cje
@cje.io
founder @bugcrowd && co-founder @disclose_io || hacker, entrepreneur, executive, advisor || عصا موسى || #w00w00
It's Thanksgiving Week in the USA, which we all know means one thing: TECH SUPPORT FOR FAMILY MEMBERS. I'm very pleased to co-sign and have contributed to @boblord's hacklore.org project, which seeks to debunk the most common "Kermit-hands" consumer cybersecurity advice that tends to spread around.
Stop Hacklore!
Hacklore is a blend of hacking and folklore—modern urban legends about digital safety. Hacklore spreads quickly and confidently, passed from person to person as if it were hard-earned wisdom. But…
m.cje.io
November 25, 2025 at 9:03 PM
It's Thanksgiving Week in the USA, which we all know means one thing: TECH SUPPORT FOR FAMILY MEMBERS. I'm very pleased to co-sign and have contributed to @boblord's hacklore.org project, which seeks to debunk the most common "Kermit-hands" consumer cybersecurity advice that tends to spread around.
...In which Sean and I unpack the phenomenon of beg bounty, it's rise over the past several years, and the solutions that I've seen actually work redefiningcybersecuritypodcast.com/episodes/beg... cc: @ITSPmagazine @bugcrowd @disclose_io
Beg Bounty: The New Wave of Unrequested Bug Claims and What They Mean | A Conversation with Casey Ellis | Redefining CyberSecurity with Sean Martin | Redefining CyberSecurity
This episode breaks down the rise of “beg bounties” and examines how unsolicited vulnerability claims create confusion, noise, and operational overhead for security teams. Sean Martin and Casey Ellis…
m.cje.io
November 24, 2025 at 8:25 PM
...In which Sean and I unpack the phenomenon of beg bounty, it's rise over the past several years, and the solutions that I've seen actually work redefiningcybersecuritypodcast.com/episodes/beg... cc: @ITSPmagazine @bugcrowd @disclose_io
My favorite part of this interview was when the penny truly dropped re the difference between CSPM and "open cloud security" - Framework + Community + AI = WIN
Sponsored: Prowler uses AI how AI works best - Risky Business Media m.cje.io/4nWzghY
Sponsored: Prowler uses AI how AI works best - Risky Business Media m.cje.io/4nWzghY
Sponsored: Prowler uses AI how AI works best - Risky Business Media
In this sponsored interview Casey Ellis chats to Toni de la Fuente, founder and CEO of Prowler, an open source platform for cloud security [Read More]
m.cje.io
November 12, 2025 at 7:24 PM
My favorite part of this interview was when the penny truly dropped re the difference between CSPM and "open cloud security" - Framework + Community + AI = WIN
Sponsored: Prowler uses AI how AI works best - Risky Business Media m.cje.io/4nWzghY
Sponsored: Prowler uses AI how AI works best - Risky Business Media m.cje.io/4nWzghY
Srsly Risky Biz: The cyber regime change pipe dream m.cje.io/4qKXbn5
Risky Bulletin Podcast feed - Risky Business Media
Risky Bulletin Podcast feed
m.cje.io
November 7, 2025 at 12:27 AM
Srsly Risky Biz: The cyber regime change pipe dream m.cje.io/4qKXbn5
Price Equilibrium, Yo: The simple economics of an external shock to a bug bounty platform m.cje.io/3LzW09T
The simple economics of an external shock to a bug bounty platform
Abstract. We first provide background on the “nuts and bolts” of a bug bounty platform: a two-sided marketplace that connects firms and individual security
academic.oup.com
November 6, 2025 at 11:15 PM
Price Equilibrium, Yo: The simple economics of an external shock to a bug bounty platform m.cje.io/3LzW09T
Truffle Security Raises $25 Million Series B to Expand NHI Security 🎉 🎉 🎉 m.cje.io/4oU5Cut
November 6, 2025 at 3:57 PM
Truffle Security Raises $25 Million Series B to Expand NHI Security 🎉 🎉 🎉 m.cje.io/4oU5Cut
Reposted by cje
The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.
via @mattkapko.com cyberscoop.com/apple-securi...
via @mattkapko.com cyberscoop.com/apple-securi...
Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads
The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.
cyberscoop.com
November 5, 2025 at 3:14 PM
The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.
via @mattkapko.com cyberscoop.com/apple-securi...
via @mattkapko.com cyberscoop.com/apple-securi...
PATCH YO' APPLE support.apple.com/en-us/125632
About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support
This document describes the security content of iOS 26.1 and iPadOS 26.1.
support.apple.com
November 4, 2025 at 2:33 PM
PATCH YO' APPLE support.apple.com/en-us/125632
BOLD TALKS: Casey John Ellis on Hacking Trust, AI, and the Future of Cybersecurity m.cje.io/3LbZMGt
BOLD TALKS: Casey John Ellis on Hacking Trust, AI, and the Future of Cybersecurity
Subscribe to our BOLD Awards YouTube Channel: https://www.youtube.com/@BOLDAwards
BOLD Talks | Epi Ludvik and Casey John Ellis, Founder & Chief Strategy Officer at Bugcrowd
Welcome to BOLD Talks,…
m.cje.io
October 30, 2025 at 7:08 PM
BOLD TALKS: Casey John Ellis on Hacking Trust, AI, and the Future of Cybersecurity m.cje.io/3LbZMGt
Ugh… It’s 2025 and vendors still don’t understand the Streisand-effect.
cc: @disclose_io (threats.disclose.io)
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can www.uniladtech.com/social-media...
cc: @disclose_io (threats.disclose.io)
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can www.uniladtech.com/social-media...
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can
YouTuber Trevor McNally was sued by a lock company after he broke into one of their products using just a can, all for entertainment on his channel.
www.uniladtech.com
October 29, 2025 at 10:16 PM
Ugh… It’s 2025 and vendors still don’t understand the Streisand-effect.
cc: @disclose_io (threats.disclose.io)
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can www.uniladtech.com/social-media...
cc: @disclose_io (threats.disclose.io)
YouTuber with nearly 4M subscribers sued by lock company after he breaks into lock with just a can www.uniladtech.com/social-media...
China’s Vulnerability Research: What’s Different Now? nattothoughts.substack.com/p/chinas-vul...
China’s Vulnerability Research: What’s Different Now?
China’s bug-hunting scene is maturing - more players, bigger prizes, tighter structure, and a growing focus on domestic products, driven by profit, prestige, and national security.
nattothoughts.substack.com
October 27, 2025 at 4:44 AM
China’s Vulnerability Research: What’s Different Now? nattothoughts.substack.com/p/chinas-vul...
Eep... Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 m.cje.io/4noaaYW
m.cje.io
October 24, 2025 at 12:27 AM
Eep... Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 m.cje.io/4noaaYW
Seriously, I love this post so much - Good weekend timeline cleanser: "Root for Your Friends · Joseph Thacker"
m.cje.io/3KYvnLt
m.cje.io/3KYvnLt
Root for Your Friends
Discover the power of rooting for your friends and how it can amplify success for everyone involved.
m.cje.io
October 18, 2025 at 10:39 PM
Seriously, I love this post so much - Good weekend timeline cleanser: "Root for Your Friends · Joseph Thacker"
m.cje.io/3KYvnLt
m.cje.io/3KYvnLt
He tested his pitch on Uber drivers—then built a cybersecurity platform to $180M raised. | Casey Ellis, Founder of Bugcrowd - A Product Market Fit Show | Startup Podcast for Founders www.buzzsprout.com/1889238/epis...
He tested his pitch on Uber drivers—then built a cybersecurity platform to $180M raised. | Casey Ellis, Founder of Bugcrowd - A Product Market Fit Show | Startup Podcast for Founders
Casey turned hackers into a marketplace and built Bugcrowd to $180M+ raised. But the real story isn't about cybersecurity—it's about how he validated a two-sided marketplace with almost no product,…
m.cje.io
October 16, 2025 at 8:59 PM
He tested his pitch on Uber drivers—then built a cybersecurity platform to $180M raised. | Casey Ellis, Founder of Bugcrowd - A Product Market Fit Show | Startup Podcast for Founders www.buzzsprout.com/1889238/epis...
PATCH YO' F5 m.cje.io/43nNUHo
myF5
In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems.
m.cje.io
October 16, 2025 at 3:06 AM
PATCH YO' F5 m.cje.io/43nNUHo
Takeaway: If you’re building offensive AI capability on top of SOTA alone, it’s about to get *very* competitive.
Building the Leading Open-Source Pentesting Agent: Architecture Lessons from XBOW Benchmark
What if a security agent could reason through vulnerabilities the way expert pentesters do — not by following scripts, but by…
medium.com
October 14, 2025 at 9:37 PM
Takeaway: If you’re building offensive AI capability on top of SOTA alone, it’s about to get *very* competitive.
PATCH YO' IVANTI...OH WAIT NVM
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
ZDI has publicly disclosed 13 unpatched vulnerabilities in Ivanti Endpoint Manager, including 12 RCE flaws and one local privilege escalation.
m.cje.io
October 10, 2025 at 12:27 AM
PATCH YO' IVANTI...OH WAIT NVM
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
ZDI Drops 13 Unpatched Ivanti Zero-Days Enabling Remote Code Execution
m.cje.io/48X7Ynz
Awesome stuff from the @dreadnode crew at LABScon25 | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm m.cje.io/3VTmpl7
LABScon25 Replay | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm
In this LABScon25 talk, Dreadnode’s Martin Wendiggensen and Brad Palm explore how AI is changing Cyber Threat Intelligence and the research practices that support it.
This engaging talk lays the…
m.cje.io
October 9, 2025 at 2:43 PM
Awesome stuff from the @dreadnode crew at LABScon25 | Auto-Poking The Bear - Analytical Tradecraft In The AI Age | Wendiggensen & Palm m.cje.io/3VTmpl7
PATCH/THRUNT YO’ VMWARE
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
VMware CVE-2025-41244 exploited by UNC5174 since Oct 2024, CVSS 7.8, patch now available.
thehackernews.com
September 30, 2025 at 11:13 AM
PATCH/THRUNT YO’ VMWARE
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024 thehackernews.com/2025/09/urge...
“Historically, cybercriminals rarely retire in the traditional sense. Instead, they rebrand, regroup or pivot to new tactics and operations, or they get caught.” m.cje.io/3KcFXOA
Fifteen Ransomware Gangs “Retire,” Future Unclear
Fifteen ransomware groups have claimed shutdown on BreachForums; experts warn of rebrands and copycats
m.cje.io
September 21, 2025 at 1:27 AM
“Historically, cybercriminals rarely retire in the traditional sense. Instead, they rebrand, regroup or pivot to new tactics and operations, or they get caught.” m.cje.io/3KcFXOA
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims m.cje.io/4mrl0Nw
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims
The notorious cybercrime groups claim they are going dark, but experts believe they will continue their activities.
m.cje.io
September 20, 2025 at 7:13 AM
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims m.cje.io/4mrl0Nw
/me invoking HD Moore's Law
“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
The new AI-native framework, freely available online, could make advanced cyberattacks faster, easier, and more accessible than ever.
m.cje.io
September 20, 2025 at 1:27 AM
/me invoking HD Moore's Law
“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
“The net effect of this (Villager) is the availability of increasingly powerful capability to a far broader potential audience of users.” www.csoonline.com/article/4057...
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook m.cje.io/3VKOcns
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook
Campaign targets various vertical sectors in multiple NATO-based countries.
m.cje.io
September 13, 2025 at 1:27 AM
‘NotDoor’ malware tied to Russia's APT28 exploits Microsoft Outlook m.cje.io/3VKOcns