cje
@cje.io
founder @bugcrowd && co-founder @disclose_io || hacker, entrepreneur, executive, advisor || عصا موسى || #w00w00
Srsly Risky Biz: The cyber regime change pipe dream m.cje.io/4qKXbn5
Risky Bulletin Podcast feed - Risky Business Media
Risky Bulletin Podcast feed
m.cje.io
November 7, 2025 at 12:27 AM
Srsly Risky Biz: The cyber regime change pipe dream m.cje.io/4qKXbn5
Price Equilibrium, Yo: The simple economics of an external shock to a bug bounty platform m.cje.io/3LzW09T
The simple economics of an external shock to a bug bounty platform
Abstract. We first provide background on the “nuts and bolts” of a bug bounty platform: a two-sided marketplace that connects firms and individual security
academic.oup.com
November 6, 2025 at 11:15 PM
Price Equilibrium, Yo: The simple economics of an external shock to a bug bounty platform m.cje.io/3LzW09T
Truffle Security Raises $25 Million Series B to Expand NHI Security 🎉 🎉 🎉 m.cje.io/4oU5Cut
November 6, 2025 at 3:57 PM
Truffle Security Raises $25 Million Series B to Expand NHI Security 🎉 🎉 🎉 m.cje.io/4oU5Cut
Reposted by cje
The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.
via @mattkapko.com cyberscoop.com/apple-securi...
via @mattkapko.com cyberscoop.com/apple-securi...
Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads
The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.
cyberscoop.com
November 5, 2025 at 3:14 PM
The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.
via @mattkapko.com cyberscoop.com/apple-securi...
via @mattkapko.com cyberscoop.com/apple-securi...
PATCH YO' APPLE support.apple.com/en-us/125632
About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support
This document describes the security content of iOS 26.1 and iPadOS 26.1.
support.apple.com
November 4, 2025 at 2:33 PM
PATCH YO' APPLE support.apple.com/en-us/125632
BOLD TALKS: Casey John Ellis on Hacking Trust, AI, and the Future of Cybersecurity m.cje.io/3LbZMGt
BOLD TALKS: Casey John Ellis on Hacking Trust, AI, and the Future of Cybersecurity
Subscribe to our BOLD Awards YouTube Channel: https://www.youtube.com/@BOLDAwards
BOLD Talks | Epi Ludvik and Casey John Ellis, Founder & Chief Strategy Officer at Bugcrowd
Welcome to BOLD Talks,…
m.cje.io
October 30, 2025 at 7:08 PM
BOLD TALKS: Casey John Ellis on Hacking Trust, AI, and the Future of Cybersecurity m.cje.io/3LbZMGt
Ugh… It’s 2025 and vendors still don’t understand the Streisand-effect.
cc: @disclose_io (threats.disclose.io)
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can www.uniladtech.com/social-media...
cc: @disclose_io (threats.disclose.io)
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can www.uniladtech.com/social-media...
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can
YouTuber Trevor McNally was sued by a lock company after he broke into one of their products using just a can, all for entertainment on his channel.
www.uniladtech.com
October 29, 2025 at 10:16 PM
Ugh… It’s 2025 and vendors still don’t understand the Streisand-effect.
cc: @disclose_io (threats.disclose.io)
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can www.uniladtech.com/social-media...
cc: @disclose_io (threats.disclose.io)
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can www.uniladtech.com/social-media...
China’s Vulnerability Research: What’s Different Now? nattothoughts.substack.com/p/chinas-vul...
China’s Vulnerability Research: What’s Different Now?
China’s bug-hunting scene is maturing - more players, bigger prizes, tighter structure, and a growing focus on domestic products, driven by profit, prestige, and national security.
nattothoughts.substack.com
October 27, 2025 at 4:44 AM
China’s Vulnerability Research: What’s Different Now? nattothoughts.substack.com/p/chinas-vul...
Eep... Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 m.cje.io/4noaaYW
m.cje.io
October 24, 2025 at 12:27 AM
Eep... Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 m.cje.io/4noaaYW
Seriously, I love this post so much - Good weekend timeline cleanser: "Root for Your Friends · Joseph Thacker"
m.cje.io/3KYvnLt
m.cje.io/3KYvnLt
Root for Your Friends
Discover the power of rooting for your friends and how it can amplify success for everyone involved.
m.cje.io
October 18, 2025 at 10:39 PM
Seriously, I love this post so much - Good weekend timeline cleanser: "Root for Your Friends · Joseph Thacker"
m.cje.io/3KYvnLt
m.cje.io/3KYvnLt
He tested his pitch on Uber drivers—then built a cybersecurity platform to $180M raised. | Casey Ellis, Founder of Bugcrowd - A Product Market Fit Show | Startup Podcast for Founders www.buzzsprout.com/1889238/epis...
He tested his pitch on Uber drivers—then built a cybersecurity platform to $180M raised. | Casey Ellis, Founder of Bugcrowd - A Product Market Fit Show | Startup Podcast for Founders
Casey turned hackers into a marketplace and built Bugcrowd to $180M+ raised. But the real story isn't about cybersecurity—it's about how he validated a two-sided marketplace with almost no product,…
m.cje.io
October 16, 2025 at 8:59 PM
He tested his pitch on Uber drivers—then built a cybersecurity platform to $180M raised. | Casey Ellis, Founder of Bugcrowd - A Product Market Fit Show | Startup Podcast for Founders www.buzzsprout.com/1889238/epis...
PATCH YO' F5 m.cje.io/43nNUHo
myF5
In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems.
m.cje.io
October 16, 2025 at 3:06 AM
PATCH YO' F5 m.cje.io/43nNUHo
Takeaway: If you’re building offensive AI capability on top of SOTA alone, it’s about to get *very* competitive.
Building the Leading Open-Source Pentesting Agent: Architecture Lessons from XBOW Benchmark
What if a security agent could reason through vulnerabilities the way expert pentesters do — not by following scripts, but by…
medium.com
October 14, 2025 at 9:37 PM
Takeaway: If you’re building offensive AI capability on top of SOTA alone, it’s about to get *very* competitive.
PATCH YO' IVANTI...OH WAIT NVM
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
ZDI has publicly disclosed 13 unpatched vulnerabilities in Ivanti Endpoint Manager, including 12 RCE flaws and one local privilege escalation.
m.cje.io
October 10, 2025 at 12:27 AM
PATCH YO' IVANTI...OH WAIT NVM
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
Awesome stuff from the @dreadnode crew at LABScon25 | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm m.cje.io/3VTmpl7
LABScon25 Replay | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm
In this LABScon25 talk, Dreadnode’s Martin Wendiggensen and Brad Palm explore how AI is changing Cyber Threat Intelligence and the research practices that support it.
This engaging talk lays the…
m.cje.io
October 9, 2025 at 2:43 PM
Awesome stuff from the @dreadnode crew at LABScon25 | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm m.cje.io/3VTmpl7
PATCH/THRUNT YO’ VMWARE
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
VMware CVE-2025-41244 exploited by UNC5174 since Oct 2024, CVSS 7.8, patch now available.
thehackernews.com
September 30, 2025 at 11:13 AM
PATCH/THRUNT YO’ VMWARE
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
“Historically, cybercriminals rarely retire in the traditional sense. Instead, they rebrand, regroup or pivot to new tactics and operations, or they get caught.” m.cje.io/3KcFXOA
Fifteen Ransomware Gangs “Retire,” Future Unclear
Fifteen ransomware groups have claimed shutdown on BreachForums; experts warn of rebrands and copycats
m.cje.io
September 21, 2025 at 1:27 AM
“Historically, cybercriminals rarely retire in the traditional sense. Instead, they rebrand, regroup or pivot to new tactics and operations, or they get caught.” m.cje.io/3KcFXOA
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims m.cje.io/4mrl0Nw
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims
The notorious cybercrime groups claim they are going dark, but experts believe they will continue their activities.
m.cje.io
September 20, 2025 at 7:13 AM
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims m.cje.io/4mrl0Nw
/me invoking HD Moore's Law
“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
The new AI-native framework, freely available online, could make advanced cyberattacks faster, easier, and more accessible than ever.
m.cje.io
September 20, 2025 at 1:27 AM
/me invoking HD Moore's Law
“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook m.cje.io/3VKOcns
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook
Campaign targets various vertical sectors in multiple NATO-based countries.
m.cje.io
September 13, 2025 at 1:27 AM
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook m.cje.io/3VKOcns
"This isn’t about turning analysts into data scientists. It’s about equipping them to work alongside AI effectively – understanding when to trust it, when to question it, and how to leverage it to decrease noise and focus on high-priority threats."
m.cje.io/3VNzgVI
m.cje.io/3VNzgVI
AI Emerges as the Hope—and Risk—for Overloaded SOCs
With security teams drowning in alerts, many suppress detection rules and accept hidden risks. AI promises relief through automation and triage—but without human oversight, it risks becoming part of…
m.cje.io
September 12, 2025 at 7:54 PM
"This isn’t about turning analysts into data scientists. It’s about equipping them to work alongside AI effectively – understanding when to trust it, when to question it, and how to leverage it to decrease noise and focus on high-priority threats."
m.cje.io/3VNzgVI
m.cje.io/3VNzgVI
Fresh from the "High-Entropy Headlines" desk: Albania appoints AI bot as minister to tackle corruption buff.ly/y9BcEOI
buff.ly
September 11, 2025 at 9:26 PM
Fresh from the "High-Entropy Headlines" desk: Albania appoints AI bot as minister to tackle corruption buff.ly/y9BcEOI
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook m.cje.io/3Ibo0iT
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook
Campaign targets various vertical sectors in multiple NATO-based countries.
www.scworld.com
September 11, 2025 at 1:27 AM
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook m.cje.io/3Ibo0iT