Tim Starks
@timstarks.bsky.social
Senior reporter, CyberScoop, covering spyware, cyber policy and more. Russia-sanctioned. Former Washington Post, POLITICO, CQ Roll Call. @timstarks.02 on Signal. [email protected]. Mastodon [email protected], X timstarks, Threads tstarks2.
Reposted by Tim Starks
About 70% of orgs still haven't patched those Cisco ASA vulns btw. If I was a ransomware group I'd invest in n-day (old) Cisco ASA AnyConnect vulns, as vast majority of orgs don't bother patching as they're too busy having a mass wank about quantum and AI risks.
cyberplace.social/@GossiTheDog...
cyberplace.social/@GossiTheDog...
November 6, 2025 at 11:35 PM
About 70% of orgs still haven't patched those Cisco ASA vulns btw. If I was a ransomware group I'd invest in n-day (old) Cisco ASA AnyConnect vulns, as vast majority of orgs don't bother patching as they're too busy having a mass wank about quantum and AI risks.
cyberplace.social/@GossiTheDog...
cyberplace.social/@GossiTheDog...
Reposted by Tim Starks
I think Google did a good job at not falling into the cyberslop bucket with this report.
There's nothing in the report to suggest orgs need to deviate from foundational security programmes - everything worked as it should.
There's nothing in the report to suggest orgs need to deviate from foundational security programmes - everything worked as it should.
November 5, 2025 at 4:14 PM
I think Google did a good job at not falling into the cyberslop bucket with this report.
There's nothing in the report to suggest orgs need to deviate from foundational security programmes - everything worked as it should.
There's nothing in the report to suggest orgs need to deviate from foundational security programmes - everything worked as it should.