Russian authorities have detained eight individuals in the republic of Bashkortostan, alleging their involvement in a plot to sabotage telecommunications infrastructure. The detentions signal a heightened focus on internal security amidst ongoing international tensions.

Kyiv is intensifying its plea to Washington for additional Patriot air defense systems, a critical request as Russia escalates its systematic targeting of Ukraine's energy infrastructure.

Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch a phishing attacks against customers via both email and WhatsApp.

Emergency blackouts lasting up to 12 hours were introduced following the attack, with Kyiv and other regions facing widespread internet and communication outages, according to internet watchdog NetBlocks.

: Aleksei Volkov faces years in prison, may have been working with other crews

Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening EU fears over reliance on Chinese tech and potential risks

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

The Washington Post getroffen door aanval op E-Business Suite van Oracle The Washington Post is getroffen door een cyberaanval op de E-Business Suite van Oracle, meldt de Amerikaanse krant in een verklaring. De impact van de aanval is onduidelijk. Oracle E-Business Suite i ... Read more Published Date: Nov 10, 2025 (2 hours, 9 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882

An expired 2015 law that gives companies liability protection when they share cyberthreat information with the federal government would be renewed through January 30 under Senate legislation to end the government shutdown.

Attackers are increasingly phishing over LinkedIn to reach executives and bypass email security tools. Push Security explains how real-time browser protection detects and blocks phishing across apps and channels as users load malicious pages.

A new report highlights a critical shift in the landscape of enterprise cybersecurity, positing that the user's browser has become a convergence point for significant identity, SaaS, and AI-related risks, often evading the purview of traditional security measures.

Today's links "Flexible labor" is a euphemism for "derisking capital" : It's a zero-sum game. Hey look at this : Delights to delectate. Object permanence : Corrupt CDs; 10,000 wax cylinders; EU wants copyright on links; Sony rootkit; Humbling math-papers; Chelsea Manning on Aaron Swartz; "Boundless Realms." Upcoming appearances : Where to find me. Recent appearances : Where I've been. Latest books : You keep readin' em, I'll keep writin' 'em. Upcoming books : Like I said, I'll keep writin' 'em. Colophon : All the rest. "Flexible labor" is a euphemism for "derisking capital" ( permalink ) Corporations aren't people, but people and corporations do share some characteristics. Whether you're a human being or an immortal sinister colony organism that uses humans as gut flora (e.g. a corporation), most of us need to pay the rent and cover our other expenses. "Earning a living" is a fact of life for humans and for corporations, and in both cases, the failure to do so can have dire consequences. For most humans, the path to earning a living is in selling your labor: that is, by finding a job, probably with a corporation. In taking that job, you assume some risk – for example, that your boss might be a jerk who makes your life a living hell, or that the company will go bust and leave you scrambling to make rent. The corporation takes a risk, too: you might be an ineffectual or even counterproductive employee who fails to work its capital to produce a surplus from which a profit can be extracted. You might also fail to show up for work, or come in late, and lower the productivity of the firm (say, because another worker will have to cover for you and fall behind on their own work). You could even quit your job. Both workers and corporations seek to "de-risk" their position. Workers can vote for politicians who will set minimum wages, punish unsafe working conditions and on-the-job harassment, and require health and disability insurance. They can also unionize and get some or all of these measures through collective bargaining (they might even get more protections, such as workplace tribunals to protect them from jobsite harassment). These are all examples of measures that shift risk from workers to capital. If a boss hires or promotes an abusive manager or cuts corners on shop-floor safety, the company – not the workers – will ultimately have to pay the price for its managers' poor judgment. Bosses also strive to de-risk their position, by shifting the risk onto workers . For example, bosses love noncompete clauses in contracts, which let them harness the power of the government to punish workers their workers for changing jobs, and other bosses for hiring them. Given a tight noncompete, a boss can impose such high costs on workers who quit that they will elect to stay, even in the face of degraded working conditions, inadequate pay, and abusive management: https://pluralistic.net/2022/02/02/its-the-economy-stupid/#neofeudal If you have $250,000 worth of student debt and your boss has coerced you into signing a contract with a noncompete, that means that quitting your job will see you excluded for three years (or longer) from the field you paid all that money to get a degree in, but you will still be expected to pay your loans over that period. Missing the loan payments means sky-high penalties, which is how you get situations where you borrow $79k, pay back $190k, and still owe $236k: https://pluralistic.net/2020/12/04/kawaski-trawick/#strike-debt Bosses can also coerce workers into signing contracts with "training repayment agreement provisions" (TRAPs), which force workers to pay thousands of dollars for the privilege of quitting their job. Put this in stark economic terms: if your boss can fine you $5,000 for quitting your job, he can impose $4,999 worth of risk on you without risking your departure: https://pluralistic.net/2022/08/04/its-a-trap/#a-little-on-the-nose Bosses also enter into illegal, secret "no poach" agreements whereby they all agree not to hire one another's workers. One particularly pernicious version of this is the "bondage fee," where a staffing agency will demand that all its clients agree never to hire one of its contractors. In NYC, the majority of "doorman buildings" use a staffing agency called Planned Companies, a subsidiary of Toronto-based Firstservice, whose standard contract contains a bondage fee provision. The upshot is that pretty much every doorman building is legally on the hook for huge cash fines if they hire pretty much anyone who has worked as a doorman anywhere in the city: https://pluralistic.net/2023/04/21/bondage-fees/#doorman-building Again, this is a form of de-risking for capital. By creating barriers to workers quitting their jobs, bosses can reduce the risk that their workers will quit, even if the pay and working conditions are inadequate. One of the most profound, effective and pervasive sites of de-risking is the gig economy, in which workers are not guaranteed any wages. By paying workers on a piecework basis – where you are only paid if a customer appears and consumes some of your labor – bosses can shift the risks associated with bad marketing, bad planning, and bad pricing onto their workers. Think of an Uber driver: when an Uber driver clocks into the app, they make the whole system more valuable. Each additional Uber driver on the road shortens the average wait time for a taxi. What's more, Uber's algorithmic wage discrimination allows the company to pay lower wages when there are more workers available: https://pluralistic.net/2023/04/12/algorithmic-wage-discrimination/#fishers-of-men Lots of companies have hit on the strategy of increasing staffing levels in order to increase customer satisfaction. If you're a hardcore frequent flier, your chosen airline will give you a special number you can call to speak to a human in a matter of seconds, without ever being shunted to a chatbot. This is a gigantic perk – especially if you're flying at a time when air traffic controllers are quitting in droves because they haven't been paid in a month, and thousands of flights are being canceled, leaving travelers scrambling to get rebooked: https://www.thedailybeast.com/air-traffic-controllers-start-resigning-as-shutdown-bites/ The airline that creates the secret, heavily staffed call center for its biggest customers is making a bet that those customers will spend enough money with the airline to cover the wage of those call-center employees. If the company bets wrong, it pays the penalty, taking a net loss on the call center. But what if the airline could switch to a "gig economy" call center like Arise, a pyramid scheme that ropes in primarily Black women who have to pay for the privilege of answering phones, and pay for the privilege of quitting, but who can be fired at any time? https://pluralistic.net/2020/10/02/chickenized-by-arise/#arise Well, in that case the airline could tap an effectively limitless pool of call-center workers who could keep its best customers happy, but without taking the risk that the wages for those workers will exceed the new business brought in by those frequent fliers. Instead, that risk is borne by the workers, who have to pay for their own training, and whose pay can be doled out on a piecework basis, only paying them when someone calls in, but not paying them to simply be available in case someone calls in. This isn't merely an employer de-risking its position: rather, the company is shifting its risk onto its workers. By deploying the legal fiction of worker misclassification in which an employee is classed as an "independent contractor," the boss can shift all the risk of misallocating labor onto workers. In other words, risk-shifting isn't eliminating risk, it's just moving it around. Remember: both the corporation and the humans who work for it have to earn a living. They both need money for rent and other bills, and they both face dire consequences if they fail to pay those bills. When your boss misclassifies you as a contractor and only pays you when there's a customer demanding your labor, the boss is shifting the risk that they won't be able to pay the rent (because they hired too many workers or marketed their product badly) to you. If your boss screws up, they can still pay the rent – because you won't be able to pay yours. That's what bosses mean by a "flexible workforce": a workforce that can coerced into assuming risk that properly belongs to its employers. After all, if you get into your car and clock onto the Uber app and fail to get a fare, whose fault is that? Uber bosses have all kinds of levers they can pull to increase ridership: they can reduce fares, they can advertise, they can even ping Uber riders directly through the app. What can an Uber driver do to increase the likelihood that they will get a fare? Absolutely, positively nothing . But who assumes the risk if a driver cruises the streets for hours, burning gas, not earning elsewhere, and not making a dime? The driver. Uber alone determines the conditions for drivers, including how many drivers they will allow to be on the streets at the same time. Uber alone has the aggregated statistics with which to estimate likely ridership. Uber alone has the ability to entice more riders to hail cars. And yet it is Uber drivers who bear the responsibility if Uber fucks any of this up, and Uber does fuck this up, so badly that the true average driver wage (that is, the wage for hours in the car, not just when there's a passenger in there with you) is $2.50/hour : https://pluralistic.net/2024/02/29/geometry-hates-uber/#toronto-the-gullible This is what it means to shift risk. Uber doesn't have to be disciplined about its fares or its staffing levels or its marketing, because its workers can be made to pay the penalties for its mistakes. It's like this throughout the gig economy: the rise and rise of a massive "flexible workforce" is actually the rise and rise of a system in which labor assumes capital's risk. Capital's story about a "flexible workforce" is that the risk is somehow magicked away when you can reclassify a worker as a contractor, but that's not true. A business that can only secure its sustained operations by shifting risk to its workers is a corporation that only exists because the workers who produce its profits assume the risks for its managers' blunders. ( Image: Cryteria , CC BY 3.0 , modified ) Hey look at this ( permalink ) Aurora Borealis Reliefs https://www.aurora-borealis-reliefs.com/ Trump's winning 2024 coalition has evaporated https://www.gelliottmorris.com/p/trumps-winning-2024-coalition-has The Future of Online Privacy Hinges on Thousands of New Jersey Cops https://www.wired.com/story/daniels-law-new-jersey-online-privacy-matt-adkisson-atlas-lawsuits/ Digi-Comp I https://en.wikipedia.org/wiki/Digi-Comp_I Blocking of Cloudflare IPs in Spain https://cybersecurityadvisors.network/2025/04/15/la-liga-blocking-of-cloudflare-ips-in-spain/ Object permanence ( permalink ) #20yrsago Where do trolls come from? https://web.archive.org/web/20051124144047/http://www.barbelith.com/topic/22769 #20yrsago Lists of corrupted CDs https://web.archive.org/web/20051104092309/http://ukcdr.org/issues/cd/bad/ #20yrsago Wanna sue the pants off Sony? https://web.archive.org/web/20051113134057/https://www.eff.org/deeplinks/archives/004149.php #20yrsago Katamari sushi https://www.flickr.com/photos/59199828@N00/61624921/ #20yrsago Sony’s EULA is worse than their rootkit https://web.archive.org/web/20051113134044/https://www.eff.org/deeplinks/archives/004145.php #20yrsago List of CDs infected with Sony’s rootkit DRM https://web.archive.org/web/20051113134049/https://www.eff.org/deeplinks/archives/004144.php #15yrsago TSA: checkpoint groping doesn’t exist https://web.archive.org/web/20101112010440/http://blog.tsa.gov/2010/11/white-house-blog-backscatter-back-story.html?showComment=1289329969182#c8438617926094279566 #15yrsago RIP, Robbins Barstow, godfather of the home movie revival https://amateurism.wordpress.com/2010/11/09/robbins-barstow-1919-2010/ #15yrsago Math papers with complicated, humbling titles https://web.archive.org/web/20101113223106/http://www.daddymodern.com/top-five-utterly-incomprehensible-mathematics-titles-at-arxiv-org/ #15yrsago Shirky: Times paywall is pretty much like all the other paywalls http://shirky.com/weblog/the-times-paywall-and-newsletter-economics/ #10yrsago 10,000 wax cylinders digitized and free to download https://cylinders.library.ucsb.edu/index.php #10yrsago The Economist’s anti-ad-blocking tool was hacked and infected readers’ computers https://www.theverge.com/2015/11/6/9681124/pagefair-economist-malware-ad-blocker #10yrsago EU wants to require permission to make a link on the Web https://felixreda.eu/2015/11/ancillary-copyright-2-0-the-european-commission-is-preparing-a-frontal-attack-on-the-hyperlink/ #10yrsago Federal judge orders NSA to stop collecting and searching plaintiffs’ phone records https://www.eff.org/deeplinks/2015/11/nsa-ordered-stop-collecting-querying-plaintiffs-phone-records #10yrsago Here’s the kind of data the UK government will have about you, in realtime https://web.archive.org/web/20151112034545/https://icreacharound.xyz/ #10yrsago The CIA writes like Lovecraft, Bureau of Prisons is like Stephen King, & NSA is like… https://www.muckrock.com/news/archives/2015/nov/09/famous-writers-agency-foia-offices/ #10yrsago Unevenly distributed future: America’s online education systemhttps://medium.com/@cshirky/the-digital-revolution-in-higher-education-has-already-happened-no-one-noticed-78ec0fec16c7 #10yrsago Chelsea Manning’s statement for Aaron Swartz Day 2015 https://www.aaronswartzday.org/chelsea-manning-2015/ #10yrsago Unevenly distributed futures: Hong Kong’s amazing towershttps://www.peterstewartphotography.com/Portfolio/Stacked-Hong-Kong #5yrsago UK corporate registrar bans code-injection https://pluralistic.net/2020/11/09/boundless-realm/#timmy-drop-tables #5yrsago Student data breaches vastly underreported https://pluralistic.net/2020/11/09/boundless-realm/#leaky-edtech #5yrsago Boundless Realms https://pluralistic.net/2020/11/09/boundless-realm/#fuxxfur Upcoming appearances ( permalink ) Lisbon: A post-American, enshittification-resistant internet, with Rabble (Web Summit), Nov 12 https://websummit.com/sessions/lis25/92f47bc9-ca60-4997-bef3-006735b1f9c5/a-post-american-enshittification-resistant-internet/ Cardiff: Hay Festival After Hours, Nov 13 https://www.hayfestival.com/c-203-hay-festival-after-hours.aspx Oxford: Enshittification and Extraction: The Internet Sucks Now with Tim Wu (Oxford Internet Institute), Nov 14 https://www.oii.ox.ac.uk/news-events/events/enshittification-and-extraction-the-internet-sucks-now/ London: Enshittification with Sarah Wynn-Williams and Chris Morris, Nov 15 https://www.barbican.org.uk/whats-on/2025/event/cory-doctorow-with-sarah-wynn-williams London: Downstream IRL with Aaron Bastani (Novara Media), Nov 17 https://dice.fm/partner/tickets/event/oen5rr-downstream-irl-aaron-bastani-in-conversation-with-cory-doctorow-17th-nov-earth-london-tickets London: Enshittification with Carole Cadwalladr (Frontline Club), Nov 18 https://www.eventbrite.co.uk/e/in-conversation-enshittification-tickets-1785553983029 Virtual: Enshittification with Vass Bednar (Vancouver Public Library), Nov 21 https://www.crowdcast.io/@bclibraries-present Toronto: Jailbreaking Canada (OCAD U), Nov 27 https://www.ocadu.ca/events-and-exhibitions/jailbreaking-canada San Diego: Enshittification at the Mission Hills Branch Library, Dec 1 https://libraryfoundationsd.org/events/doctorow Seattle: Neuroscience, AI and Society (University of Washington), Dec 4 https://www.eventbrite.com/e/neuroscience-ai-and-society-cory-doctorow-tickets-1735371255139 Madison, CT: Enshittification at RJ Julia, Dec 8 https://rjjulia.com/event/2025-12-08/cory-doctorow-enshittification Recent appearances ( permalink ) Reimagining Digital Public Infrastructure (Attention: Govern Or Be Governed) https://www.youtube.com/watch?v=F8JuXDfDtBY Enshittification and How To Fight It (ILSR) https://www.whoshallrule.com/p/enshittification-and-how-to-fight Big Tech’s “Enshittification” & Bill McKibben on Solar Hope for the Planet https://www.writersvoice.net/2025/11/cory-doctorow-on-big-techs-enshittification-bill-mckibben-on-solar-hope-for-the-planet/ Enshittification and the Rot Economy with Ed Zitron (Clarion West) https://www.youtube.com/watch?v=Tz71pIWbFyc Amanpour & Co (New Yorker Radio Hour) https://www.youtube.com/watch?v=I8l1uSb0LZg Latest books ( permalink ) "Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 "Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025 https://us.macmillan.com/books/9780374619329/enshittification/ "Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 ( https://us.macmillan.com/books/9781250865908/picksandshovels ). "The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 ( the-bezzle.org ). "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 ( http://lost-cause.org ). "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 ( http://seizethemeansofcomputation.org ). Signed copies at Book Soup ( https://www.booksoup.com/book/9781804291245 ). "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com . "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com Upcoming books ( permalink ) "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026 "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026 "The Memex Method," Farrar, Straus, Giroux, 2026 "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, 2026 Colophon ( permalink ) Today's top sources: Currently writing: "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. FIRST DRAFT COMPLETE AND SUBMITTED. A Little Brother short story about DIY insulin PLANNING This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net. https://creativecommons.org/licenses/by/4.0/ Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution. How to get Pluralistic: Blog (no ads, tracking, or data-collection): Pluralistic.net Newsletter (no ads, tracking, or data-collection): https://pluralistic.net/plura-list Mastodon (no ads, tracking, or data-collection): https://mamot.fr/@pluralistic Medium (no ads, paywalled): https://doctorow.medium.com/ Twitter (mass-scale, unrestricted, third-party surveillance and advertising): https://twitter.com/doctorow Tumblr (mass-scale, unrestricted, third-party surveillance and advertising): https://mostlysignssomeportents.tumblr.com/tagged/pluralistic " When life gives you SARS, you make sarsaparilla " -Joey "Accordion Guy" DeVilla READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer. ISSN: 3066-764X

With a 4M cybersecurity worker shortage, agentic AI helps SOCs move beyond triage, enabling proactive security once thought impossible.

On Sept. 30, 2025, the Cybersecurity Information Sharing Act (CISA 2015) officially expired, ending a decade-long framework that helped government and industry share cyber-threat data safely and consistently. For the first time in ten years, the United States lacks the statutory foundation that underpinned its public-private threat-intelligence ecosystem.

The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before: Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an internal storage system and deliver them to the user. End-to-end encryption is sufficient in such a narrow context. But often we want our cloud providers to be able to perform computation on our raw data: search, analysis, AI model training or fine-tuning, and more. Without expensive, esoteric techniques, such as secure multiparty computation protocols or homomorphic encryption techniques that can perform calculations on encrypted data, cloud servers require access to the unencrypted data to do anything useful...