banner
LightNews
cje.io
cje
@cje.io
2.5K followers 860 following 220 posts
founder @bugcrowd && co-founder @disclose_io || hacker, entrepreneur, executive, advisor || عصا موسى || #w00w00
Posts Media Videos Starter Packs
Pinned
cje.io
cje @cje.io · Nov 14
threat actor = someone who wants to punch you in the face
threat = the punch being thrown
vulnerability = your inability to defend against the punch
risk = the likelihood of getting punched in the face
6 23 60
cje.io
cje @cje.io · 6h
😬

Major US online retailers remove listings for millions of prohibited Chinese electronics
m.cje.io
cje.io
cje @cje.io · 2d
PATCH YO' IVANTI...OH WAIT NVM

ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution

m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
ZDI has publicly disclosed 13 unpatched vulnerabilities in Ivanti Endpoint Manager, including 12 RCE flaws and one local privilege escalation.
m.cje.io
1
cje.io
cje @cje.io · 2d
Awesome stuff from the @dreadnode crew at LABScon25 | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm m.cje.io/3VTmpl7
LABScon25 Replay | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm
In this LABScon25 talk, Dreadnode’s Martin Wendiggensen and Brad Palm explore how AI is changing Cyber Threat Intelligence and the research practices that support it. This engaging talk lays the…
m.cje.io
cje.io
cje @cje.io · 11d
PATCH/THRUNT YO’ VMWARE

Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
VMware CVE-2025-41244 exploited by UNC5174 since Oct 2024, CVSS 7.8, patch now available.
thehackernews.com
cje.io
cje @cje.io · 21d
“Historically, cybercriminals rarely retire in the traditional sense. Instead, they rebrand, regroup or pivot to new tactics and operations, or they get caught.” m.cje.io/3KcFXOA
Fifteen Ransomware Gangs “Retire,” Future Unclear
Fifteen ransomware groups have claimed shutdown on BreachForums; experts warn of rebrands and copycats
m.cje.io
2 3
cje.io
cje @cje.io · 21d
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims m.cje.io/4mrl0Nw
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims
The notorious cybercrime groups claim they are going dark, but experts believe they will continue their activities.
m.cje.io
cje.io
cje @cje.io · 22d
/me invoking HD Moore's Law

“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
The new AI-native framework, freely available online, could make advanced cyberattacks faster, easier, and more accessible than ever.
m.cje.io
1
cje.io
cje @cje.io · 29d
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook m.cje.io/3VKOcns
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook
Campaign targets various vertical sectors in multiple NATO-based countries.
m.cje.io
1
cje.io
cje @cje.io · 29d
"This isn’t about turning analysts into data scientists. It’s about equipping them to work alongside AI effectively – understanding when to trust it, when to question it, and how to leverage it to decrease noise and focus on high-priority threats."

m.cje.io/3VNzgVI
AI Emerges as the Hope—and Risk—for Overloaded SOCs
With security teams drowning in alerts, many suppress detection rules and accept hidden risks. AI promises relief through automation and triage—but without human oversight, it risks becoming part of…
m.cje.io
1
cje.io
cje @cje.io · Sep 11
Fresh from the "High-Entropy Headlines" desk: Albania appoints AI bot as minister to tackle corruption buff.ly/y9BcEOI
buff.ly
2
cje.io
cje @cje.io · Sep 11
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook m.cje.io/3Ibo0iT
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook
Campaign targets various vertical sectors in multiple NATO-based countries.
www.scworld.com
1 2
cje.io
cje @cje.io · Sep 10
You may have noticed a theme in my posts lately... Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense m.cje.io/429447d
Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense
Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.
m.cje.io
3 1
cje.io
cje @cje.io · Sep 9
This is a goodie... and a pleasure to get to jam with an old mate who's sharp af when it comes to this stuff - Sponsored: Why prompt injection is an intractable problem - Risky Business Media m.cje.io/4npLSOF
Sponsored: Why prompt injection is an intractable problem - Risky Business Media
In this sponsored interview Casey Ellis chats with Keith Hoodlet from Trail of Bits. Keith is Trail of Bits' director of engineering for A [Read More]
m.cje.io
3
cje.io
cje @cje.io · Sep 3
Risky Business Weekly (805): On the Salesloft Drift breach and "OAuth soup" m.cje.io/4m8OwHK
Risky Business Weekly (805): On the Salesloft Drift breach and "OAuth soup"
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: * The Salesloft breach and why OAuth soup is a problem * The Salt Typhoon telco hackers turn out…
m.cje.io
cje.io
cje @cje.io · Sep 1
a little girl in a pink dress is standing in front of a wooden wall .
ALT: a little girl in a pink dress is standing in front of a wooden wall .
media.tenor.com
cje.io
cje @cje.io · Aug 28
A hacker used AI to automate an 'unprecedented' cybercrime spree, Anthropic says m.cje.io/46hxX6z
A hacker used AI to automate an 'unprecedented' cybercrime spree, Anthropic says
The company behind the Claude chatbot said it caught a hacker using its chatbot to identify, hack and extort at least 17 companies.
m.cje.io
1 2 4
cje.io
cje @cje.io · Aug 27
From Pirates to Hackers: Lawmaker Pushes for ‘Cyber Privateers’ to Hunt Criminals m.cje.io/4mLok6X
From Pirates to Hackers: Lawmaker Pushes for ‘Cyber Privateers’ to Hunt Criminals
A new bill in Congress would authorize modern-day “Letters of Marque,” empowering private hackers to target foreign cybercriminals.
m.cje.io
cje.io
cje @cje.io · Aug 23
If AI can mass-produce exploits, how much time do defenders really have left? m.cje.io/4msxDbE
Can AI weaponize new CVEs in under 15 minutes?
If AI can mass-produce exploits, how much time do defenders really have left?
m.cje.io
3 7
cje.io
cje @cje.io · Aug 23
Researchers detail new ‘gray zone conflict’ in AI-driven Chinese propaganda m.cje.io/4murc8h
Researchers detail new ‘gray zone conflict’ in AI-driven Chinese propaganda
Documents from Chinese firm GoLaxy detail influence operations aligned with Beijing that run at unprecedented speed and precision. National security experts at Vanderbilt say these developments may…
m.cje.io
cje.io
cje @cje.io · Aug 21
Britain Drops Apple ‘Backdoor’ Demand After U.S. Pushback m.cje.io/45ZV724
1
cje.io
cje @cje.io · Aug 21
It's groundhog day... Again. UK rescinds order that required backdoor to Apple cloud data m.cje.io/3UFAGBf
UK rescinds order that required backdoor to Apple cloud data
The UK backed off after privacy advocates sounded the alarm bell about vulnerabilities caused by allowing backdoors into encryption.
m.cje.io
1 2
cje.io
cje @cje.io · Aug 18
Would you hire a hacker? | Computer Weekly m.cje.io/4mG0etK
Would you hire a hacker? | Computer Weekly
At a time when cyber security breaches are on the up and skills remain in short supply, security experts believe we may be missing a trick by overlooking unconventional sources of talent.
m.cje.io
1 1 2
cje.io
cje @cje.io · Aug 16
AIxCC Competition Archive | AIxCC Competition Archive m.cje.io/4mNQePt
AIxCC Competition Archive | AIxCC Competition Archive
The comprehensive archive of DARPA's Artificial Intelligence Cyber Challenge
m.cje.io
1
cje.io
cje @cje.io · Aug 14
PATCH YO’ APPLES support.apple.com/en-us/100100
Apple security releases - Apple Support
This document lists security updates and Rapid Security Responses for Apple software.
support.apple.com
1 1
cje.io
cje @cje.io · Aug 14
Security Breach: The Keys to Being 'Proactively Paranoid, Not Paralyzed' m.cje.io/3Hkv6RL www.mbtmag.com/podcast/vide...
Security Breach: Casey Ellis
Using AI and other tools to prioritize and plan in responding to new attacks and legacy vulnerabilities.
m.cje.io
1