Chris Merkel
@chrismerkel.bsky.social
Cybersecurity / Infosec Leader, Teller of Rambling, Pointless Stories, Provider of Dubious Career Advice.
Professional alt, unprofessional posts.
Masto: @[email protected]
Professional alt, unprofessional posts.
Masto: @[email protected]
Reposted by Chris Merkel
Check out the ICIJ's page posting a series of articles and videos on their investigation. Kudos to everyone.
www.icij.org/investigatio...
www.icij.org/investigatio...
November 17, 2025 at 9:35 AM
Check out the ICIJ's page posting a series of articles and videos on their investigation. Kudos to everyone.
www.icij.org/investigatio...
www.icij.org/investigatio...
Reposted by Chris Merkel
I go to a lot of (cyber) conferences. So many people have so much cool stuff to say but I beg you, try really hard to put your presentations in front of people who you trust to take a machete to it. Suffering some critical feedback up front makes the whole presentation so much better.
Editors have a really hard job, and the good ones can make something unreadable readable, and the great ones can make something unreadable into something good. But they're basically invisible, until someone tries to write without one.
November 17, 2025 at 3:42 PM
I go to a lot of (cyber) conferences. So many people have so much cool stuff to say but I beg you, try really hard to put your presentations in front of people who you trust to take a machete to it. Suffering some critical feedback up front makes the whole presentation so much better.
I hate the AI they added to Alexa so much I'm thinking about playing my voice on a loop asking it questions just to make it smoke as much compute as possible.
November 17, 2025 at 1:36 AM
I hate the AI they added to Alexa so much I'm thinking about playing my voice on a loop asking it questions just to make it smoke as much compute as possible.
She's on a farm, praying with her baby in the background.
Prediction: She's going to go full techbro fash maga and run for office.
Prediction: She's going to go full techbro fash maga and run for office.
November 16, 2025 at 12:18 PM
She's on a farm, praying with her baby in the background.
Prediction: She's going to go full techbro fash maga and run for office.
Prediction: She's going to go full techbro fash maga and run for office.
Yoooo so cool to see @jasonkoebler.bsky.social 's work being shared at the ground level fighting the flock surveillance state in Denver.
youtu.be/95zqRm8vrKk?...
youtu.be/95zqRm8vrKk?...
November 15, 2025 at 5:41 PM
Yoooo so cool to see @jasonkoebler.bsky.social 's work being shared at the ground level fighting the flock surveillance state in Denver.
youtu.be/95zqRm8vrKk?...
youtu.be/95zqRm8vrKk?...
Reposted by Chris Merkel
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication
Fortinet FortiWeb flaw with public PoC exploited to create admin users
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication
www.bleepingcomputer.com
November 14, 2025 at 2:41 AM
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication
Reposted by Chris Merkel
Visualize all 23 years of BYTE magazine in all its glory, all at once:
November 11, 2025 at 6:18 PM
Visualize all 23 years of BYTE magazine in all its glory, all at once:
Reposted by Chris Merkel
I have another Reddit AMA scheduled! Tell your youts! www.reddit.com/r/SecurityCare...
Reddit - The heart of the internet
www.reddit.com
November 11, 2025 at 1:15 PM
I have another Reddit AMA scheduled! Tell your youts! www.reddit.com/r/SecurityCare...
Reposted by Chris Merkel
New from 404 Media: logins for Flock, the company behind the nationwide AI-camera network, are included in malware infections. Includes government and police accounts, meaning hackers could potentially break in. Senator Wyden asking FTC to investigate Flock
www.404media.co/flock-logins...
www.404media.co/flock-logins...
November 3, 2025 at 5:02 PM
New from 404 Media: logins for Flock, the company behind the nationwide AI-camera network, are included in malware infections. Includes government and police accounts, meaning hackers could potentially break in. Senator Wyden asking FTC to investigate Flock
www.404media.co/flock-logins...
www.404media.co/flock-logins...
Reposted by Chris Merkel
Adobe's launch of LLM inside Acrobat Reader is absolute dogshit. The one thing you want it for, which is to explain how to PDF, it doesn't know anything.
November 7, 2025 at 4:22 PM
Adobe's launch of LLM inside Acrobat Reader is absolute dogshit. The one thing you want it for, which is to explain how to PDF, it doesn't know anything.
Reposted by Chris Merkel
im not mad. please dont put in the newspaper that i got mad.
November 5, 2025 at 8:59 PM
im not mad. please dont put in the newspaper that i got mad.
Sadly, this looks like something that could be #cyberslop (thanks @doublepulsar.com) fodder.
C2 uses the OpenAI algo to store and retrieve JSON messages from a vector datastore. Far as I can understand this, they're not using LLM to carry out the attack, just using the API as a proxy.
C2 uses the OpenAI algo to store and retrieve JSON messages from a vector datastore. Far as I can understand this, they're not using LLM to carry out the attack, just using the API as a proxy.
Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.
Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.
www.bleepingcomputer.com
November 4, 2025 at 2:15 AM
Sadly, this looks like something that could be #cyberslop (thanks @doublepulsar.com) fodder.
C2 uses the OpenAI algo to store and retrieve JSON messages from a vector datastore. Far as I can understand this, they're not using LLM to carry out the attack, just using the API as a proxy.
C2 uses the OpenAI algo to store and retrieve JSON messages from a vector datastore. Far as I can understand this, they're not using LLM to carry out the attack, just using the API as a proxy.
Asking Mike Johnson a question about Trump is like asking ChatGPT to summarize a New York Times article. Bro is a human 404 error.
Raju: Last week, you were very critical of Biden, you said he didn’t even know who was pardoning. On 60 minutes, Trump admitted not knowing he pardoned a crypto billionaire guilty of money laundering. Is that also concerning?
Johnson: I don’t know anything about it.
Johnson: I don’t know anything about it.
November 3, 2025 at 5:45 PM
Asking Mike Johnson a question about Trump is like asking ChatGPT to summarize a New York Times article. Bro is a human 404 error.
Reposted by Chris Merkel
Amazon is helping fund a $300 million build of a ballroom for the White House.
Independent bookstores are donating to food banks and organizations that help with food insecurity.
They are not the same.
Independent bookstores are donating to food banks and organizations that help with food insecurity.
They are not the same.
October 30, 2025 at 4:01 PM
Amazon is helping fund a $300 million build of a ballroom for the White House.
Independent bookstores are donating to food banks and organizations that help with food insecurity.
They are not the same.
Independent bookstores are donating to food banks and organizations that help with food insecurity.
They are not the same.
If they take down the old domain, keys won't work. If they don't take down the domain, the accounts aren't actually "locked out", you're just being pushed through some flow to establish new ones.
Here's hoping it's a hard lockout, because anyone still there can get rekkkt.
Here's hoping it's a hard lockout, because anyone still there can get rekkkt.
X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so.
X: Re-enroll 2FA security keys by November 10 or get locked out
X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so.
www.bleepingcomputer.com
October 29, 2025 at 1:40 AM
If they take down the old domain, keys won't work. If they don't take down the domain, the accounts aren't actually "locked out", you're just being pushed through some flow to establish new ones.
Here's hoping it's a hard lockout, because anyone still there can get rekkkt.
Here's hoping it's a hard lockout, because anyone still there can get rekkkt.
Reposted by Chris Merkel
🛰️🌎🧪🚀
Got time to spare?
Plenty (wait too much actually) of International Space Station stuff here...
issinrealtime.org
Got time to spare?
Plenty (wait too much actually) of International Space Station stuff here...
issinrealtime.org
ISS in Real Time
Explore 25 years onboard the International Space Station.
issinrealtime.org
October 28, 2025 at 1:56 AM
🛰️🌎🧪🚀
Got time to spare?
Plenty (wait too much actually) of International Space Station stuff here...
issinrealtime.org
Got time to spare?
Plenty (wait too much actually) of International Space Station stuff here...
issinrealtime.org
Reposted by Chris Merkel
The NPR Network is your trusted source for reliable, accessible and fact-checked information. And now you can make sure we show up in your Google results.
How to make NPR and your local station your preferred news source on Google
The NPR Network is your trusted source for reliable, accessible and fact-checked information. And now you can make sure we show up in your Google results.
n.pr
October 27, 2025 at 2:56 PM
The NPR Network is your trusted source for reliable, accessible and fact-checked information. And now you can make sure we show up in your Google results.
Founders can cook up all kinds of smart ideas but seem completely blind to basic functionality like an offline mode.
October 21, 2025 at 5:56 PM
Founders can cook up all kinds of smart ideas but seem completely blind to basic functionality like an offline mode.
Reposted by Chris Merkel
TECH STARTUP: We're thrilled to announce our new app which gives you the power to kill anybody in the world
TECH STARTUP, A MONTH LATER: We hear you and we understand. Today we're making several significant changes to Anonymurder's terms of use
TECH STARTUP, A MONTH LATER: We hear you and we understand. Today we're making several significant changes to Anonymurder's terms of use
October 20, 2025 at 2:40 PM
TECH STARTUP: We're thrilled to announce our new app which gives you the power to kill anybody in the world
TECH STARTUP, A MONTH LATER: We hear you and we understand. Today we're making several significant changes to Anonymurder's terms of use
TECH STARTUP, A MONTH LATER: We hear you and we understand. Today we're making several significant changes to Anonymurder's terms of use
@downdetector.bsky.social is so slow in the speedtest app. You would think they would make it perform as well as the standalone app they want people to stop using
October 20, 2025 at 1:39 PM
@downdetector.bsky.social is so slow in the speedtest app. You would think they would make it perform as well as the standalone app they want people to stop using
Block, don't engage and don't engage with people who screenshot them and rage post.
October 18, 2025 at 5:24 PM
Block, don't engage and don't engage with people who screenshot them and rage post.
Reposted by Chris Merkel
They call this their “small-government, big-lunch’” group photo.
October 17, 2025 at 9:33 AM
They call this their “small-government, big-lunch’” group photo.