NP++ breach is a great general reminder that "power utilities" favored by IT pros are highly targeted for both supply chain and malvertising/seo poisoning. Just because you are a tech pro doesn't make you immune from attack, it makes you highly targeted. Cyber pros missed it, watch your back
NP++ June-december 2025 supply chain, rumors turned out to be true.
notepad-plus-plus.org/news/hijacke...
www.bleepingcomputer.com/news/securit...
cyberplace.social/@GossiTheDog...
Recommended Reading
arxiv.org/abs/2601.04566
The Com, criminal hacking ethics, and off-ramps, this talk from Allison is compelling and excellent. Take a watch.
π¨ Another Internet blackout in Iran has begun at 12:50 UTC (4:20pm local). π¨
Numerous Iranian service providers now offline in new national Internet blackout.
Predatory Sparrow are "hacktivists" that happens to be skilled at cyber war.
www.wired.com/story/predat...
iranian offensive cyber capacities are not resilient or coherent enough to engage in meaningful effects-delivery against hardened targets while their country is actively being blown to shit. also: despite a few minor successes, iran has never matched china or russia in scale of access to USCIKR.
"Over four months, LLM users consistently underperformed at neural, linguistic, and behavioral levels. These results raise concerns about the long-term educational implications of LLM reliance and underscore the need for deeper inquiry into AI's role in learning."
Cubs, Royals, and Brewers held Pride Nights today. Notable in Chicago was a community group called βPlay Catch with a Dadβ that serves members of the LGBTQ+ community who have been disenfranchised by their families.
SMB to RCE via Kerberos coercion, nasty vuln and great research. Get patching.
Are you referencing CVE-2025-33073? I think you may have typo'ed 33074
msrc.microsoft.com/update-guide...
"Don't look for breaches, so we don't have to disclose them"
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
PR teams: just add "with Agentic AI" to end, then full send
Is the era of the βnamed actorβ done?
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturingβ¦
APTs β¬οΈβ¬οΈ
UNCs β¬οΈβ¬οΈ
Friday vibes
I made SonicWallβs hall of fame for this one. Patch your firewalls (again), folks!
bishopfox.com/blog/sonicwa...
actions on objective, which can be very important to whether the dwell time # is effective. This is easily observed from the differences of a smash and grab ransom, intentionally destructive attacks, to a intelligence gathering long operations.
Good industry metric, not always great inside measure
While it has a slight uptake this year according to MTrends, hard to say what that means yet. But measuring dwell time without a sophisticated program is perilous as a true measure, as not all incidents or red team engagements are created equal. Dwell time by itself does not correspond with measures
detection and response team's increased capabilities, but instead because one of the most prevalent breach types started announcing their presence in form of ransom notes.
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
Dwell Time became 'the metric' to track ~10 years ago. Since then it fell from averaging years to days. While this can be correlated with increased D&R capabilities, it also notably decreased from a changing threat landscape. As ransomware grew in popularity, Dwell time decreased regardless of
Dwell time back?
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. π§΅
For fans of root cause of catastrophic (often bureaucratic) failure, such as reports from CISA's Cyber Safety Review Board reports, recommend Challenger, by the same author of Incident Response required reading Midnight in Chernobyl. #RecommendedReading www.simonandschuster.com/books/Challe...
Seeing blue skies, even though it is grey here in Chicago.
