Lawrence Berkeley National Lab (@berkeleylab.lbl.gov) Computing Sciences (@cs.lbl.gov) is accepting applications for two distinguished postdoctoral fellowships: Luis W. Alvarez Fellowship, and Admiral Grace M. Hopper Fellowship. Applications due Oct. 24, 2025. More information: go.lbl.gov/2026.
China has started filtering and censoring internet traffic taking place over the QUIC protocol.
The filtering started in April last year.
The Great Firewall now decrypts QUIC packets at scale and uses a separate blocklist for QUIC traffic, separate from its main filters
gfw.report/publications...
Here's a comprehensive alt text for the screen reader: "Chart titled 'Spike-To-New CVE Delta Distribution' showing the time delay between GreyNoise tag spikes and corresponding CVE publications. The chart has two sections: an upper cumulative distribution curve and a lower scatter plot. The upper section shows that 50% of spike-to-new-CVE events happen within 3 weeks, and 80% occur within 6 weeks, with the curve reaching nearly 100% by week 31. The lower scatter plot displays individual data points color-coded by vendor (Cisco in blue, Fortinet in red, Juniper in green, Palo Alto Networks in purple, Citrix in orange, Ivanti in teal, MikroTik in yellow, and SonicWall in pink). Most data points cluster heavily in the first 6 weeks, with the highest concentration in weeks 0-3, then gradually decreasing density through week 31. The X-axis represents weeks (0-31) and the Y-axis shows percentage of spike events (0-100%).
Chart titled 'Hidden Signals Before The Storm' showing timeline relationships between GreyNoise tag spikes (white dots) and CVE publications (red dots) across 8 vendors from late 2024 through mid-2025. Organized in 8 sections: Cisco (7 vulnerabilities including Unified Directory Traversal, Prime RCE, ASA XSS), Fortinet (3 vulnerabilities including FortiOS Disclosure, Auth. Bypass), Juniper (2 JunOS REI vulnerabilities), Citrix (4 NetScaler-related vulnerabilities), Ivanti (8 vulnerabilities including Endpoint Manager RCE, EPMM Auth. Bypass variants), MikroTik (RouterOS Bruteforcer), Palo Alto Networks (6 PAN-OS vulnerabilities including RCE, Auth. Bypass), and SonicWall (4 vulnerabilities including SRA SQLi, SMA RCE). Pattern shows white spike dots consistently appearing weeks to months before red CVE publication dots across all vendors. Note indicates different X-axis scales per section.
🆕 GreyNoise Research: Early Warning Signals Before CVEs Drop
In our latest research, we examined dozens of incidents where attacker activity — often in the form of exploit attempts — spiked weeks before a new CVE was disclosed.
One chart shows what we found (much more in the report):
Today's newsletter: The Wall Street Journal says ChatGPT had a "stunning moment of self reflection." NBC says Grok "issued an apology." This lazy language isn't just bad writing — it's helping tech companies dodge responsibility for real harm. www.readtpa.com/p/stop-prete...
ICYMI, yesterday we released a report providing a first look at how we found traces of spyware on two journalists' iPhones, traces which we can attribute with high confidence to Paragon's Graphite spyware:
Academics have discovered a local Great Firewall-like censorship system deployed exclusively in China's Henan region, working independently and about ten times more aggressively than China's main Great Firewall
gfw.report/publications...
Enigma will be back as a track at USENIX Security: https://www.usenix.org/conference/usenixsecurity25/enigma-cfp
New paper that analyzes MrDeepFakes, the largest open marketplace for sexual deepfakes (to appear at USENIX Security). The work covers increased consumption, buyer/seller economics, depicted targets, creator motivations, community dynamics, video creation, and use of academic papers/tools.
We're excited to tag ZDNS 2.0-RC1! 🎉 The release is packed with fixes and features. It brings ZDNS into a stable semantically versioned state, breaks apart the CLI and resolver logic, and adds support for IPv6, DNSSEC, DOH, DOT, global CNAME/DNAME following, and logic to try every name servers.
Incredibly excited to see Liz Izhikevich named to the Forbes 30 under 30 today for her work on LEO satellite network performance! www.forbes.com/profile/liz-.... See the cornerstone work here: lizizhikevich.github.io/assets/paper... and lizizhikevich.github.io/assets/paper....
There's a blog post with more details about the project and how it works here: censys.com/automated-hu....
We released Censeye today, an open source CLI tool that makes it dramatically easier to pivot and find related assets when threat hunting on Censys instead of manually checking for potential identifying characteristics like an SSH host key. github.com/Censys-Resea...
When we first released ZMap, we drafted best practices for minimizing harm when conducting large active Internet measurements. 10 years later, with more experience and shifted norms, we have updated our recommendations for researchers in Section 6 of our recent ZMap retrospective.
Chrome has released some distribution of global traffic compared to site popularity data (zakird.com/papers/brows... Figure 1) if someone wants to do rough back of envelope calculations
It's been a few years but that's not far off from what we saw in Firefox data when we analyzed: zakird.com/papers/lets-... (Figure 5). A lot of the long tail, though may be some more widespread adoption
While there's been much work building improved models to more effectively detect threats and harassment, what users want out of these tools is more complex than what we're optimizing or evaluating for today.
Last week at CSCW, Catherine Han presented our work on journalists' unmet needs for protecting against harassment online. While the work targeted Twitter/X, it surfaces several nuances in users' needs that span future platforms as well (e.g., not wanting to filter out threats or visibly block users)
