Rik Ferguson
@rikferguson.com
Immigrant. VP Security Intelligence @Forescout, Co-founder @RespectInSec. Board @vaultree, Cybersecurity Futurist, Researcher, Award-winning writer/producer. He/Him. Pussy in bio.
Substack - Ferguson.ink
Slava Ukraini 🇺🇦
Substack - Ferguson.ink
Slava Ukraini 🇺🇦
Pinned
Rik Ferguson
@rikferguson.com
· Nov 8
Reposting this tweet from Oct 2017, so I can pin it here too.
Public note: If you ask me to sit on any public panel I will decline if there are no women on the panel. I can’t do much but I can do this.
Public note: If you ask me to sit on any public panel I will decline if there are no women on the panel. I can’t do much but I can do this.
Time for my semi-regular promotion of TraffickCam, an app which helps to identify locations where abuse & trafficking has occurred. All you need to do is upload pics of your hotel room. traffickcam.com please use and RT.
TraffickCam
traffickcam.com
December 11, 2025 at 3:37 PM
Time for my semi-regular promotion of TraffickCam, an app which helps to identify locations where abuse & trafficking has occurred. All you need to do is upload pics of your hotel room. traffickcam.com please use and RT.
With the most recent zero day in Google Chrome (466192044), we hit an uncomfortable milestone. 100 zero day vulnerabilities in 2025 so far. Equalling the full year figure for 2024. One more and 2025 becomes the busiest year on record.
I don’t think anyone is seriously betting against that outcome.
I don’t think anyone is seriously betting against that outcome.
December 11, 2025 at 12:21 PM
With the most recent zero day in Google Chrome (466192044), we hit an uncomfortable milestone. 100 zero day vulnerabilities in 2025 so far. Equalling the full year figure for 2024. One more and 2025 becomes the busiest year on record.
I don’t think anyone is seriously betting against that outcome.
I don’t think anyone is seriously betting against that outcome.
Who knows the legal outcome, but it’s certainly worth heading over to twitter.new to claim your handle…
#BackWithYourEx
#BackWithYourEx
Operation Bluebird wants to relaunch “Twitter,” says Musk abandoned the name and logo
“Abandonment” offers rare chance to reclaim one of tech’s most recognized brands.
arstechnica.com
December 11, 2025 at 5:39 AM
Who knows the legal outcome, but it’s certainly worth heading over to twitter.new to claim your handle…
#BackWithYourEx
#BackWithYourEx
Every time I think I have seen the limit of cyber “expert” bios, someone proves me wrong. This is not about gatekeeping. It is about integrity, honesty and transparency in a field where people make decisions that really matter.
Cybersecurity has a credential problem
..
www.linkedin.com
December 10, 2025 at 2:51 PM
Every time I think I have seen the limit of cyber “expert” bios, someone proves me wrong. This is not about gatekeeping. It is about integrity, honesty and transparency in a field where people make decisions that really matter.
Never a dull moment with Mister Cluley, and his Smashing Security podcast ❤️
Terrific to have @rikferguson.com join me on episode 446 of the Smashing Security podcast, where we discussed how a teenage cybercriminal's attempt to mock a sextortion scammer badly backfired, and take a crystal ball look ahead to what 2026 might have in store...
open.spotify.com/episode/0paB...
open.spotify.com/episode/0paB...
A hacker doxxes himself, and social engineering-as-a-service
open.spotify.com
December 5, 2025 at 11:04 AM
Never a dull moment with Mister Cluley, and his Smashing Security podcast ❤️
Dear America, I have tried your “chocolate” and it is awful. So bad that I completely fail to grasp why Hallowe’en ever even took off in the US.
Do better.
Do better.
November 22, 2025 at 1:37 PM
Dear America, I have tried your “chocolate” and it is awful. So bad that I completely fail to grasp why Hallowe’en ever even took off in the US.
Do better.
Do better.
Anthropic’s report is being called the first AI-orchestrated cyber-espionage campaign. For many it’s the moment the alarm bell was finally audible.
For me, it’s different: the moment a warning I’ve been giving since 2017 stopped being “nightmare scenario” panel fodder & started leading the news.
For me, it’s different: the moment a warning I’ve been giving since 2017 stopped being “nightmare scenario” panel fodder & started leading the news.
We Built the Kill Chain for Humans. AI Didn’t Get the Memo.
Right now, Anthropic is all over the news for exposing what it calls the first largely AI-orchestrated cyber-espionage campaign: a suspected Chinese state-sponsored group, GTG-1002, hijacking Claude C...
www.linkedin.com
November 17, 2025 at 9:09 PM
Anthropic’s report is being called the first AI-orchestrated cyber-espionage campaign. For many it’s the moment the alarm bell was finally audible.
For me, it’s different: the moment a warning I’ve been giving since 2017 stopped being “nightmare scenario” panel fodder & started leading the news.
For me, it’s different: the moment a warning I’ve been giving since 2017 stopped being “nightmare scenario” panel fodder & started leading the news.
Lars Ulrich is definitely one of the drummers of all time.
November 3, 2025 at 9:38 PM
Lars Ulrich is definitely one of the drummers of all time.
Xi-phoon or Xi-clone? It’s so difficult to tell them apart.
Salt, Volt, Flax, Silk; they all rely on Xiploits.
Remember, just because something is not “required” doesn’t mean you shouldn’t do it.
Salt, Volt, Flax, Silk; they all rely on Xiploits.
Remember, just because something is not “required” doesn’t mean you shouldn’t do it.
FCC will vote to scrap telecom cybersecurity requirements
The commission’s Republican chair, who voted against the rules in January, calls them ineffective and illegal.
www.cybersecuritydive.com
October 30, 2025 at 9:26 PM
Xi-phoon or Xi-clone? It’s so difficult to tell them apart.
Salt, Volt, Flax, Silk; they all rely on Xiploits.
Remember, just because something is not “required” doesn’t mean you shouldn’t do it.
Salt, Volt, Flax, Silk; they all rely on Xiploits.
Remember, just because something is not “required” doesn’t mean you shouldn’t do it.
TAFKNAP - The Andrew Formerly Known As Prince.
October 30, 2025 at 9:18 PM
TAFKNAP - The Andrew Formerly Known As Prince.
Our team at Forescout has discovered multiple new vulnerabilities in TP-Link routers. You may have noticed an uncredited vulnerability disclosure from TP-Link yesterday, that was us.
Several additional vulnerabilities are still in the disclosure process and will be detailed in upcoming publications.
Several additional vulnerabilities are still in the disclosure process and will be detailed in upcoming publications.
New TP-Link Router Vulnerabilities: A Primer on Rooting Routers
Forescout’s Vedere Labs research uncovers TP-Link router vulnerabilities that allow attackers to root devices. See how, including mitigation guidance.
www.forescout.com
October 23, 2025 at 5:16 PM
Our team at Forescout has discovered multiple new vulnerabilities in TP-Link routers. You may have noticed an uncredited vulnerability disclosure from TP-Link yesterday, that was us.
Several additional vulnerabilities are still in the disclosure process and will be detailed in upcoming publications.
Several additional vulnerabilities are still in the disclosure process and will be detailed in upcoming publications.
I almost sliced off the tip of my finger with a breadknife the other day.
It’s given me a great idea for Hallowe’en canapés though.
#finger_food
It’s given me a great idea for Hallowe’en canapés though.
#finger_food
October 15, 2025 at 11:07 AM
I almost sliced off the tip of my finger with a breadknife the other day.
It’s given me a great idea for Hallowe’en canapés though.
#finger_food
It’s given me a great idea for Hallowe’en canapés though.
#finger_food
1981, the year of antmusic, is now as far behind us at 1937 was in 1981… Damn.
October 10, 2025 at 8:55 PM
1981, the year of antmusic, is now as far behind us at 1937 was in 1981… Damn.
PromptLock. Was. An. Academic. PoC. Not. An. AI. Revolution. In. Cybercrime.
Stop putting it in your blogs and presentations.
Thank you for your attention to this matter ;)
Stop putting it in your blogs and presentations.
Thank you for your attention to this matter ;)
October 8, 2025 at 10:11 PM
PromptLock. Was. An. Academic. PoC. Not. An. AI. Revolution. In. Cybercrime.
Stop putting it in your blogs and presentations.
Thank you for your attention to this matter ;)
Stop putting it in your blogs and presentations.
Thank you for your attention to this matter ;)
But, will the Conservatives give everyone (except “illegals” fkors) a free puppy “if they win the next election?
October 8, 2025 at 11:15 AM
But, will the Conservatives give everyone (except “illegals” fkors) a free puppy “if they win the next election?
If you edit for a security title and you follow me, I’ve a new column looking for a home: Operational Truth. Accuracy is a security property. It’s practical: exposure SLOs, drift measurement and enforced controls. and it has a funky Stranger Things tie-in. Want it as a contributed piece? DM me.
October 6, 2025 at 9:44 AM
If you edit for a security title and you follow me, I’ve a new column looking for a home: Operational Truth. Accuracy is a security property. It’s practical: exposure SLOs, drift measurement and enforced controls. and it has a funky Stranger Things tie-in. Want it as a contributed piece? DM me.
Terminal 2 at Prague airport is currently evacuated
October 5, 2025 at 9:04 AM
Terminal 2 at Prague airport is currently evacuated
Post you from a different era. Describe that era.
Sep 1992, Buckinghamshire. 22 & graduated. In a recession so couldn’t find a job, so I worked in my local boozer and lived up in the roof. Life was very good. After this I went to live in Paris and work in a bookshop.
Sep 1992, Buckinghamshire. 22 & graduated. In a recession so couldn’t find a job, so I worked in my local boozer and lived up in the roof. Life was very good. After this I went to live in Paris and work in a bookshop.
September 30, 2025 at 5:02 AM
Post you from a different era. Describe that era.
Sep 1992, Buckinghamshire. 22 & graduated. In a recession so couldn’t find a job, so I worked in my local boozer and lived up in the roof. Life was very good. After this I went to live in Paris and work in a bookshop.
Sep 1992, Buckinghamshire. 22 & graduated. In a recession so couldn’t find a job, so I worked in my local boozer and lived up in the roof. Life was very good. After this I went to live in Paris and work in a bookshop.
Boarding at Heathrow is still hit and miss after the recent #ransomware attack against Collins Aerospace .
Some gates are working. Some gates are still operating manual boarding procedures.
Be prepared for delays.
Some gates are working. Some gates are still operating manual boarding procedures.
Be prepared for delays.
September 25, 2025 at 9:13 AM
Boarding at Heathrow is still hit and miss after the recent #ransomware attack against Collins Aerospace .
Some gates are working. Some gates are still operating manual boarding procedures.
Be prepared for delays.
Some gates are working. Some gates are still operating manual boarding procedures.
Be prepared for delays.
I the ten years I have lived here in Warsaw, I’ve never seen a swan.
Suspiciously though, I have seen brogue-shaped footprints by the lake, just deep enough to hold half a pint of real ale, and a vague waft of stale tobacco. The was a clue in the tread although I could quite make it out.
Suspiciously though, I have seen brogue-shaped footprints by the lake, just deep enough to hold half a pint of real ale, and a vague waft of stale tobacco. The was a clue in the tread although I could quite make it out.
September 25, 2025 at 8:30 AM
I the ten years I have lived here in Warsaw, I’ve never seen a swan.
Suspiciously though, I have seen brogue-shaped footprints by the lake, just deep enough to hold half a pint of real ale, and a vague waft of stale tobacco. The was a clue in the tread although I could quite make it out.
Suspiciously though, I have seen brogue-shaped footprints by the lake, just deep enough to hold half a pint of real ale, and a vague waft of stale tobacco. The was a clue in the tread although I could quite make it out.