/news/busines... Cloudflare investigating early outage that took down LinkedIn, Zoom
Company said outage was due to a firewall-related change, not an attack
Huxley once said in a BBC interview, “Technology was made for the use of man. Man was not made for the use of technology.” To make use of this principle in cybersecurity, we have to reject “blame the user“ design & stop pushing the cognitive load onto them. Much more to say on the topic
Behold the value of diversity: this maths team only found The Thing bc it had experts & a non-expert:
“I don’t think we would have found it without him [an undergrad]…bc experts traditionally [do a thing] But he didn’t …so the [results] were big and visible.” www.quantamagazine.org/elliptic-cur...
The last time Aaron Foster spoke to @theverge.com was in 2012. He said, “making a good game is more important than a hard-set deadline. So we will keep it loose for now.”
13 years on, Routine finally arrives — and in magnificent form.
🛡️ CISA has identified a China-backed #BRICKSTORM malware campaign targeting the IT and government sectors
📖 Global agencies released a guide for adding #AI safely to #OT
Get Ready: Microsoft 365 Is About to Get More Expensive for Business Users
This comes after Microsoft raised the cost of the consumer-focused Microsoft 365 plans earlier this year.
The AI revolution skipped structured data ... until now.
🎯 Enter relational foundation models: pre-trained transformers that treat any database as a graph, delivering state-of-the-art predictions without manual feature engineering thedataexchange.media/jure-lescove...
Every AI Team Needs a Multimodal Lakehouse
⦿ Getting Your Data Infrastructure Ready for Multimodal AI and World Models
⦿ Multimodal Lakehouse Patterns from Netflix, Runway, and CodeRabbit
⦿ The PARK Stack Meets the Multimodal Lakehouse
👉 gradientflow.substack.com/p/the-rise-o...
Security defenders are preparing themselves against a recently disclosed maximum-severity vulnerability in React Server, an open-source package that’s widely used by websites and in cloud environments.
Instead, the company stated that "a change to how its firewall handles requests caused Cloudflare’s network to be unavailable for several minutes this morning."
The AMD-backed company plans to spend more than $1 billion on the facility, which will allow a future customer to train or run AI models. It’s slated to come online in the first quarter of 2026. www.crainscleveland.com/manufacturin...
As a security person, I SO appreciate great bits like this open letter around bad security advice ( www.hacklore.org/letter), especially given that it's got reputable people like @leak.bsky.social signed on.
I agree that outdated advice and half-truths are just as bad as giving wrong advice.
OpenAI is not making enough money to finance its endless appetite for compute.
This is a structural problem: the product OpenAI is providing costs more to produce than it costs to buy. And the difference is being covered with debt. graceblakeley.substack.com/p/what-i-rea...
PhD Candidate Aikata was selected for a netidee "Call 20" stipend for her research, titled "Hardware Design for Post-Quantum Cryptography and Homomorphic Encryption." 🎉
Ok I couldn't wait. I wanted to do something nice and have a code to redeem the below to one lucky winner. Share your best hacking meme/gif and the one that makes me laugh the most will win. www.humblebundle.com/books/hackin...
Chinese nation-state groups tied to 'React2Shell' targeting, as security researchers see escalating probes, likely in advance of more criminal exploitation www.databreachtoday.com/chinese-nati...
Please like, share, comment, and subscribe. It helps grow the newsletter and podcast without a financial contribution on your part. Anything is very much appreciated. And thank you, as always, for reading and liste...
Is your security keeping up with your infrastructure modernization? 🏗️ Learn how one customer reclaimed time for high-value strategic initiatives by leveraging Recon early on in their IT revitalization. Read more: blog.reconinfosec.com/case-study-f...
In today's Transformer Weekly: Why the apparent lack of safety testing on DeepSeek's latest model speaks to bigger problems, plus preemption’s out of the NDAA, OpenAI’s ‘code red,’ Anthropic’s IPO prep and more: www.transformernews.ai/p/the-proble...
OpenAI’s scramble to tweak ChatGPT to be less sycophantic came before the man’s alleged attacks, which suggests the updates weren’t enough to prevent the harmful validation.
Gigabyte's tree-mendous looking X870E Aero X3D Wood motherboard will have you pining to build a new AMD Ryzen gaming PC, and if you think we're all out of wood puns, you're barking up the wrong tree. hothardware.com/news/gigabyt...
Sources: Dell alerts customers to 15-20% price hikes as soon as mid-December amid surging DRAM costs; Lenovo says current quotes will expire in January 2026 (TrendForce)
Apple has issued its latest batch of threat notification warnings to let people know they may be the targets of some kind of surveillance. www.applemust.com/apple-issues...
IHL prohibits the misuse of certain indicators, such as the ICRC’s distinctive emblems. Jonathan Kwik and Adriaan Wiese ask in their post whether #AI could independently learn that abusing IHL’s protective indicators is its most optimal course-of-action. lieber.westpoint.edu/can-ai-teach...
“I have not seen a harm manifest so quickly from a technology.”
New pod today with the great @kashhill.bsky.social on the AI chatbot delusion crisis (and how tech billionaires have, in a sense, democratized their yes men entourages with these chatbots)
Google expands an Android pilot for in-call scam protection for financial apps, aiming to detect fraudulent call activity during app interactions; announcement dated Dec 3, 2025. #Android#AppSecurityhttps://bit.ly/4rD1YY8
[Forbes]CISA Warns Samsung And Pixel Users—Update Or Stop Using Your Phone - Forbes Federal staff ordered to update or stop using phones — all other users should also comply.
💥Linked to the pro-Kremlin Doppelganger disinformation campaign, the Russian hosting firm Aéza has been sanctioned by the US, Australia, and the UK and its founders charged in Russia. Yet despite operating servers in Europe, the EU has taken no action.
scoop: OpenAI’s GPT-5.2 "code red" response to Google is coming next week. I'm hearing that GPT-5.2 should drop on December 9th, slightly earlier than OpenAI was originally planning. Details here 👇 www.theverge.com/report/83885...
~Socket~
A 25% YoY drop in November CVEs is due to administrative slowdowns at key publishers, not a true reduction in risk.
-
IOCs: (None identified)
- #CVE#ThreatIntel#VulnerabilityManagement
Both privacy and child safety experts agree that device-based restrictions are the most effective way of keeping kids from seeing porn. And your phone, tablet and computer already have the age-information (and technology) to do block it.
So why are Apple, Google and Microsoft so resistant?
Unit tests made simple! GitHub Copilot Testing for .NET in Visual Studio Insiders auto-generates tests for your code—fast, type-safe, and integrated. Supports MSTest, xUnit, NUnit.
👉 Learn more, msft.it/63326tbL2I #dotNET#Testing
Marc Benioff says it "would not shock" him if Salesforce changed its name to Agentforce; the company started using Agentforce for many of its offerings (Ashley Stewart/Business Insider)
The Framework Laptop 13 has a replaceable mainboard, which means that the processor can be easily upgraded after purchase. While Framework itself only offers Intel and AMD CPUs, a mainboard with a high-performance ARM processor from a third-party manufacturer has now launched.
Locking down your data isn’t as simple as deleting a few accounts. Our tech writer tried to wipe himself from the internet. Here are the data-removal services he recommends if you want to try it yourself.
