Christoffer S.
@cstromblad.com
Father, husband, Swedish and cyber. Oh man, all the things cyber but mostly threat Intelligence. Dabble with Python. In the cyber field as a professional since 2001 […]
🌉 bridged from ⁂ https://swecyb.com/@nopatience, follow @ap.brid.gy to interact
🌉 bridged from ⁂ https://swecyb.com/@nopatience, follow @ap.brid.gy to interact
Reposted by Christoffer S.
Centralised platforms shape the conversation to serve their interests.
Mastodon returns power to you. Here connections are authentic, communities set their own rules, and your voice isn’t for sale.
Help to power the servers, tools, and communities making […]
[Original post on mastodon.social]
Mastodon returns power to you. Here connections are authentic, communities set their own rules, and your voice isn’t for sale.
Help to power the servers, tools, and communities making […]
[Original post on mastodon.social]
November 21, 2025 at 12:00 PM
Centralised platforms shape the conversation to serve their interests.
Mastodon returns power to you. Here connections are authentic, communities set their own rules, and your voice isn’t for sale.
Help to power the servers, tools, and communities making […]
[Original post on mastodon.social]
Mastodon returns power to you. Here connections are authentic, communities set their own rules, and your voice isn’t for sale.
Help to power the servers, tools, and communities making […]
[Original post on mastodon.social]
I think that @GossiTheDog has written a really good "summary" and review of the Capita ransomware attack and the subsequent investigation by ICO.
They fucked up. Badly. And they tried to get away, but they didn't. Take cybersecurity seriously, don't dabble and believe that you can get away with […]
They fucked up. Badly. And they tried to get away, but they didn't. Take cybersecurity seriously, don't dabble and believe that you can get away with […]
Original post on swecyb.com
swecyb.com
November 21, 2025 at 10:54 AM
I think that @GossiTheDog has written a really good "summary" and review of the Capita ransomware attack and the subsequent investigation by ICO.
They fucked up. Badly. And they tried to get away, but they didn't. Take cybersecurity seriously, don't dabble and believe that you can get away with […]
They fucked up. Badly. And they tried to get away, but they didn't. Take cybersecurity seriously, don't dabble and believe that you can get away with […]
This Mastodon instance has been updated to v4.5.2.
It appears to be a mostly "fixes" update.
https://github.com/mastodon/mastodon/releases/tag/v4.5.2
It appears to be a mostly "fixes" update.
https://github.com/mastodon/mastodon/releases/tag/v4.5.2
Release v4.5.2 · mastodon/mastodon
Upgrade overview This release contains upgrade notes that deviate from the norm: ℹ️ Requires assets recompilation For more information, view the complete release notes and scroll down to the upgrad...
github.com
November 20, 2025 at 4:44 PM
This Mastodon instance has been updated to v4.5.2.
It appears to be a mostly "fixes" update.
https://github.com/mastodon/mastodon/releases/tag/v4.5.2
It appears to be a mostly "fixes" update.
https://github.com/mastodon/mastodon/releases/tag/v4.5.2
Reposted by Christoffer S.
Here is an article produced by my colleague Marine Pichon. It explore and merge many aliases of known malware tied to the North Korean Operation DreamJob.
https://www.orangecyberdefense.com/global/blog/cert-news/a-pain-in-the-mist-navigating-operation-dreamjobs-arsenal
#threatintel #CTI […]
https://www.orangecyberdefense.com/global/blog/cert-news/a-pain-in-the-mist-navigating-operation-dreamjobs-arsenal
#threatintel #CTI […]
Original post on ioc.exchange
ioc.exchange
November 20, 2025 at 2:27 PM
Here is an article produced by my colleague Marine Pichon. It explore and merge many aliases of known malware tied to the North Korean Operation DreamJob.
https://www.orangecyberdefense.com/global/blog/cert-news/a-pain-in-the-mist-navigating-operation-dreamjobs-arsenal
#threatintel #CTI […]
https://www.orangecyberdefense.com/global/blog/cert-news/a-pain-in-the-mist-navigating-operation-dreamjobs-arsenal
#threatintel #CTI […]
Haven't read this report, but I like the "idea" of it... will try and find the time to at least skim through 🙂
https://content.kaspersky-labs.com/se/media/en/enterprise-security/report-dfi-dark-hunting.pdf
#cybersecurity #infosec
https://content.kaspersky-labs.com/se/media/en/enterprise-security/report-dfi-dark-hunting.pdf
#cybersecurity #infosec
November 20, 2025 at 2:03 PM
Haven't read this report, but I like the "idea" of it... will try and find the time to at least skim through 🙂
https://content.kaspersky-labs.com/se/media/en/enterprise-security/report-dfi-dark-hunting.pdf
#cybersecurity #infosec
https://content.kaspersky-labs.com/se/media/en/enterprise-security/report-dfi-dark-hunting.pdf
#cybersecurity #infosec
https://www.crowdstrike.com/en-us/blog/crowdstrike-researchers-identify-hidden-vulnerabilities-ai-coded-software/
I guess we've moved from ... this might happen, to this has happend? Or we thought they could do this, to... they have done this.
"CrowdStrike Counter Adversary Operations research […]
I guess we've moved from ... this might happen, to this has happend? Or we thought they could do this, to... they have done this.
"CrowdStrike Counter Adversary Operations research […]
Original post on swecyb.com
swecyb.com
November 20, 2025 at 1:44 PM
https://www.crowdstrike.com/en-us/blog/crowdstrike-researchers-identify-hidden-vulnerabilities-ai-coded-software/
I guess we've moved from ... this might happen, to this has happend? Or we thought they could do this, to... they have done this.
"CrowdStrike Counter Adversary Operations research […]
I guess we've moved from ... this might happen, to this has happend? Or we thought they could do this, to... they have done this.
"CrowdStrike Counter Adversary Operations research […]
Reposted by Christoffer S.
New, from me: The Cloudflare Outage May Be a Security Roadmap
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform […]
[Original post on infosec.exchange]
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform […]
[Original post on infosec.exchange]
November 19, 2025 at 5:04 PM
New, from me: The Cloudflare Outage May Be a Security Roadmap
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform […]
[Original post on infosec.exchange]
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform […]
[Original post on infosec.exchange]
"Evidence" of collaboration between Russian and North Korean APTs.
https://www.gendigital.com/blog/insights/research/apt-cyber-alliances-2025
#threatintel #cybersecurity
https://www.gendigital.com/blog/insights/research/apt-cyber-alliances-2025
#threatintel #cybersecurity
Alliances of convenience: How APTs are beginning to work together
Gen Threat Labs uncover evidence of rare cross-country coordination between Russia’s Gamaredon and North Korea’s Lazarus
www.gendigital.com
November 19, 2025 at 11:11 PM
"Evidence" of collaboration between Russian and North Korean APTs.
https://www.gendigital.com/blog/insights/research/apt-cyber-alliances-2025
#threatintel #cybersecurity
https://www.gendigital.com/blog/insights/research/apt-cyber-alliances-2025
#threatintel #cybersecurity
A few stories you might have missed:
https://www.greynoise.io/blog/fortiweb-cve-2025-64446
Expected exploitation of Fortinet ../ vulnerabilities. Exploitation seen from November 17. Always the useful data from GreyNoise […]
https://www.greynoise.io/blog/fortiweb-cve-2025-64446
Expected exploitation of Fortinet ../ vulnerabilities. Exploitation seen from November 17. Always the useful data from GreyNoise […]
Original post on swecyb.com
swecyb.com
November 19, 2025 at 8:42 PM
A few stories you might have missed:
https://www.greynoise.io/blog/fortiweb-cve-2025-64446
Expected exploitation of Fortinet ../ vulnerabilities. Exploitation seen from November 17. Always the useful data from GreyNoise […]
https://www.greynoise.io/blog/fortiweb-cve-2025-64446
Expected exploitation of Fortinet ../ vulnerabilities. Exploitation seen from November 17. Always the useful data from GreyNoise […]
(sqrx.com) Critical MCP API Vulnerability in Comet AI Browser Enables Arbitrary Command Execution
https://labs.sqrx.com/comet-mcp-api-allows-ai-browsers-to-execute-local-commands-dec185fb524b
> SquareX has discovered a critical security vulnerability in Comet […]
[Original post on swecyb.com]
https://labs.sqrx.com/comet-mcp-api-allows-ai-browsers-to-execute-local-commands-dec185fb524b
> SquareX has discovered a critical security vulnerability in Comet […]
[Original post on swecyb.com]
November 19, 2025 at 3:02 PM
(sqrx.com) Critical MCP API Vulnerability in Comet AI Browser Enables Arbitrary Command Execution
https://labs.sqrx.com/comet-mcp-api-allows-ai-browsers-to-execute-local-commands-dec185fb524b
> SquareX has discovered a critical security vulnerability in Comet […]
[Original post on swecyb.com]
https://labs.sqrx.com/comet-mcp-api-allows-ai-browsers-to-execute-local-commands-dec185fb524b
> SquareX has discovered a critical security vulnerability in Comet […]
[Original post on swecyb.com]
I'm not sure what's going on but @ESETresearch @ESET is really putting out some really good research these days.
Almost every other story they publish is quite awesome and even novel.
This article is no different.
I especially "like" the documented approach of redirect DNS requests for […]
Almost every other story they publish is quite awesome and even novel.
This article is no different.
I especially "like" the documented approach of redirect DNS requests for […]
Original post on swecyb.com
swecyb.com
November 19, 2025 at 12:27 PM
I'm not sure what's going on but @ESETresearch @ESET is really putting out some really good research these days.
Almost every other story they publish is quite awesome and even novel.
This article is no different.
I especially "like" the documented approach of redirect DNS requests for […]
Almost every other story they publish is quite awesome and even novel.
This article is no different.
I especially "like" the documented approach of redirect DNS requests for […]
I'm mostly surprised by the fact that the Cloudflare outage was not caused by badly propagated DNS resource records.
This is something new, and I'm not sure how I feel about it all.
It's as if a future Fortinet vulnerability wouldn't be caused by ../
@cR0w
This is something new, and I'm not sure how I feel about it all.
It's as if a future Fortinet vulnerability wouldn't be caused by ../
@cR0w
November 19, 2025 at 7:51 AM
I'm mostly surprised by the fact that the Cloudflare outage was not caused by badly propagated DNS resource records.
This is something new, and I'm not sure how I feel about it all.
It's as if a future Fortinet vulnerability wouldn't be caused by ../
@cR0w
This is something new, and I'm not sure how I feel about it all.
It's as if a future Fortinet vulnerability wouldn't be caused by ../
@cR0w
I really LOVE having access to a private "library" of articles and reports that have been tagged, and otherwise "enriched".
Looking for "threat" articles discussing or mentioning TightVNC, check.
Looking for articles mentioning various types of "Initial Access" methods, even if not […]
Looking for "threat" articles discussing or mentioning TightVNC, check.
Looking for articles mentioning various types of "Initial Access" methods, even if not […]
Original post on swecyb.com
swecyb.com
November 18, 2025 at 6:37 PM
I really LOVE having access to a private "library" of articles and reports that have been tagged, and otherwise "enriched".
Looking for "threat" articles discussing or mentioning TightVNC, check.
Looking for articles mentioning various types of "Initial Access" methods, even if not […]
Looking for "threat" articles discussing or mentioning TightVNC, check.
Looking for articles mentioning various types of "Initial Access" methods, even if not […]
Reposted by Christoffer S.
Chatting with a friend about Cloudflare's intermittent outages today, they brought up an interesting point: How many organizations have started relying on Cloudflare to do basic security blocking and tackling stuff, like stopping SQL injection attacks at the edge? Maybe your devs were lazy at […]
Original post on infosec.exchange
infosec.exchange
November 18, 2025 at 4:52 PM
Chatting with a friend about Cloudflare's intermittent outages today, they brought up an interesting point: How many organizations have started relying on Cloudflare to do basic security blocking and tackling stuff, like stopping SQL injection attacks at the edge? Maybe your devs were lazy at […]
Please be mindful that there's a significant amount of promotional language in this one, but there are some nuggets in there.
(crowdstrike.com) BLOCKADE SPIDER Employs Cross-Domain Techniques in Embargo Ransomware Campaigns
BLOCKADE SPIDER, a financially motivated eCrime adversary active since […]
(crowdstrike.com) BLOCKADE SPIDER Employs Cross-Domain Techniques in Embargo Ransomware Campaigns
BLOCKADE SPIDER, a financially motivated eCrime adversary active since […]
Original post on swecyb.com
swecyb.com
November 18, 2025 at 2:44 PM
Please be mindful that there's a significant amount of promotional language in this one, but there are some nuggets in there.
(crowdstrike.com) BLOCKADE SPIDER Employs Cross-Domain Techniques in Embargo Ransomware Campaigns
BLOCKADE SPIDER, a financially motivated eCrime adversary active since […]
(crowdstrike.com) BLOCKADE SPIDER Employs Cross-Domain Techniques in Embargo Ransomware Campaigns
BLOCKADE SPIDER, a financially motivated eCrime adversary active since […]
Reposted by Christoffer S.
Down, indeed!
November 18, 2025 at 2:40 PM
Down, indeed!
Comparisons have been made between the Internet infrastructure that was built back in late 90s and early 2000 as comparable to the AI investments now.
I think that's a dumb comparison. The "internet" infrastructure built back then was fundamentally different from what's being built today.
But […]
I think that's a dumb comparison. The "internet" infrastructure built back then was fundamentally different from what's being built today.
But […]
Original post on swecyb.com
swecyb.com
November 18, 2025 at 12:56 PM
Comparisons have been made between the Internet infrastructure that was built back in late 90s and early 2000 as comparable to the AI investments now.
I think that's a dumb comparison. The "internet" infrastructure built back then was fundamentally different from what's being built today.
But […]
I think that's a dumb comparison. The "internet" infrastructure built back then was fundamentally different from what's being built today.
But […]
Is there another Cloudflare snafu or something going on right now?!
November 18, 2025 at 11:39 AM
Is there another Cloudflare snafu or something going on right now?!
Reposted by Christoffer S.
We’re still an absolute skeleton crew of 14 people, competing with teams sometimes 100x as large as ours. To get to our humble team size was only possible through the less than 1% community members who donate to Mastodon, a handful larger donations, & EU grants, all of which we are forever […]
Original post on mastodon.social
mastodon.social
November 18, 2025 at 8:06 AM
We’re still an absolute skeleton crew of 14 people, competing with teams sometimes 100x as large as ours. To get to our humble team size was only possible through the less than 1% community members who donate to Mastodon, a handful larger donations, & EU grants, all of which we are forever […]
Reposted by Christoffer S.
Today I am stepping down from my role as the CEO of #mastodon. Though this has been in the works for a while, I can't say I've fully processed how I feel about it. There is a bittersweet part to it, and I think I will miss it, but it also felt necessary. It feels like a goodbye, but it isn't—I […]
Original post on mastodon.social
mastodon.social
November 18, 2025 at 8:46 AM
Today I am stepping down from my role as the CEO of #mastodon. Though this has been in the works for a while, I can't say I've fully processed how I feel about it. There is a bittersweet part to it, and I think I will miss it, but it also felt necessary. It feels like a goodbye, but it isn't—I […]
Just found this: https://authoritarian-stack.info/
I was somewhat oblivious how deep this hole was...
I was somewhat oblivious how deep this hole was...
The Authoritarian Stack
How Tech Billionaires Are Building a Post-Democratic America — And Why Europe Is Next
authoritarian-stack.info
November 18, 2025 at 8:53 AM
Just found this: https://authoritarian-stack.info/
I was somewhat oblivious how deep this hole was...
I was somewhat oblivious how deep this hole was...
Reposted by Christoffer S.
Hey everyone, we have some pretty big news to share. You might remember that we announced a big restructuring for the Mastodon team earlier this year. Today marks an important milestone in this transition.
#mastodon #fediverse #socialweb
#mastodon #fediverse #socialweb
November 18, 2025 at 8:05 AM
Hey everyone, we have some pretty big news to share. You might remember that we announced a big restructuring for the Mastodon team earlier this year. Today marks an important milestone in this transition.
#mastodon #fediverse #socialweb
#mastodon #fediverse #socialweb
Reposted by Christoffer S.
GenAI is a giant search engine, and it doesn’t do more for malware than a slightly shittier Google would. Malware has been using polymorphism since I didn’t have grey hair and drank less. Thanks for coming to my Ted talk.
November 17, 2025 at 9:11 AM
GenAI is a giant search engine, and it doesn’t do more for malware than a slightly shittier Google would. Malware has been using polymorphism since I didn’t have grey hair and drank less. Thanks for coming to my Ted talk.
Discovered the self-hosted todo app Tududi and I must say that first impression is... not bad, not bad at all.
It's clean, intuitive, has multi-user support and many other neat features.
I liked the idea of a simple capture without tying the "captured thing" as a task but just... here's a […]
It's clean, intuitive, has multi-user support and many other neat features.
I liked the idea of a simple capture without tying the "captured thing" as a task but just... here's a […]
Original post on swecyb.com
swecyb.com
November 16, 2025 at 3:12 PM
Discovered the self-hosted todo app Tududi and I must say that first impression is... not bad, not bad at all.
It's clean, intuitive, has multi-user support and many other neat features.
I liked the idea of a simple capture without tying the "captured thing" as a task but just... here's a […]
It's clean, intuitive, has multi-user support and many other neat features.
I liked the idea of a simple capture without tying the "captured thing" as a task but just... here's a […]
November 15, 2025 at 3:49 PM