Ben Read
@benread.bsky.social
CTI @wizsecurity.bsky.social
Previously NSC44, Mandiant, Google
Go Mammoths
Previously NSC44, Mandiant, Google
Go Mammoths
Reposted by Ben Read
Hackers behind cyberattack against Poland electric grid in Dec disabled communication devices for at least 30 sites across a number of energy facilities in country. They rendered the devices - known as remote terminal units or RTUs - not only inoperable but also unrecoverable
Attack Against Poland's Grid Disrupted Communication Devices at About 30 Sites
The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of ...
www.zetter-zeroday.com
January 28, 2026 at 2:53 PM
Hackers behind cyberattack against Poland electric grid in Dec disabled communication devices for at least 30 sites across a number of energy facilities in country. They rendered the devices - known as remote terminal units or RTUs - not only inoperable but also unrecoverable
Reposted by Ben Read
New Publication Alert: It is my pleasure to share that my recent report – coauthored with Alexander Leslie and Taylor Grossman through the Center for Security, Innovation, and New Technology (CSINT) at American University – is now live. 1/8
www.au-csint.com/publications...
www.au-csint.com/publications...
Beyond Breaches: The Spectrum of Costs from Espionage and Pre-Positioning — CSINT
What are the costs of cyber espionage? And how do they differ from those of operations designed to prepare for attack?
www.au-csint.com
January 27, 2026 at 4:16 PM
New Publication Alert: It is my pleasure to share that my recent report – coauthored with Alexander Leslie and Taylor Grossman through the Center for Security, Innovation, and New Technology (CSINT) at American University – is now live. 1/8
www.au-csint.com/publications...
www.au-csint.com/publications...
Reposted by Ben Read
"stop pretending Jesus was crucified because he preached good vibes and personal growth"
January 25, 2026 at 10:54 PM
"stop pretending Jesus was crucified because he preached good vibes and personal growth"
Reposted by Ben Read
#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5
January 23, 2026 at 4:30 PM
#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5
Great work by Kim and ESET to get this story out there. The cyber threat has been off the front pages with everything else going on, but is still very real.
Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"
Cyberattack Targeting Poland’s Energy Grid Used a Wiper
A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and cause a power outage and o...
www.zetter-zeroday.com
January 23, 2026 at 5:48 PM
Great work by Kim and ESET to get this story out there. The cyber threat has been off the front pages with everything else going on, but is still very real.
Reposted by Ben Read
I wrote this right after the inauguration.
"The Christian nationalism of today is entirely inconsistent with the religion of the Founders. Our founding fathers kneeled to no pope, and they kneeled to no king. That is because they were mostly Episcopalians."
tompepinsky.com/2025/01/22/w...
"The Christian nationalism of today is entirely inconsistent with the religion of the Founders. Our founding fathers kneeled to no pope, and they kneeled to no king. That is because they were mostly Episcopalians."
tompepinsky.com/2025/01/22/w...
January 10, 2026 at 11:01 PM
I wrote this right after the inauguration.
"The Christian nationalism of today is entirely inconsistent with the religion of the Founders. Our founding fathers kneeled to no pope, and they kneeled to no king. That is because they were mostly Episcopalians."
tompepinsky.com/2025/01/22/w...
"The Christian nationalism of today is entirely inconsistent with the religion of the Founders. Our founding fathers kneeled to no pope, and they kneeled to no king. That is because they were mostly Episcopalians."
tompepinsky.com/2025/01/22/w...
Reposted by Ben Read
“I have asked the clergy of the diocese to make sure their affairs are in order and they have written their wills.,not the time for statements. It is time to put our bodies between the powers of this world and the most vulnerable”. Rob Hirschfeld, Bishop of the Episcopal Diocese of New Hampshire
Redirecting...
www.facebook.com
January 10, 2026 at 3:31 PM
“I have asked the clergy of the diocese to make sure their affairs are in order and they have written their wills.,not the time for statements. It is time to put our bodies between the powers of this world and the most vulnerable”. Rob Hirschfeld, Bishop of the Episcopal Diocese of New Hampshire
Reposted by Ben Read
Miami, which could not win the ACC, will play for the championship. Makes you wonder what UConn, which beat the ACC champ, and went undefeated* could have done if the powers at be hadn’t conspired to exclude UConn from the playoff.
*in regulation
*in regulation
January 9, 2026 at 4:31 AM
Miami, which could not win the ACC, will play for the championship. Makes you wonder what UConn, which beat the ACC champ, and went undefeated* could have done if the powers at be hadn’t conspired to exclude UConn from the playoff.
*in regulation
*in regulation
Reposted by Ben Read
The “prosecute the former regime at every level” candidate has my vote in 2028.
January 7, 2026 at 8:26 PM
The “prosecute the former regime at every level” candidate has my vote in 2028.
This campaign got written up by CNCERT, though they have a more chaste explanation for the name than I would have given.
www.secrss.com/articles/86568
www.secrss.com/articles/86568
December 30, 2025 at 2:40 PM
This campaign got written up by CNCERT, though they have a more chaste explanation for the name than I would have given.
www.secrss.com/articles/86568
www.secrss.com/articles/86568
Amazing innovation happening in Philadelphia (6/10)
December 28, 2025 at 4:10 PM
Amazing innovation happening in Philadelphia (6/10)
Reposted by Ben Read
I'm hiring a senior threat researcher! If you want to help me build out a team to track the most advanced actors targeting cloud environments, this is the job for you. This job is open to remote, but us-bases only. Feel free to reach out with questions.
www.wiz.io/careers/job/...
www.wiz.io/careers/job/...
December 15, 2025 at 2:26 PM
I'm hiring a senior threat researcher! If you want to help me build out a team to track the most advanced actors targeting cloud environments, this is the job for you. This job is open to remote, but us-bases only. Feel free to reach out with questions.
www.wiz.io/careers/job/...
www.wiz.io/careers/job/...
I'm hiring a senior threat researcher! If you want to help me build out a team to track the most advanced actors targeting cloud environments, this is the job for you. This job is open to remote, but us-bases only. Feel free to reach out with questions.
www.wiz.io/careers/job/...
www.wiz.io/careers/job/...
December 15, 2025 at 2:26 PM
I'm hiring a senior threat researcher! If you want to help me build out a team to track the most advanced actors targeting cloud environments, this is the job for you. This job is open to remote, but us-bases only. Feel free to reach out with questions.
www.wiz.io/careers/job/...
www.wiz.io/careers/job/...
Reposted by Ben Read
We just launched our new and expanded Adversarial Threat Report! We've been reporting on online threats like foreign interference for 7 years, but today's report expands our work to cover fraud, scams, and AI security threats. There's a ton in the report, I'll try to break it down in this thread. 1/
December 12, 2025 at 12:20 AM
We just launched our new and expanded Adversarial Threat Report! We've been reporting on online threats like foreign interference for 7 years, but today's report expands our work to cover fraud, scams, and AI security threats. There's a ton in the report, I'll try to break it down in this thread. 1/
Reposted by Ben Read
An article that perhaps got lost in the shuffle - on record interviews with senior Dutch intelligence officials where they lament the firing of fmr NSA director Tim Haugh and reveal they are being more careful sharing intel with US partners volkskrant.nl/binnenland/n...
December 9, 2025 at 5:04 PM
An article that perhaps got lost in the shuffle - on record interviews with senior Dutch intelligence officials where they lament the firing of fmr NSA director Tim Haugh and reveal they are being more careful sharing intel with US partners volkskrant.nl/binnenland/n...
New from the @wizsecurity.bsky.social team on what we're seeing post CVE-2025-55182 exploitation.
www.wiz.io/blog/nextjs-...
www.wiz.io/blog/nextjs-...
December 8, 2025 at 6:07 PM
New from the @wizsecurity.bsky.social team on what we're seeing post CVE-2025-55182 exploitation.
www.wiz.io/blog/nextjs-...
www.wiz.io/blog/nextjs-...
Reposted by Ben Read
Duke, which lost to UConn (like every team that reached a result with UConn in 60 minutes did) won the ACC.
PUT UCONN IN THE PLAYOFF
PUT UCONN IN THE PLAYOFF
December 7, 2025 at 4:59 AM
Duke, which lost to UConn (like every team that reached a result with UConn in 60 minutes did) won the ACC.
PUT UCONN IN THE PLAYOFF
PUT UCONN IN THE PLAYOFF
Shout out to whoever is exploiting CVE-2025-55182 to drop cryptominers and using "reactOnMynuts" as your campaign code.
December 6, 2025 at 4:30 PM
Shout out to whoever is exploiting CVE-2025-55182 to drop cryptominers and using "reactOnMynuts" as your campaign code.
Reposted by Ben Read
A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat g...
aws.amazon.com
December 5, 2025 at 1:06 AM
A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...
Reposted by Ben Read
There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it.
A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately.
react.dev/blog/2025/12...
A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately.
react.dev/blog/2025/12...
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
react.dev
December 3, 2025 at 3:45 PM
There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it.
A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately.
react.dev/blog/2025/12...
A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately.
react.dev/blog/2025/12...
An update on Sha1-Hulud from the team here @wizsecurity.bsky.social. Rami & Shay break down how we've seen it spread, the types of environments targeted and what secrets have been leaked.
www.wiz.io/blog/shai-hu...
www.wiz.io/blog/shai-hu...
Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact | Wiz Blog
A deeper look at the Shai-Hulud 2.0 supply chain attack: reviewing the infection spread, victimology, leaked secrets distribution, and community response so far.
www.wiz.io
December 1, 2025 at 6:24 PM
An update on Sha1-Hulud from the team here @wizsecurity.bsky.social. Rami & Shay break down how we've seen it spread, the types of environments targeted and what secrets have been leaked.
www.wiz.io/blog/shai-hu...
www.wiz.io/blog/shai-hu...
Reposted by Ben Read
Pete must be held accountable. This is not the opinion of some reactionary lib. I get accused all the fucking goddamn time of being the mainstream.
People need to be adjudicated for this. There are ideals of what an American thinks they are that have been violent violated here.
We demand justice.
People need to be adjudicated for this. There are ideals of what an American thinks they are that have been violent violated here.
We demand justice.
November 29, 2025 at 1:11 AM
Pete must be held accountable. This is not the opinion of some reactionary lib. I get accused all the fucking goddamn time of being the mainstream.
People need to be adjudicated for this. There are ideals of what an American thinks they are that have been violent violated here.
We demand justice.
People need to be adjudicated for this. There are ideals of what an American thinks they are that have been violent violated here.
We demand justice.
Heads up for East Coast people waking up.
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation.
Details: www.wiz.io/blog/shai-hu...
Shai-Hulud 2.0: Ongoing Supply Chain Attack | Wiz Blog
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.
www.wiz.io
November 24, 2025 at 12:43 PM
Heads up for East Coast people waking up.
Reposted by Ben Read
New report from Positive Technologies vivisects recent (2024-2025) APT31 attacks targeting Russian IT firms specifically government contractors and integrators
ptsecurity.com/research/pt-...
ptsecurity.com/research/pt-...
November 20, 2025 at 9:14 PM
New report from Positive Technologies vivisects recent (2024-2025) APT31 attacks targeting Russian IT firms specifically government contractors and integrators
ptsecurity.com/research/pt-...
ptsecurity.com/research/pt-...