cje
@cje.io
founder @bugcrowd && co-founder @disclose_io || hacker, entrepreneur, executive, advisor || عصا موسى || #w00w00
Trump Administration Turning to Private Firms in Cyber Offensive www.bloomberg.com/news/article...
m.cje.io
December 14, 2025 at 6:13 AM
Trump Administration Turning to Private Firms in Cyber Offensive www.bloomberg.com/news/article...
Serious Hackers Wear TWO Black Hoodies www.podcasts.nu/episodes/cis...
December 13, 2025 at 6:13 AM
Serious Hackers Wear TWO Black Hoodies www.podcasts.nu/episodes/cis...
Reposted by cje
A new Three Buddy Problem pod has been pushed to all podcast platforms @craiu.bsky.social @jags.bsky.social
Have a listen!
pod.link/1414525622
Have a listen!
pod.link/1414525622
pod.link
December 13, 2025 at 12:45 AM
A new Three Buddy Problem pod has been pushed to all podcast platforms @craiu.bsky.social @jags.bsky.social
Have a listen!
pod.link/1414525622
Have a listen!
pod.link/1414525622
“From an attacker perspective, #React2Shell is the kind of vulnerability that affords massive opportunity for crime, but that also has a narrow window for exploitation, partly because of public awareness leading to patching, and partly because of competition.”
securityboulevard.com/2025/12/atta...
securityboulevard.com/2025/12/atta...
Attackers Worldwide are Zeroing In on React2Shell Vulnerability
Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat…
m.cje.io
December 13, 2025 at 12:27 AM
“From an attacker perspective, #React2Shell is the kind of vulnerability that affords massive opportunity for crime, but that also has a narrow window for exploitation, partly because of public awareness leading to patching, and partly because of competition.”
securityboulevard.com/2025/12/atta...
securityboulevard.com/2025/12/atta...
PATCH YO’ IOS
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support support.apple.com/en-us/125884
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support support.apple.com/en-us/125884
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support
This document describes the security content of iOS 26.2 and iPadOS 26.2.
support.apple.com
December 13, 2025 at 12:09 AM
PATCH YO’ IOS
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support support.apple.com/en-us/125884
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support support.apple.com/en-us/125884
"If you do the math, then it’s reasonable to assume that these two things will net to an increase in SOC alerts and the need for a shift in strategy to deal with it."
m.cje.io/3KNy6aP
m.cje.io/3KNy6aP
5 ways AI will transform Security Operations Centers | ReversingLabs
AI is poised to reshape SOCs, from alleviating alert fatigue to streamlining manual, repetitive workflows. Here’s what to expect.
m.cje.io
December 12, 2025 at 6:13 AM
"If you do the math, then it’s reasonable to assume that these two things will net to an increase in SOC alerts and the need for a shift in strategy to deal with it."
m.cje.io/3KNy6aP
m.cje.io/3KNy6aP
🚨 REQUEST FOR COMMENTS IS OPEN 🚨
Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA) m.cje.io/48NHyTL
Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA) m.cje.io/48NHyTL
Federal Register :: Request Access
Due to aggressive automated scraping of FederalRegister.gov and eCFR.gov, programmatic access to these sites is limited to access to our extensive developer APIs.
m.cje.io
December 12, 2025 at 2:22 AM
🚨 REQUEST FOR COMMENTS IS OPEN 🚨
Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA) m.cje.io/48NHyTL
Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA) m.cje.io/48NHyTL
When it comes to developing skills through underground organizations, recent geopolitical issues have also helped muddy the waters of how some professionals think about ways to earn a living, said Casey Ellis, founder at @Bugcrowd.
www.dice.com/career-advic...
www.dice.com/career-advic...
Dark Web, Underground Hiring Blurs Lines Between Legit and Illicit Work
Some skilled tech and cybersecurity pros are turning to underground forums for work, drawn by lucrative but illegal opportunities. Experts caution that these jobs blur the line between legitimate and…
m.cje.io
December 12, 2025 at 12:27 AM
When it comes to developing skills through underground organizations, recent geopolitical issues have also helped muddy the waters of how some professionals think about ways to earn a living, said Casey Ellis, founder at @Bugcrowd.
www.dice.com/career-advic...
www.dice.com/career-advic...
Exclusive | AI Hackers Are Coming Dangerously Close to Beating Humans www.wsj.com/tech/ai/ai-h...
m.cje.io
December 11, 2025 at 11:47 PM
Exclusive | AI Hackers Are Coming Dangerously Close to Beating Humans www.wsj.com/tech/ai/ai-h...
Fortinet warns of critical FortiCloud SSO login auth bypass flaws www.bleepingcomputer.com/news/securit...
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO…
m.cje.io
December 10, 2025 at 6:43 PM
Fortinet warns of critical FortiCloud SSO login auth bypass flaws www.bleepingcomputer.com/news/securit...
By partnering with The Bugcrowd Academic Program, universities can shape how cybersecurity is discovered, taught, and advanced. Request a demo today to see how Bugcrowd can elevate cybersecurity at your university. www.bugcrowd.com/blog/the-bug...
The Bugcrowd Academic Program | @Bugcrowd
In universities across the world, students are getting hands-on training before they enter the job market. Medical students shadow doctors in hospitals, accessing real patients. Culinary students…
m.cje.io
December 10, 2025 at 2:06 AM
By partnering with The Bugcrowd Academic Program, universities can shape how cybersecurity is discovered, taught, and advanced. Request a demo today to see how Bugcrowd can elevate cybersecurity at your university. www.bugcrowd.com/blog/the-bug...
TYPHOONS HAVE ENTERED THE CHAT
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat…
aws.amazon.com
December 5, 2025 at 4:38 AM
TYPHOONS HAVE ENTERED THE CHAT
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services aws.amazon.com/blogs/securi...
Reposted by cje
@cje.io joined the judging panel at the Monterey #Cyber912 Strategy Challenge, hosted by the @cyberstatecraft.bsky.social, where student teams navigated a simulated crypto crisis gone global 😱🌏
It’s one thing to talk cyber policy, another to test it under fire. Congrats to the teams who did both 👏
It’s one thing to talk cyber policy, another to test it under fire. Congrats to the teams who did both 👏
November 12, 2025 at 8:14 PM
@cje.io joined the judging panel at the Monterey #Cyber912 Strategy Challenge, hosted by the @cyberstatecraft.bsky.social, where student teams navigated a simulated crypto crisis gone global 😱🌏
It’s one thing to talk cyber policy, another to test it under fire. Congrats to the teams who did both 👏
It’s one thing to talk cyber policy, another to test it under fire. Congrats to the teams who did both 👏
Reposted by cje
🚨PATCH YO’ REACT
Critical Security Vulnerability in React Server Components – React react.dev/blog/2025/12...
Critical Security Vulnerability in React Server Components – React react.dev/blog/2025/12...
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
react.dev
December 3, 2025 at 3:59 PM
🚨PATCH YO’ REACT
Critical Security Vulnerability in React Server Components – React react.dev/blog/2025/12...
Critical Security Vulnerability in React Server Components – React react.dev/blog/2025/12...
"Now I Have A Hacklore.org Website. Ho, Ho, Ho"
In this @Bugcrowd Security Flash @treyford and i weigh in on The hacklore.org Project, security myths and the role of risk in weighing them up, and how to be an effective "designated nerd" this Holiday Season.
Enjoy!
m.cje.io/443cZrC
In this @Bugcrowd Security Flash @treyford and i weigh in on The hacklore.org Project, security myths and the role of risk in weighing them up, and how to be an effective "designated nerd" this Holiday Season.
Enjoy!
m.cje.io/443cZrC
Bugcrowd Security Flash: The HackLore Project
Join Casey and Trey in this special holiday edition of Bugcrowd's Security Flash as they dive into the Hacklore Project. Spearheaded by cybersecurity expert Bob Lord, this initiative aims to debunk…
m.cje.io
December 3, 2025 at 6:13 AM
"Now I Have A Hacklore.org Website. Ho, Ho, Ho"
In this @Bugcrowd Security Flash @treyford and i weigh in on The hacklore.org Project, security myths and the role of risk in weighing them up, and how to be an effective "designated nerd" this Holiday Season.
Enjoy!
m.cje.io/443cZrC
In this @Bugcrowd Security Flash @treyford and i weigh in on The hacklore.org Project, security myths and the role of risk in weighing them up, and how to be an effective "designated nerd" this Holiday Season.
Enjoy!
m.cje.io/443cZrC
also, HACK YO’ APPLE
(Reward increases to 2M for 0c Kernel + others, scope increases, and kinda neat to see the inclusion of flags 👏)
Categories - Apple Security Research
(Reward increases to 2M for 0c Kernel + others, scope increases, and kinda neat to see the inclusion of flags 👏)
Categories - Apple Security Research
Categories - Apple Security Research
Browse the full list of eligible payouts through the Apple Security Bounty program before you submit a report.
security.apple.com
December 3, 2025 at 12:27 AM
also, HACK YO’ APPLE
(Reward increases to 2M for 0c Kernel + others, scope increases, and kinda neat to see the inclusion of flags 👏)
Categories - Apple Security Research
(Reward increases to 2M for 0c Kernel + others, scope increases, and kinda neat to see the inclusion of flags 👏)
Categories - Apple Security Research
Old dogs...new tricks 👏👏👏
Following the success of Prompt||GTFO, @gadievron @dcuthbert @halvarflake @mbrg0 decided to trot out RAPTOR, and offensive (AND DEFENSIVE) agent. If you know the pedigree involved here you also know it's worth checking out.
m.cje.io/4oryhX5
Following the success of Prompt||GTFO, @gadievron @dcuthbert @halvarflake @mbrg0 decided to trot out RAPTOR, and offensive (AND DEFENSIVE) agent. If you know the pedigree involved here you also know it's worth checking out.
m.cje.io/4oryhX5
Claude Code overview - Claude Code Docs
Learn about Claude Code, Anthropic's agentic coding tool that lives in your terminal and helps you turn ideas into code faster than ever before.
Claude.md
December 2, 2025 at 11:13 PM
Old dogs...new tricks 👏👏👏
Following the success of Prompt||GTFO, @gadievron @dcuthbert @halvarflake @mbrg0 decided to trot out RAPTOR, and offensive (AND DEFENSIVE) agent. If you know the pedigree involved here you also know it's worth checking out.
m.cje.io/4oryhX5
Following the success of Prompt||GTFO, @gadievron @dcuthbert @halvarflake @mbrg0 decided to trot out RAPTOR, and offensive (AND DEFENSIVE) agent. If you know the pedigree involved here you also know it's worth checking out.
m.cje.io/4oryhX5
PATCH YO’ ANDROID
Android Security Bulletin—December 2025 | Android Open Source Project source.android.com/docs/securit...
Android Security Bulletin—December 2025 | Android Open Source Project source.android.com/docs/securit...
Android Security Bulletin—December 2025 | Android Open Source Project
Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
source.android.com
December 2, 2025 at 4:27 PM
PATCH YO’ ANDROID
Android Security Bulletin—December 2025 | Android Open Source Project source.android.com/docs/securit...
Android Security Bulletin—December 2025 | Android Open Source Project source.android.com/docs/securit...
Huge props to whoever found and demo’d this 👏👏👏 (…and to Baxter and the FDA for “doing the thing”)
Baxter Permanently Removes Life2000 Ventilation System
Baxter Permanently Removes Life2000 Ventilation System
Baxter Permanently Removes Life2000 Ventilation System
Baxter is permanently removing all Life2000 Ventilation Systems after discovering a cybersecurity issue that may allow unauthorized access to the device
www.fda.gov
December 1, 2025 at 12:27 AM
Huge props to whoever found and demo’d this 👏👏👏 (…and to Baxter and the FDA for “doing the thing”)
Baxter Permanently Removes Life2000 Ventilation System
Baxter Permanently Removes Life2000 Ventilation System
Spies gonna spy.
"This is deliberate exploitation of intentional design, and the fact that it flies under the radar for this reason is being deliberately abused by the threat actors."
www.darkreading.com/cyberattacks...
"This is deliberate exploitation of intentional design, and the fact that it flies under the radar for this reason is being deliberately abused by the threat actors."
www.darkreading.com/cyberattacks...
With Friends Like These: China Spies on Russian IT Orgs
State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.
m.cje.io
November 29, 2025 at 12:27 AM
Spies gonna spy.
"This is deliberate exploitation of intentional design, and the fact that it flies under the radar for this reason is being deliberately abused by the threat actors."
www.darkreading.com/cyberattacks...
"This is deliberate exploitation of intentional design, and the fact that it flies under the radar for this reason is being deliberately abused by the threat actors."
www.darkreading.com/cyberattacks...
It's Thanksgiving Week in the USA, which we all know means one thing: TECH SUPPORT FOR FAMILY MEMBERS. I'm very pleased to co-sign and have contributed to @boblord's hacklore.org project, which seeks to debunk the most common "Kermit-hands" consumer cybersecurity advice that tends to spread around.
Stop Hacklore!
Hacklore is a blend of hacking and folklore—modern urban legends about digital safety. Hacklore spreads quickly and confidently, passed from person to person as if it were hard-earned wisdom. But…
m.cje.io
November 25, 2025 at 9:03 PM
It's Thanksgiving Week in the USA, which we all know means one thing: TECH SUPPORT FOR FAMILY MEMBERS. I'm very pleased to co-sign and have contributed to @boblord's hacklore.org project, which seeks to debunk the most common "Kermit-hands" consumer cybersecurity advice that tends to spread around.
...In which Sean and I unpack the phenomenon of beg bounty, it's rise over the past several years, and the solutions that I've seen actually work redefiningcybersecuritypodcast.com/episodes/beg... cc: @ITSPmagazine @bugcrowd @disclose_io
Beg Bounty: The New Wave of Unrequested Bug Claims and What They Mean | A Conversation with Casey Ellis | Redefining CyberSecurity with Sean Martin | Redefining CyberSecurity
This episode breaks down the rise of “beg bounties” and examines how unsolicited vulnerability claims create confusion, noise, and operational overhead for security teams. Sean Martin and Casey Ellis…
m.cje.io
November 24, 2025 at 8:25 PM
...In which Sean and I unpack the phenomenon of beg bounty, it's rise over the past several years, and the solutions that I've seen actually work redefiningcybersecuritypodcast.com/episodes/beg... cc: @ITSPmagazine @bugcrowd @disclose_io
My favorite part of this interview was when the penny truly dropped re the difference between CSPM and "open cloud security" - Framework + Community + AI = WIN
Sponsored: Prowler uses AI how AI works best - Risky Business Media m.cje.io/4nWzghY
Sponsored: Prowler uses AI how AI works best - Risky Business Media m.cje.io/4nWzghY
Sponsored: Prowler uses AI how AI works best - Risky Business Media
In this sponsored interview Casey Ellis chats to Toni de la Fuente, founder and CEO of Prowler, an open source platform for cloud security [Read More]
m.cje.io
November 12, 2025 at 7:24 PM
My favorite part of this interview was when the penny truly dropped re the difference between CSPM and "open cloud security" - Framework + Community + AI = WIN
Sponsored: Prowler uses AI how AI works best - Risky Business Media m.cje.io/4nWzghY
Sponsored: Prowler uses AI how AI works best - Risky Business Media m.cje.io/4nWzghY
Srsly Risky Biz: The cyber regime change pipe dream m.cje.io/4qKXbn5
Risky Bulletin Podcast feed - Risky Business Media
Risky Bulletin Podcast feed
m.cje.io
November 7, 2025 at 12:27 AM
Srsly Risky Biz: The cyber regime change pipe dream m.cje.io/4qKXbn5