Paul Dokas
@pauldokas.bsky.social
🤨
happy anniversary of Stupid Lake getting its name [citation needed]
November 8, 2025 at 2:06 AM
🤨
Reposted by Paul Dokas
New awareness campaign
November 3, 2025 at 3:23 PM
New awareness campaign
Reposted by Paul Dokas
CrowdStrike 2025 European Threat Landscape Report is out.
You'll notice all of the initial access methods don't involve AI, and generative AI or GenAI isn't mentioned once. Which is interesting... considering it contradicts their own narrative a few weeks ago.
You'll notice all of the initial access methods don't involve AI, and generative AI or GenAI isn't mentioned once. Which is interesting... considering it contradicts their own narrative a few weeks ago.
November 3, 2025 at 10:34 AM
CrowdStrike 2025 European Threat Landscape Report is out.
You'll notice all of the initial access methods don't involve AI, and generative AI or GenAI isn't mentioned once. Which is interesting... considering it contradicts their own narrative a few weeks ago.
You'll notice all of the initial access methods don't involve AI, and generative AI or GenAI isn't mentioned once. Which is interesting... considering it contradicts their own narrative a few weeks ago.
Reposted by Paul Dokas
Kubernetes SIG Security is updating the OWASP Top 10 for Kubernetes, and we're seeking community input on it!
What do you think should be included? Fill out our survey here!
What do you think should be included? Fill out our survey here!
OWASP Kubernetes Top 10 2025 Survey
Kubernetes SIG Security Docs subproject is starting an update of the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included.
The goal of the Top 10 is to provide awarenes...
docs.google.com
October 31, 2025 at 8:44 PM
Kubernetes SIG Security is updating the OWASP Top 10 for Kubernetes, and we're seeking community input on it!
What do you think should be included? Fill out our survey here!
What do you think should be included? Fill out our survey here!
Reposted by Paul Dokas
NFC Relay Malware Exploits Android Tap-to-Pay for Fraudulent Transactions
NFC Relay Malware Exploits Android Tap-to-Pay for Fraudulent Transactions - Cyberwarzone
Zimperium zLabs has discovered hundreds of malicious Android apps using NFC relay and Host Card Emulation to steal payment data from tap-to-pay transactions, turning infected phones into tools for payment fraud.
cyberwarzone.com
October 29, 2025 at 11:53 PM
NFC Relay Malware Exploits Android Tap-to-Pay for Fraudulent Transactions
“Nearly half (45%) of C-level respondents — including CISOs and CIOs — describe themselves as "very confident" in their organization's readiness. Yet among mid-level managers, that number drops sharply to just 19%.”
They’re both optimists.
thehackernews.com/2025/10/the-...
They’re both optimists.
thehackernews.com/2025/10/the-...
The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
Bitdefender 2025 report exposes a widening cybersecurity perception gap between executives and frontline teams.
thehackernews.com
October 24, 2025 at 9:51 PM
“Nearly half (45%) of C-level respondents — including CISOs and CIOs — describe themselves as "very confident" in their organization's readiness. Yet among mid-level managers, that number drops sharply to just 19%.”
They’re both optimists.
thehackernews.com/2025/10/the-...
They’re both optimists.
thehackernews.com/2025/10/the-...
“The root cause was a race condition in DynamoDB's automated DNS management system that left an empty DNS record for the service's regional endpoint.”
www.theregister.com/2025/10/23/a...
www.theregister.com/2025/10/23/a...
A single DNS race condition brought AWS to its knees
: Fault in DynamoDB system cascaded through AWS services, knocking major sites offline for hours
www.theregister.com
October 24, 2025 at 7:59 AM
“The root cause was a race condition in DynamoDB's automated DNS management system that left an empty DNS record for the service's regional endpoint.”
www.theregister.com/2025/10/23/a...
www.theregister.com/2025/10/23/a...
Reposted by Paul Dokas
You've got just over a week to contribute feedback for the new OWASP Kubernetes Top 10 docs.google.com/forms/d/e/1F... . Thanks to all the people who have taken the time to contribute already!
OWASP Kubernetes Top 10 2025 Survey
Kubernetes SIG Security Docs subproject is starting an update of the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included.
The goal of the Top 10 is to provide awarenes...
docs.google.com
October 23, 2025 at 12:34 PM
You've got just over a week to contribute feedback for the new OWASP Kubernetes Top 10 docs.google.com/forms/d/e/1F... . Thanks to all the people who have taken the time to contribute already!
Reposted by Paul Dokas
The AWS outage bricked people's $2,700 smartbeds, leaving them in a reclining position or with the heat up. People were unable to use them, basically. A GitHub repo exists that lets people operate their beds without reliance on the normal infrastructure
www.404media.co/the-aws-outa...
www.404media.co/the-aws-outa...
The AWS Outage Bricked People’s $2,700 Smartbeds
When Amazon Web Services went offline, people lost control of their cloud-connected smart beds, getting stuck in reclined positions or roasting with the heat turned all the way up.
www.404media.co
October 22, 2025 at 1:43 PM
The AWS outage bricked people's $2,700 smartbeds, leaving them in a reclining position or with the heat up. People were unable to use them, basically. A GitHub repo exists that lets people operate their beds without reliance on the normal infrastructure
www.404media.co/the-aws-outa...
www.404media.co/the-aws-outa...
“Google has suddenly confirmed privacy initiatives ‘are being phased out.’ The Privacy Sandbox, now in its sixth year, has essentially ended just months after Google confirmed tracking is here to stay and there are no viable alternatives.”
www.forbes.com/sites/zakdof...
www.forbes.com/sites/zakdof...
‘Phased Out’—Google Confirms Bad News For All 3 Billion Chrome Users
Is it time to quit the world’s most popular browser as privacy nightmare comes true?
www.forbes.com
October 20, 2025 at 11:10 AM
“Google has suddenly confirmed privacy initiatives ‘are being phased out.’ The Privacy Sandbox, now in its sixth year, has essentially ended just months after Google confirmed tracking is here to stay and there are no viable alternatives.”
www.forbes.com/sites/zakdof...
www.forbes.com/sites/zakdof...
Reposted by Paul Dokas
I’d like to attend a rodeo just so I can say, “This is my first rodeo.”
October 17, 2025 at 4:15 PM
I’d like to attend a rodeo just so I can say, “This is my first rodeo.”
“The End of Cybersecurity: America’s Digital Defenses Are Failing—but AI Can Save Them”
www.foreignaffairs.com/united-state...
www.foreignaffairs.com/united-state...
a man is eating a can of soda .
Alt: a man is eating a can of soda .
media.tenor.com
October 17, 2025 at 12:12 AM
“The End of Cybersecurity: America’s Digital Defenses Are Failing—but AI Can Save Them”
www.foreignaffairs.com/united-state...
www.foreignaffairs.com/united-state...
“Close to half of the gain in gross domestic product this year will come from data center construction, and around 80 percent of stock market gains are attributable to a handful of AI-heavy tech companies.”
🤔
prospect.org/world/2025-1...
🤔
prospect.org/world/2025-1...
Why China Can Collapse the U.S. With One Decree
China holds a virtual monopoly over a product needed to produce the only thing holding up our economy right now. And it’s preparing to use that leverage.
prospect.org
October 15, 2025 at 10:36 AM
“Close to half of the gain in gross domestic product this year will come from data center construction, and around 80 percent of stock market gains are attributable to a handful of AI-heavy tech companies.”
🤔
prospect.org/world/2025-1...
🤔
prospect.org/world/2025-1...
Reposted by Paul Dokas
Reposted by Paul Dokas
OpenSSH 10.2 has just been released.
This release contains only non-security bugfixes, most notably for a bad regression that made interactive that used ControlPersist basically unusable
Full release notes at openssh.com/releasenotes...
This release contains only non-security bugfixes, most notably for a bad regression that made interactive that used ControlPersist basically unusable
Full release notes at openssh.com/releasenotes...
OpenSSH: Release Notes
OpenSSH release notes
openssh.com
October 10, 2025 at 9:44 AM
OpenSSH 10.2 has just been released.
This release contains only non-security bugfixes, most notably for a bad regression that made interactive that used ControlPersist basically unusable
Full release notes at openssh.com/releasenotes...
This release contains only non-security bugfixes, most notably for a bad regression that made interactive that used ControlPersist basically unusable
Full release notes at openssh.com/releasenotes...
Reposted by Paul Dokas
Shortwave pirate radio station Rolling Stones Radio has been on 6850 USB since about 1100 UTC with a very good signal here in Westminster MD USA. And they've already sent the #eQSL !
www.hfunderground.com/board/index....
www.hfunderground.com/board/index....
October 5, 2025 at 11:48 AM
Shortwave pirate radio station Rolling Stones Radio has been on 6850 USB since about 1100 UTC with a very good signal here in Westminster MD USA. And they've already sent the #eQSL !
www.hfunderground.com/board/index....
www.hfunderground.com/board/index....
Reposted by Paul Dokas
60 hours left to get 3 sysadmin books for the price of 1!
The #kickstarter for "Networking for System Administrators" has gone beyond what I hoped. My next hope is that it makes your #sysadmin job suck less.
mwl.io/ks
The #kickstarter for "Networking for System Administrators" has gone beyond what I hoped. My next hope is that it makes your #sysadmin job suck less.
mwl.io/ks
Networking for System Administrators (2nd Edition)
The critically-acclaimed sysadmin reference, updated for modern Windows and Unix
mwl.io
October 5, 2025 at 11:52 AM
60 hours left to get 3 sysadmin books for the price of 1!
The #kickstarter for "Networking for System Administrators" has gone beyond what I hoped. My next hope is that it makes your #sysadmin job suck less.
mwl.io/ks
The #kickstarter for "Networking for System Administrators" has gone beyond what I hoped. My next hope is that it makes your #sysadmin job suck less.
mwl.io/ks
“‘given the current security posture of the platform and the hosted 3rd party applications the likelihood of an adversary gaining persistent undetectable access to the platform requires the system be treated as very high risk.’”
finance.yahoo.com/news/anduril...
finance.yahoo.com/news/anduril...
Anduril and Palantir battlefield communication system 'very high risk,' US Army memo says
WASHINGTON (Reuters) -The much-needed modernization of the U.S. Army's battlefield communications network being undertaken by Anduril, Palantir and others is rife with "fundamental security" problems ...
finance.yahoo.com
October 4, 2025 at 8:04 AM
“‘given the current security posture of the platform and the hosted 3rd party applications the likelihood of an adversary gaining persistent undetectable access to the platform requires the system be treated as very high risk.’”
finance.yahoo.com/news/anduril...
finance.yahoo.com/news/anduril...
👀
Japan days away from running out of Asahi Super Dry after cyber attack on.ft.com/4nH4Hxl
Japan days away from running out of Asahi Super Dry after cyber attack
Vast majority of factories of nation’s most popular beer have stopped work this week
on.ft.com
October 2, 2025 at 9:54 AM
👀
Reposted by Paul Dokas
`use-mcp`'s oauth2 process uses a window.open call with untrusted mcp server provided data allowing for code execution under the page using it
https://hackerone.com/reports/3211031
https://hackerone.com/reports/3211031
September 30, 2025 at 9:14 AM
`use-mcp`'s oauth2 process uses a window.open call with untrusted mcp server provided data allowing for code execution under the page using it
https://hackerone.com/reports/3211031
https://hackerone.com/reports/3211031
Reposted by Paul Dokas
'You'll never need to work again': Criminals offer reporter money to hack BBC.
I recently got offered millions of pounds to give cyber criminals from the Medusa gang my BBC login. I played along to learn about how these 'insider threat' deals work.
www.bbc.co.uk/news/article...
I recently got offered millions of pounds to give cyber criminals from the Medusa gang my BBC login. I played along to learn about how these 'insider threat' deals work.
www.bbc.co.uk/news/article...
'You'll never need to work again': Criminals offer reporter money to hack BBC
Reporter Joe Tidy was offered money if he would help cyber criminals access BBC systems.
www.bbc.co.uk
September 29, 2025 at 6:02 AM
'You'll never need to work again': Criminals offer reporter money to hack BBC.
I recently got offered millions of pounds to give cyber criminals from the Medusa gang my BBC login. I played along to learn about how these 'insider threat' deals work.
www.bbc.co.uk/news/article...
I recently got offered millions of pounds to give cyber criminals from the Medusa gang my BBC login. I played along to learn about how these 'insider threat' deals work.
www.bbc.co.uk/news/article...
Reposted by Paul Dokas
How is this not bigger news in tech/security circles.
Jaguar Land Lover lost $250M (£200M) and counting thanks to a cyberattack that it still couldn’t mitigate. This is growing every week.
The cost of underinvesting in security is very real. 1+ month recovery is bonkers
Jaguar Land Lover lost $250M (£200M) and counting thanks to a cyberattack that it still couldn’t mitigate. This is growing every week.
The cost of underinvesting in security is very real. 1+ month recovery is bonkers
September 28, 2025 at 10:05 AM
How is this not bigger news in tech/security circles.
Jaguar Land Lover lost $250M (£200M) and counting thanks to a cyberattack that it still couldn’t mitigate. This is growing every week.
The cost of underinvesting in security is very real. 1+ month recovery is bonkers
Jaguar Land Lover lost $250M (£200M) and counting thanks to a cyberattack that it still couldn’t mitigate. This is growing every week.
The cost of underinvesting in security is very real. 1+ month recovery is bonkers
OH: "I will say that my friend Gemini is more like Forest Gump than Rain Man."
This is true of all LLMs. They are tools, nothing more.
This is true of all LLMs. They are tools, nothing more.
September 25, 2025 at 3:14 PM
OH: "I will say that my friend Gemini is more like Forest Gump than Rain Man."
This is true of all LLMs. They are tools, nothing more.
This is true of all LLMs. They are tools, nothing more.
"... Secret Service agents discovered more than 300 co-located SIM servers and 100,000 SIM cards ..."
"'These devices allowed anonymous, encrypted communications between potential threat actors and criminal enterprises ...'"
🤔
www.nbcnews.com/politics/nat...
"'These devices allowed anonymous, encrypted communications between potential threat actors and criminal enterprises ...'"
🤔
www.nbcnews.com/politics/nat...
Secret Service agents dismantle network that could shut down New York cellphone system
Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activites.
www.nbcnews.com
September 23, 2025 at 12:44 PM
"... Secret Service agents discovered more than 300 co-located SIM servers and 100,000 SIM cards ..."
"'These devices allowed anonymous, encrypted communications between potential threat actors and criminal enterprises ...'"
🤔
www.nbcnews.com/politics/nat...
"'These devices allowed anonymous, encrypted communications between potential threat actors and criminal enterprises ...'"
🤔
www.nbcnews.com/politics/nat...
“Someone allegedly found an MGM Grand employee on LinkedIn and impersonated them, calling the company IT department to ask for a password reset. Once the reset was granted, the hacker reportedly had access to MGM’s internal systems ‘in 10 minutes.’”
Of course. 🙄
www.sfgate.com/travel/artic...
Of course. 🙄
www.sfgate.com/travel/artic...
Teen arrested on suspicion of Vegas Strip attack that cost $100M
A teenager has been arrested on suspicion of orchestrating a “sophisticated” hack.
www.sfgate.com
September 23, 2025 at 12:52 AM
“Someone allegedly found an MGM Grand employee on LinkedIn and impersonated them, calling the company IT department to ask for a password reset. Once the reset was granted, the hacker reportedly had access to MGM’s internal systems ‘in 10 minutes.’”
Of course. 🙄
www.sfgate.com/travel/artic...
Of course. 🙄
www.sfgate.com/travel/artic...