That's serious, this systems should have locked concentration limits rather than a variable:

This is big news, and definitely curious about how advertising industry will adapt: businessinsider.com/google-to-stop…

If you are using #F5 F5 kit - be aware of 4 CRITICAL CVEs just announced minutes ago with almost all versions of BIG-IP and BIG-IQ 7.x vulnerable. Unauthenticated #RCE. Patches released - do check out the knowledgebase article: support.f5.com/csp/article/K0… F5 Security

Just to add to this, look at ParkMobile’s password requirements then look at the cracked passwords and ask yourself: do those requirements help people make good passwords? No, of course not, that’s why we ditched that craziness years ago: troyhunt.com/passwords-evol…

What fresh hell is this?

Syncing your phone to the car or having a built in GPS are privacy risks. Cars don’t have the data protection of a modern phone. jalopnik.com/the-feds-can-a…

Ransomware shuts down one of the most critical regional pipelines. This has gotten out of control. bloomberg.com/news/articles/…

The recent "All the ways to run containers on AWS" threads have left me super confused so I made this flowchart to help. It's probably also wrong.

Blue team trying to keep up with the latest Microsoft vulns

Wanted to do a quick blog on o365 audit logging and its quirks for a while now. Finally finished it. TLDR: enable it even if you dont monitor any of it. Atleast your incident responder will thank you. zolder.io/office-365-aud…

NEW: Conti affiliates use ProxyShell Exchange exploit in ransomware attacks ⚠️ In one of the ProxyShell-based attacks observed by Sophos, the Conti affiliates managed to gain access to the target’s network and set up a remote web shell in under a minute... 1/14

There is some truth in it:

Tech people on Twitter be like, "just buy and install a pi hole to make your $2000 smart TV not play constant ads and narc on your viewing habits"

Check out ⁦Rob Duhart Jr.⁩ in this ⁦SC Media⁩ article! scmagazine.com/feature/leader…

The long-awaited Microsoft Cybersecurity Reference Architectures (MCRA) update is now live! aka.ms/MCRA In addition to the latest products & names, this is the first MCRA version integrated into the Microsoft Security Adoption Framework (SAF). Share and Enjoy!

#Android: At BlackHat Europe researchers demonstrated that most #password managers for Android (1Password, LastPass, Dashlane, Keepass etc) are vulnerable to #AutoSpill attack allowing to steal account credentials on Android during the autofill operation: bleepingcomputer.com/news/security/…

CISA releases a Secure Software Development Attestation Form that will help ensure the software producers who partner with the US federal government leverage minimum secure development techniques and toolsets: cisa.gov/resources-tool…

One of our very smart Active Directory experts has been putting together a series of blog posts about hardening AD. Already into its 7th installment, it covers SMB hardening, disabling NTLMv1, least privilege and more. Check the series out - techcommunity.microsoft.com/tag/adhardening

Well, maybe this will force a serious discussion around encryption as privacy being a basic human right

For most of 2025, I was skeptical that AI was already playing a major operational role in real intrusions. Most public examples seemed limited to phishing and supporting tasks. This report by my friend Eyal Eyal lines up with what I have been hearing elsewhere, too - in recent