And seeing ghosts!

Survey about legal and criminal threats experienced by journalists and security researchers Researchers who try to responsibly disclose leaks, vulnerabilities, and other security breaches or mishaps may face legal threats or lawsuits. Similarly, journalists may find themselves threatened wit...

Are you a security researcher or journalist? We want to hear from you! Please take this survey!

DataBreaches.net and myself (at this.weekinsecurity.com) are running this survey to better understand the state of legal demands and criminal threats experienced in cybersecurity.

Please share!

Five Observations from Black Hat MEA 2025 | Desired Effect Five standout differences from Black Hat MEA 2025 in Riyadh - from booth hospitality and content capture to hands-on zones, gender parity, and VIP upsells + travel notes

December has been busy! My latest blog combines #BlackHatMEA and #CyberMarketingConference. Want to know differences between how MEA marketers and their USA counterparts operate? Read on!

H/T @Sandip Wadje, @Aniket Bhardwaj, @Sounil Yu, and @nada AlGhannam

www.desiredeffect.io/blog/five-ob...

How to Hack a Drone Without Touching It (Fault Injection) - Hackers On The Rocks Podcast Gabriel González-García sips on a cold brew coffee and explains fault injection. Today’s episode dives into hardware hacking at the transistor level, where attackers manipulate the laws of physics…

I take my first sip of coffee, ever, while Gabriel Gonzalez injects code into a drone at runtime, get this: without touching it, by sending timed electromagnetic pulsing.
Mind blowing episode!!! Get your listen on!

Link: youtu.be/Z88VQDKtbog?...

How Hackers Break Into Cars Without Breaking In (Automotive Hacking) - Hackers On The Rocks Podcast Aaron (Acorn) sips on a Last Word cocktail and explains systems and security design Today’s episode dives deep into the world of automotive hacking. Our guest, researcher Aaron (aka Acorn), walks us…

Shopping for a new car? Enamored with all the latest tech? Ac0rn is! Listen and find out why modern cars are a researcher's playground!

Drink: Last Word
Link: youtu.be/IJafWnsvLiM?...

Why You Can’t Truly Opt Out of Data Collection (OSINT & Privacy) - Hackers On The Rocks Podcast Yael Grauer drinks Empress Southside while walking us through data colletion, OSINT, and privacy concerns What happens when your personal data is scattered across the internet and anyone can find…

Tis the season for online shopping!
Yael Grauer shares some data brokering challenges she encounters as she researches the privacy landscape.

Drink: (Color changing!) Empress Southside
Topic: OSINT
Link: youtu.be/Uu8bFKNPolI?...

All Aboard

open.spotify.com/track/2l3hnB...

Spending time with your family this Thanksgiving?
Perhaps a talk about Threat Modeling is what you need to prepare!

Guest: Adam
Drink: Rusty Nail
Link: youtu.be/YRzgZV_Ur90?...

Sources detail a leadership vacuum and staff cuts at the NSA, eroding morale among its analysts and weakening the agency's long-term cyber capabilities (David DiMolfetta/Nextgov/FCW)

Main Link | Techmeme Permalink

If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.

Collision with an entry from this competition, or from a previous event?

Malware that can tap tap taparoo... your phone.

Three Buddy Problem (Episode 66) YouTube video by Three Buddy Problem

We're streaming live to YouTube in ~20 mins. Come hang out with us www.youtube.com/watch?v=zjdh...

Two stars on his cap. Three stars on his chest.

House Homeland marking up both CISA 2015 reauth AND state/local cyber grant program legislation tomorrow. docs.house.gov/Committee/Ca... Should we get used to calling CISA 2015 "WIMWIG?"

🔥🔥WATCH: “Rappers are smarter than economists”👇🏽

@dossdiscourse.bsky.social explains more cops doesn’t lower crime it just means more money for private prisons— Addressing poverty/hunger/health care lowers crime… but Trump’s trillions transfer just made all that MUCH WORSE… meaning crime will rise.

3 Screenshots from the movie "Hackers" (1995): First, a young man in a sleeveless shirt sits in a cluttered room, saying "I've got a record. I was Zero Cool." Second, a group of friends gather around a table, one explaining "Zero Cool crashed 1,507 systems in one day. Biggest crash in history." Third, the same group listens as another person adds, "Front page New York Times, August 10, 1988."

Aug 10th 1988 - Zero Cool was in the New York Times for crashing 1,507 computer systems.

📽️📅 Hackers (1995)

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds Security researchers found two techniques to crack at least eight brands of electronic safes—used to secure everything from guns to narcotics—that are sold with Securam Prologic locks.

Researchers at Defcon just showed they can crack the Securam ProLogic locks used on high-security safes to protect guns, cash, and narcotics in pharmacies.

When they told Securam last year, it sent them legal threats—and didn't fix the flaws.

www.wired.com/story/secura...

Going to BlackHat next week and passionate about reverse engineering? Or, wanting to be? Come hang out with Jos Wetzels and I on the 7th at 11.20am to chat about projects, books and tools you really enjoy, let us know if you're hiring or looking for a job in reverse engineering!

Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.

🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.

key findings below ⬇️- 0/🧵 
www.atlanticcouncil.org/in-depth-res...

Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations The new law, which was first mooted in 2022, is intended to help Japan strengthen its cyber defense “to a level equal to major Western powers” and marks a break from the country’s traditional approach...

Japan on Friday enacted a new law that would permit the country’s authorities to preemptively engage with adversaries through offensive cyber operations to ensure threats are suppressed before they cause significant damage.

As a THOTCON sponsor, I received a handful of tickets.

If you'd like one of them, all you need to do is follow @desiredeffect.io to be entered into a raffle!

What's more important than setting up your company social media page?
Sponsoring THOTCON.
And giving away tickets to new friends!

"While we are seen as making vulnerabilities, our true job is on identifying them to protect consumers.
[Industry criticism of vuln mgmt community] 'All you do is introduce risks.' If we cannot describe it, then what are we doing? The shepherds of the vulns need to find a way forward"
#vulncon2025

Paris set to host difficult negotiations on tackling commercial hacking tools This week in Paris, the diplomatic initiative formerly known as the Pall Mall Process will continue to look for international agreement on thorny issues related to hacking tools known as commercial cy...

A joint diplomatic initiative by the French and British governments to tackle “the proliferation and irresponsible use” of commercial hacking tools is hoping to announce its participants have agreed new rules on the technologies involved in Paris this week.

Contractors could hack back against adversaries, top cyber Democrat says Rep. Eric Swalwell, D-Calif., said the federal government can’t protect everyone and the concept of asking private sector security companies to conduct offensive cyber operations is worth exploring.

Top cyber Democrat on House Homeland Security Committee Eric Swalwell suggests government contractors could be deployed to conduct offensive cyber operations against foreign adversaries:
www.nextgov.com/cybersecurit...

Worth the read. Deeply.

❤️

Have some hackademic research you'd love to see published as a paper? Submit it to WOOT 📝

Looking forward to your submissions!

The number of companies providing vulnerabilities to China’s MSS has ballooned to 324, up from 151 in 2023! Most new companies are currently Tier 3. China’s ecosystem of vuln suppliers is frothy.