Lightnews — Scholar-powered news

Reposted by Caitlin Condon

Jake Williams @malwarejake.bsky.social · 7d

More governors need to stand up like this.

I'm no fan of Newsom generally, but he's at least not rolling over for the administration. California is better off for it.

Brian Tyler Cohen @briantylercohen.bsky.social · 7d

Gavin Newsom announces that any California university that caves to Trump and signs his “loyalty pledge” will be immediately defunded.

“CALIFORNIA WILL NOT BANKROLL SCHOOLS THAT SELL OUT THEIR STUDENTS.”

2 1 25

Reposted by Caitlin Condon

Ján Trenčanský @j91321.bsky.social · 12d

I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.

1 1 2

Caitlin Condon @catc0n.bsky.social · 12d

It seems like there’s still a piece of the story missing re: the private key.

2

Caitlin Condon @catc0n.bsky.social · 14d

Pretty unfortunate update on Fortra GoAnywhere MFT CVE-2025-10035 from the folks at watchTowr labs.watchtowr.com/it-is-bad-ex...

It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2

We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035. Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible inte...

labs.watchtowr.com

1 1

Reposted by Caitlin Condon

jon greig @jgreig.bsky.social · 14d

Federal agencies have about 24 hours to patch two critical bugs in a line of Cisco firewalls

patch CVE-2025-30333 and CVE-2025-20362 asap

therecord.media/cisco-asa-fi...

Federal agencies given one day to patch exploited Cisco firewall bugs

Vulnerabilities in some models of Cisco's Adaptive Security Appliances (ASA) have been exploited by "an advanced threat actor," according to a warning from CISA.

therecord.media

3 5

Reposted by Caitlin Condon

Kat Abughazaleh @katmabu.bsky.social · 14d

I don’t think I’ve ever loved anything as much as ICE loves violently attacking women.

Brad Lander @bradlander.bsky.social · 14d

I was back at 26 Federal Plaza today, where an ICE agent violently threw this bereft woman to the ground in front of her kids. She had not touched him. She did not pose any threat. She had to be taken to the hospital. (🎥: Elias Eliahu)

1.3K 4.2K 15K

Reposted by Caitlin Condon

Andy Greenberg @agreenberg.bsky.social · 16d

The Secret Service isn't claiming it foiled any plot targeting the UN General Assembly. Just that a big collection of SIMs (probably used for fraud) could have *potentially* disrupted NYC cell service. The SIMs were in a *35 MILE* radius of the UN.

These headlines are all pretty egregiously wrong:

11 100 360

Reposted by Caitlin Condon

Anthony Moser @anthonymoser.com · 19d

This is incredible stuff

Anthony B, @swearyanthony.bsky.social · 19d

One for law/criminal justice/"AI" fans: www.reddit.com/r/publicdefe...

From the publicdefenders community on Reddit

Explore this post and more from the publicdefenders community

www.reddit.com

1 6 37

Caitlin Condon @catc0n.bsky.social · 21d

Last night, Fortra disclosed a critical vulnerability in their GoAnywhere MFT file transfer product. CVE-2025-10035 has a virtually identical description to CVE-2023-0669, which was exploited by ransomware crews. Unclear if this one has been exploited. Patch now. www.vulncheck.com/blog/cve-202...

CVE-2025-10035: Critical Vulnerability in Fortra GoAnywhere MFT | Blog | VulnCheck

A new critical vulnerability was disclosed in Fortra's GoAnywhere managed file transfer product, which has been targeted in the past by ransomware and extortion groups

www.vulncheck.com

4 4

Reposted by Caitlin Condon

Dave Walker @davewalker.bsky.social · Aug 25

Possible causes of your problems. It’s a diagram that (sadly) still seems relevant in 2025, so reposting a year and a bit on.

Diagram titled 'Possible causes of your problems'. On the left hand side, subtitled 'Yes': Funding removed from local councils, growing gap between rich and poor, multinational companies not paying their taxes, lack of new affordable housing, government not investing sufficiently in schools and healthcare. On the right hand side, subtitled 'No': Picture of small boat, with arrow; 'People fleeing horrific situations that you and I can't imagine'.

14 1.6K 2.6K

Caitlin Condon @catc0n.bsky.social · 22d

Hey, security research friends! You know how vulnerability disclosure coordination is the most painful part of vuln research? Good news: VulnCheck will do it for you! You get credit, we handle the CVEs + vendor discussions.

Report vulnerabilities for disclosure here: vulncheck.com/advisories/r...

VulnCheck - Outpace Adversaries

Vulnerability intelligence that predicts avenues of attack with speed and accuracy.

vulncheck.com

7

Caitlin Condon @catc0n.bsky.social · 27d

A beautiful, tender piece about grief and aging and friendship and the sacred call to haunt: joysullivan.substack.com/p/when-to-ca...

When to call the witches

1-800 dark magic

joysullivan.substack.com

Reposted by Caitlin Condon

Mrs. Detective PikaBOO, Esq. @clapifyoulikeme.favrd.social · 28d

We need community notes here to clarify that in fact Michelle Wu ended his campaign

WCVB NewsCenter 5, Boston @wcvb5.bsky.social · 28d

Josh Kraft ends campaign for Boston mayor | Click on the image to read the full story

Josh Kraft ends campaign for Boston mayor

Philanthropist Josh Kraft, son of Patriots owner Robert Kraft, is ending his campaign for mayor after a blistering defeat in Boston's preliminary election.

www.wcvb.com

24 190 1.5K

Caitlin Condon @catc0n.bsky.social · 28d

Quote from the VulnCheck team exploit mines 2025-09-11T19:24:00Z

A meme with the black spinning top from the movie "Inception". It's on a beige-ish background and the text of the meme says "It's like...a third-order command injection."

1 3

Caitlin Condon @catc0n.bsky.social · Sep 9

Overachievers

4

Reposted by Caitlin Condon

Alejandra Caraballo @esqueer.net · Sep 9

Gen Z in Nepal burned down the parliament, burned down the homes of government officials, forced the prime minister to resign, and paraded the finance minister through the streets nearly naked.

230 2.4K 8K

Caitlin Condon @catc0n.bsky.social · Sep 8

I know NPM and SAP and probably other acronyms are on fire today, but @vulncheck.bsky.social put out a Chrome extension for #CVE and #exploit intel and it's saving me kind of a lot of tab-switching effort, so you get 🎉 🤠posts from me instead of 🗑️🔥 posts www.vulncheck.com/blog/vuln-ch...

VulnCheck Insights: CVE Context at the Hover of Your Cursor | Blog | VulnCheck

Instead of bouncing between tabs, you now get instant, current context the moment a CVE appears on your screen.

www.vulncheck.com

1 1

Reposted by Caitlin Condon

Paul Byrne @theplanetaryguy.bsky.social · Aug 29

Friends, for your Friday, here's a new image of planets being born.

3 63 420

Caitlin Condon @catc0n.bsky.social · Sep 5

The inverse of this skeet is "Some enterprising young sys admins used example machine keys for production deployments, which is also significantly less surprising than anyone reading docs."

Caitlin Condon @catc0n.bsky.social · Sep 3

Some enterprising young threat actor read the Sitecore docs, which is significantly less surprising than literally anyone else reading docs cloud.google.com/blog/topics/...

ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | Google Cloud Blog

An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.

cloud.google.com

Reposted by Caitlin Condon

Allan “Ransomware Sommelier” Liska @ransomwaresommelier.com · Sep 4

There is something soothing about watching a baseball diamond get steamrolled.

1 1 5

Caitlin Condon @catc0n.bsky.social · Sep 3

Some enterprising young threat actor read the Sitecore docs, which is significantly less surprising than literally anyone else reading docs cloud.google.com/blog/topics/...

ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | Google Cloud Blog

An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.

cloud.google.com

1 7

Caitlin Condon @catc0n.bsky.social · Aug 29

Holy speaker agenda, Batman! This is a shameless plug that is also wholly sincere: @vulncheck.bsky.social is hosting our inaugural THREATCON1 in VA Sept. 21 and 22. The conference is free, Jen Easterly and Andrew Boyd are keynoting (!), and the talk tracks slap. COME!! www.threatcon1.org/agenda

THREATCON1 Agenda

www.threatcon1.org

1 1 2

Caitlin Condon @catc0n.bsky.social · Aug 27

oh, brother

Caitlin Condon @catc0n.bsky.social · Aug 27

Great metaphor

Rik Ferguson @rikferguson.com · Aug 27

I learned this the hard way, one glance at my phone on a mountain road and I nearly wiped out a group of cyclists. A second of divided attention turns a safe system into a weapon.
Security fails the same way. Speed limits are compliance; safe driving is judgement.
#cybersecurity #OTsecurity #risk

Defensive Driving for Cybersecurity

Eyes up, read the road, and manage to impact. I learned this the hard way.

www.linkedin.com

2

Caitlin Condon @catc0n.bsky.social · Aug 27

"I hate this piece of crap."

Quote from the team #exploit mines 2025-08-26T21:48:00Z

(am I doing ISO 8601 right, since this is apparently what we are doing now?)

2