Kevin Beaumont
@doublepulsar.com
cybersecurity weather man. scanning the horizons for cloudy cyber. Expert at nothing except computer rubbish. Anti-ransomware since 2015.
Can we all agree this Safe Security marketing is also embarrassing AF?
November 10, 2025 at 4:07 PM
Can we all agree this Safe Security marketing is also embarrassing AF?
This is spot on. Quantum’s gonna be the next cyber grift (again), after the bottom falls out of GenAI. www.linkedin.com/posts/nathan...
November 10, 2025 at 1:06 PM
This is spot on. Quantum’s gonna be the next cyber grift (again), after the bottom falls out of GenAI. www.linkedin.com/posts/nathan...
Reposted by Kevin Beaumont
one of these headlines is not like the others
-Myanmar blows up KK Park scam compound
-Yanluowang ransomware IAB pleads guilty
-US CBO hacked by foreign APT
-Singapore to punish scammers with cane beatings
-Chrome will remove XSLT support for security reasons
Podcast: risky.biz/RBNEWS502/
Newsletter: news.risky.biz/risky-bullet...
-Yanluowang ransomware IAB pleads guilty
-US CBO hacked by foreign APT
-Singapore to punish scammers with cane beatings
-Chrome will remove XSLT support for security reasons
Podcast: risky.biz/RBNEWS502/
Newsletter: news.risky.biz/risky-bullet...
November 10, 2025 at 8:45 AM
one of these headlines is not like the others
Reposted by Kevin Beaumont
If there was ever a genuine new security threat from GenAI that had real world impacts for orgs where they had to change behaviour to defend, I’d likely be the first to post about it.
Would anybody notice, since almost everybody at cybersecurity vendors are incentivised to cry wolf?
Would anybody notice, since almost everybody at cybersecurity vendors are incentivised to cry wolf?
November 9, 2025 at 9:29 AM
If there was ever a genuine new security threat from GenAI that had real world impacts for orgs where they had to change behaviour to defend, I’d likely be the first to post about it.
Would anybody notice, since almost everybody at cybersecurity vendors are incentivised to cry wolf?
Would anybody notice, since almost everybody at cybersecurity vendors are incentivised to cry wolf?
Reposted by Kevin Beaumont
This is very clearly the direction in which things are headed, especially since so many of the people who built and maintained the tools the US IC has developed-in house have been fired or have left.
YIKES: NSO floats Pegasus spyware used in hypothetical "time of domestic crisis" in 🇺🇸America.
I believe they won't stop lobbying until they get Pegasus into USA.
To hack Americans. 1/
I believe they won't stop lobbying until they get Pegasus into USA.
To hack Americans. 1/
November 7, 2025 at 10:11 PM
This is very clearly the direction in which things are headed, especially since so many of the people who built and maintained the tools the US IC has developed-in house have been fired or have left.
Reposted by Kevin Beaumont
NEW: The U.S. Congressional Budget Office was hacked.
@doublepulsar.com found that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.
techcrunch.com/2025/11/07/c...
@doublepulsar.com found that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.
techcrunch.com/2025/11/07/c...
Congressional Budget Office confirms it was hacked | TechCrunch
The congressional research office confirmed a breach, but did not comment on the cause. A security researcher suggested the hack may have originated because CBO failed to patch a firewall for more tha...
techcrunch.com
November 7, 2025 at 4:38 PM
NEW: The U.S. Congressional Budget Office was hacked.
@doublepulsar.com found that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.
techcrunch.com/2025/11/07/c...
@doublepulsar.com found that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.
techcrunch.com/2025/11/07/c...
Reposted by Kevin Beaumont
Strictly amateur hour.
O, T****'s America: How great thou art!
Gifted.
Gifted.
To Preserve Records, Homeland Security Now Relies on Officials to Take Screenshots
www.nytimes.com
November 7, 2025 at 12:38 PM
Strictly amateur hour.
just leaving this here
Various US federal government orgs never finished patching Cisco ASA before the gov shutdown
Eg 158.219.75.133,*.cbo.gov|cbo.gov,YES,14/03/24 <- last patched in 2024, Congressional Budget Office
192.231.145.126,vpn.ha.nih.gov,YES,16/11/23 <- last patched in 2023, National Institutes of Health
Eg 158.219.75.133,*.cbo.gov|cbo.gov,YES,14/03/24 <- last patched in 2024, Congressional Budget Office
192.231.145.126,vpn.ha.nih.gov,YES,16/11/23 <- last patched in 2023, National Institutes of Health
November 6, 2025 at 11:07 PM
just leaving this here
You know that crap MIT Safe Security Generative AI ransomware paper, which they deleted? Try asking any AI to analyse and it. Here’s ChatGPT:
November 6, 2025 at 8:51 PM
You know that crap MIT Safe Security Generative AI ransomware paper, which they deleted? Try asking any AI to analyse and it. Here’s ChatGPT:
Since it recently emerged GenAI vendors are avoiding paywalls to scrape (steal) content they’ll also be arresting some execs too, right? www.404media.co/fbi-tries-to...
FBI Tries to Unmask Owner of Infamous Archive.is Site
The FBI has subpoenaed the domain registrar of archive.today, demanding information about the owner.
www.404media.co
November 6, 2025 at 7:29 PM
Since it recently emerged GenAI vendors are avoiding paywalls to scrape (steal) content they’ll also be arresting some execs too, right? www.404media.co/fbi-tries-to...
Reposted by Kevin Beaumont
I think there is a very wide gulf between the perception of these incidents -- rare, hyper targeted, super expensive, high value -- and the reality. In '22, NSO testified that they alone targeted approx. 13,000 annually. Why you? It's a fair question but also it's not an exclusive club.
NEW: The Paragon spyware scandal in Italy widens again.
A political consultant who works with left-wing politicians, who are part of the opposition party Partito Democratico, has now come out as the latest target.
"It is time to ask a very simple question: Why? Why me?" Francesco Nicodemos said.
A political consultant who works with left-wing politicians, who are part of the opposition party Partito Democratico, has now come out as the latest target.
"It is time to ask a very simple question: Why? Why me?" Francesco Nicodemos said.
Italian political consultant says he was targeted with Paragon spyware | TechCrunch
WhatsApp notified the consultant, who works for left-wing politicians, that his phone was targeted with spyware made by Paragon.
techcrunch.com
November 6, 2025 at 5:48 PM
I think there is a very wide gulf between the perception of these incidents -- rare, hyper targeted, super expensive, high value -- and the reality. In '22, NSO testified that they alone targeted approx. 13,000 annually. Why you? It's a fair question but also it's not an exclusive club.
Microsoft journey 2022-2027
November 6, 2025 at 10:07 AM
Microsoft journey 2022-2027
There's some really big caveats to this. A thread.
New: Google says it has discovered at least 5 malware families that use AI to rewrite their code and generate new capabilities on the fly, suggesting AI-powered malware is finally starting to take off. cloud.google.com/blog/topics/...
Report also has interesting stories about state actors' AI use.
Report also has interesting stories about state actors' AI use.
November 5, 2025 at 3:52 PM
There's some really big caveats to this. A thread.
Much like there’s employees of anti-ransomware companies doing ransomware attacks, there will end up being employees of GenAI cybersecurity companies who do GenAI based cyber attacks.
The financial incentive is there to set fire to things, the industry will love it too.
The financial incentive is there to set fire to things, the industry will love it too.
November 5, 2025 at 2:38 PM
Much like there’s employees of anti-ransomware companies doing ransomware attacks, there will end up being employees of GenAI cybersecurity companies who do GenAI based cyber attacks.
The financial incentive is there to set fire to things, the industry will love it too.
The financial incentive is there to set fire to things, the industry will love it too.
Using @shodanhq.bsky.social is not AI.
Since the report claims that using Shodan counts as AI and that AI is used to optimize phishing, that *could* mean that a lot of the AI is on the initial access broker end - in ransomware, affiliates license ransomware from designers and typically purchase pre-hacked systems to dump it in.
November 5, 2025 at 12:43 AM
Using @shodanhq.bsky.social is not AI.
@stephentailby.bsky.social hola! Re this - user generated content isn’t available on console. www.pushsquare.com/news/2025/11... cc @pushsquare.com
ARCADIA Is an Attempt to Revive MindsEye with User-Made Custom Experiences
Will it work?
www.pushsquare.com
November 4, 2025 at 10:49 PM
@stephentailby.bsky.social hola! Re this - user generated content isn’t available on console. www.pushsquare.com/news/2025/11... cc @pushsquare.com
Reposted by Kevin Beaumont
That’s rather unedifying
November 4, 2025 at 12:12 PM
That’s rather unedifying
Average company PR department rewriting this if it was cyber incident
Louvre heist carried out sophisticated nation state attackers. We take your security very seriously and are installing advanced locks. There is no evidence anything was taken at this time.
Louvre heist carried out sophisticated nation state attackers. We take your security very seriously and are installing advanced locks. There is no evidence anything was taken at this time.
November 3, 2025 at 10:37 PM
Average company PR department rewriting this if it was cyber incident
Louvre heist carried out sophisticated nation state attackers. We take your security very seriously and are installing advanced locks. There is no evidence anything was taken at this time.
Louvre heist carried out sophisticated nation state attackers. We take your security very seriously and are installing advanced locks. There is no evidence anything was taken at this time.
MIT casually rewriting their website and not noting it anywhere.
November 3, 2025 at 12:40 PM
MIT casually rewriting their website and not noting it anywhere.
Just to go on record - I'm starting a new series called CyberSlop, which is written as technical cybersecurity reports on threat actors.
The threat actors are respected institutions misusing GenAI to exfil money from victims: their customers.
IOCs are institutions themselves, TTPs how they do it.
The threat actors are respected institutions misusing GenAI to exfil money from victims: their customers.
IOCs are institutions themselves, TTPs how they do it.
November 3, 2025 at 10:40 AM
Just to go on record - I'm starting a new series called CyberSlop, which is written as technical cybersecurity reports on threat actors.
The threat actors are respected institutions misusing GenAI to exfil money from victims: their customers.
IOCs are institutions themselves, TTPs how they do it.
The threat actors are respected institutions misusing GenAI to exfil money from victims: their customers.
IOCs are institutions themselves, TTPs how they do it.
CrowdStrike 2025 European Threat Landscape Report is out.
You'll notice all of the initial access methods don't involve AI, and generative AI or GenAI isn't mentioned once. Which is interesting... considering it contradicts their own narrative a few weeks ago.
You'll notice all of the initial access methods don't involve AI, and generative AI or GenAI isn't mentioned once. Which is interesting... considering it contradicts their own narrative a few weeks ago.
November 3, 2025 at 10:34 AM
CrowdStrike 2025 European Threat Landscape Report is out.
You'll notice all of the initial access methods don't involve AI, and generative AI or GenAI isn't mentioned once. Which is interesting... considering it contradicts their own narrative a few weeks ago.
You'll notice all of the initial access methods don't involve AI, and generative AI or GenAI isn't mentioned once. Which is interesting... considering it contradicts their own narrative a few weeks ago.
Reposted by Kevin Beaumont
‼️ Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our article to include an Internet Archive link to the original paper.
November 1, 2025 at 4:00 AM
‼️ Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our article to include an Internet Archive link to the original paper.
I forgot I had a Rog Xbox Ally X on preorder, it arrived yesterday... it has Microsoft Recall on it, lol.
So I can rewind and see screenshots every 4 seconds of... Skyrim.
The bloat on the thing is unreal, feels half finished.
So I can rewind and see screenshots every 4 seconds of... Skyrim.
The bloat on the thing is unreal, feels half finished.
October 31, 2025 at 12:52 PM
I forgot I had a Rog Xbox Ally X on preorder, it arrived yesterday... it has Microsoft Recall on it, lol.
So I can rewind and see screenshots every 4 seconds of... Skyrim.
The bloat on the thing is unreal, feels half finished.
So I can rewind and see screenshots every 4 seconds of... Skyrim.
The bloat on the thing is unreal, feels half finished.