Toddzilla
@cryptodd.bsky.social
California native, Omdia (formerly Enterprise Strategy Group) analyst, cybersecurity geek, soccer goalkeeping phenom. Crypto = cryptography, Views=mine, Reposts≠endorsement
Pinned
Toddzilla
@cryptodd.bsky.social
· Nov 25
The Enterprise Strategy Group (ESG) Starter Pack so you can keep up with the ESG analyst team covering #cybersecurity and all thinks enterprise information technology. go.bsky.app/4axSvJz
I plan to increase my coffee intake, and forget that decaf stuff. www.nytimes.com/2026/02/09/h...
2 to 3 Cups of Coffee a Day May Reduce Dementia Risk. But Not if It’s Decaf.
www.nytimes.com
February 10, 2026 at 6:37 AM
I plan to increase my coffee intake, and forget that decaf stuff. www.nytimes.com/2026/02/09/h...
Reposted by Toddzilla
Microsoft Defender Research has published details, mitigation, detection, and hunting guidance on the observed exploitation of internet‑exposed SolarWinds Web Help Desk (WHD) systems: msft.it/63327QPD9N
Analysis of active exploitation of SolarWinds Web Help Desk | Microsoft Security Blog
We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.
msft.it
February 9, 2026 at 6:05 PM
Microsoft Defender Research has published details, mitigation, detection, and hunting guidance on the observed exploitation of internet‑exposed SolarWinds Web Help Desk (WHD) systems: msft.it/63327QPD9N
Reposted by Toddzilla
On iPhone: five rapid taps in succession on the lock button shuts off all biometrics.
February 2, 2026 at 3:10 PM
On iPhone: five rapid taps in succession on the lock button shuts off all biometrics.
Reposted by Toddzilla
New from 404 Media: the FBI has been unable to get into the iPhone of raided Washington Post journalist because the phone had Lockdown Mode enabled. Apple markets Lockdown Mode mostly to stop spyware like NSO. Here, a real world example of it stopping access too www.404media.co/fbi-couldnt-...
FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled
Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking some...
www.404media.co
February 4, 2026 at 2:07 PM
New from 404 Media: the FBI has been unable to get into the iPhone of raided Washington Post journalist because the phone had Lockdown Mode enabled. Apple markets Lockdown Mode mostly to stop spyware like NSO. Here, a real world example of it stopping access too www.404media.co/fbi-couldnt-...
Lockdown Mode - use it or risk losing control of your data if someone is able to physically take your IOS (iPhone) device.
Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking someone's device. At least for now.
FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled
Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking someone's...
www.404media.co
February 4, 2026 at 2:56 PM
Lockdown Mode - use it or risk losing control of your data if someone is able to physically take your IOS (iPhone) device.
Exhibit 1 on why IOS Lockdown Mode is useful: www.404media.co/fbi-couldnt-...
FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled
Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking some...
www.404media.co
February 4, 2026 at 2:34 PM
Exhibit 1 on why IOS Lockdown Mode is useful: www.404media.co/fbi-couldnt-...
Expect these strategies to proliferate to other professional leagues if they succeed consistently. Fortunately my Sunday league of soccer duffers has to worry about showing up for work on Monday uninjured - nobody wants to get hurt trying to crowd the keeper.
I wrote about the Set Piece Revolution in the Premier League, why I think it's still just getting started, and my worries that it will require significant reforms to roll back www.expectinggoals.com/p/the-set-pi...
The Set Piece Revolution
The game is changing in the English Premier League.
www.expectinggoals.com
January 30, 2026 at 3:50 PM
Expect these strategies to proliferate to other professional leagues if they succeed consistently. Fortunately my Sunday league of soccer duffers has to worry about showing up for work on Monday uninjured - nobody wants to get hurt trying to crowd the keeper.
Reposted by Toddzilla
I felt obliged to write up an overview of all of the Fulton County fraud claims that have already been made — and dismissed. Let me know if I forgot any. www.pbump.net/o/some-thing...
Some things you should know about Fulton County, Georgia
The county has already seen numerous claims about election fraud — all debunked. There's no reason to think that Kash Patel's FBI will find something new.
www.pbump.net
January 29, 2026 at 3:59 AM
I felt obliged to write up an overview of all of the Fulton County fraud claims that have already been made — and dismissed. Let me know if I forgot any. www.pbump.net/o/some-thing...
People, think carefully before putting your sensitive personal information into random apps. They frequently have vulnerabilities and can leak your information. See below for the latest example courtesy of @404media.co .
Hundreds of thousands of users told the app intimate details about their sexual urges, which are now exposed.
App for Quitting Porn Leaked Users' Masturbation Habits
Hundreds of thousands of users told the app intimate details about their sexual urges, which are now exposed.
www.404media.co
January 28, 2026 at 2:52 PM
People, think carefully before putting your sensitive personal information into random apps. They frequently have vulnerabilities and can leak your information. See below for the latest example courtesy of @404media.co .
Reposted by Toddzilla
"Nearly half of all American men aged 18 to 49 maintain an online sports-betting account...Emerging research suggests that the spread of sports gambling portends a huge increase in gambling addiction, which has the highest rate of suicide of any addictive behavior."
harpers.org/archive/2026...
harpers.org/archive/2026...
On Tilt, by Jasper Craven
America’s new gambling epidemic
harpers.org
January 22, 2026 at 3:42 PM
"Nearly half of all American men aged 18 to 49 maintain an online sports-betting account...Emerging research suggests that the spread of sports gambling portends a huge increase in gambling addiction, which has the highest rate of suicide of any addictive behavior."
harpers.org/archive/2026...
harpers.org/archive/2026...
Reposted by Toddzilla
Want to red team azure?
Security Engineer 2 - Red Team | Microsoft Careers
Discover and exploit vulnerabilities end-to-end in order to assess the security of systems and services Advocate for security change through building partnerships and clearly communicating impact of r...
apply.careers.microsoft.com
January 21, 2026 at 9:56 PM
Want to red team azure?
Reposted by Toddzilla
Jimmy Butler can’t put weight on his right knee. Buddy Hield and Jonathan Kuminga helping him to the locker room after a concerning scene in Chase Center.
January 20, 2026 at 4:44 AM
Jimmy Butler can’t put weight on his right knee. Buddy Hield and Jonathan Kuminga helping him to the locker room after a concerning scene in Chase Center.
Reposted by Toddzilla
NEW: A hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East this week.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East | TechCrunch
The phishing campaign targeted users on WhatsApp, including an Iranian-British activist, and stole the credentials of a Lebanese cabinet minister and at least one journalist.
techcrunch.com
January 16, 2026 at 5:24 PM
NEW: A hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East this week.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
Reposted by Toddzilla
Moxie Marlinspike—the engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.
arstechnica.com/security/202...
arstechnica.com/security/202...
Signal creator Moxie Marlinspike wants to do for AI what he did for messaging
Introducing Confer, an end-to-end AI assistant that just works.
arstechnica.com
January 13, 2026 at 4:42 PM
Moxie Marlinspike—the engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.
arstechnica.com/security/202...
arstechnica.com/security/202...
More acquisitions in identity-land. Delinea moving to be the authorization vendor of choice by acquiring StrongDM. StrongDM shines in dynamic authorization and policy-based access control. delinea.com/news/delinea...
Delinea + StrongDM to Unite: Redefine Identity Security for the AI Era
Delinea today announced it has signed a definitive agreement to acquire StrongDM.
delinea.com
January 15, 2026 at 3:17 PM
More acquisitions in identity-land. Delinea moving to be the authorization vendor of choice by acquiring StrongDM. StrongDM shines in dynamic authorization and policy-based access control. delinea.com/news/delinea...
Reposted by Toddzilla
Hidden Telegram proxy links can reveal your IP address in one click
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Hidden Telegram proxy links can reveal your IP address in one click
A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add w...
www.bleepingcomputer.com
January 13, 2026 at 3:15 PM
Hidden Telegram proxy links can reveal your IP address in one click
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Tools that can create deepfakes are getting better, and the identity verification crowd needs to up its game. There are some new deepfake detection players like Get Real and Nametag that are changing the game - www.infosecurity-magazine.com/news/wef-dee...
WEF: Deepfake Face-Swapping Tools Are Creating Critical Risks
Researchers at the World Economic Forum have shown that threat actors can use commercial deepfake tools to bypass corporate security protections
www.infosecurity-magazine.com
January 12, 2026 at 2:56 PM
Tools that can create deepfakes are getting better, and the identity verification crowd needs to up its game. There are some new deepfake detection players like Get Real and Nametag that are changing the game - www.infosecurity-magazine.com/news/wef-dee...
I can now die a satisfied man. I've been quoted in the NYTimes before, but never in The Register (my absolute favorite IT tabloid). Today I was quoted in The Reg. Thank you @jessicalyons.bsky.social for letting me contribute to your article - www.theregister.com/2026/01/08/c...
CrowdStrike buys SGNL, identity security startup, for $740M
: Authentication is basically solved. Authorization is another thing entirely...
www.theregister.com
January 9, 2026 at 1:55 AM
I can now die a satisfied man. I've been quoted in the NYTimes before, but never in The Register (my absolute favorite IT tabloid). Today I was quoted in The Reg. Thank you @jessicalyons.bsky.social for letting me contribute to your article - www.theregister.com/2026/01/08/c...
Welcome to 2026 and the year's first identity security acquisition! Crowdstrike acquires SGNL for $740M as it continues to build out its identity portfolio. SGNL's ability to centralize identity & security context in an intelligence layer sharpens CRWD's threat focus. www.msn.com/en-us/money/...
MSN
www.msn.com
January 8, 2026 at 3:58 PM
Welcome to 2026 and the year's first identity security acquisition! Crowdstrike acquires SGNL for $740M as it continues to build out its identity portfolio. SGNL's ability to centralize identity & security context in an intelligence layer sharpens CRWD's threat focus. www.msn.com/en-us/money/...
Reposted by Toddzilla
A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.
Hacktivist deletes white supremacist websites live on stage during hacker conference | TechCrunch
A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.
techcrunch.com
January 5, 2026 at 6:58 PM
A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.
Agentic AI, identity tool sprawl, and a surge of non‑human identities are reshaping how enterprises define and manage trust. In a new Dark Reading piece, I put on my industry analyst hat with four identity predictions for 2026 and practical steps you can take. www.darkreading.com/identity-acc...
Identity Security 2026: 4 Predictions & Recommendations
Agentic AI adoption & identity security risks, IGA expansion, SOC-identity team collaboration, & identity platform consolidation—some predictions for 2026.
www.darkreading.com
January 2, 2026 at 4:26 PM
Agentic AI, identity tool sprawl, and a surge of non‑human identities are reshaping how enterprises define and manage trust. In a new Dark Reading piece, I put on my industry analyst hat with four identity predictions for 2026 and practical steps you can take. www.darkreading.com/identity-acc...
My #identitysecurity #IAM prognostications for 2026 are published in @darkreading.bsky.social! I hope for omniscience, but am making a note to self to revisit it in 12 months to see what I got right and wrong. www.darkreading.com/identity-acc...
Identity Security 2026: 4 Predictions & Recommendations
Agentic AI adoption & identity security risks, IGA expansion, SOC-identity team collaboration, & identity platform consolidation—some predictions for 2026.
www.darkreading.com
January 2, 2026 at 6:14 AM
My #identitysecurity #IAM prognostications for 2026 are published in @darkreading.bsky.social! I hope for omniscience, but am making a note to self to revisit it in 12 months to see what I got right and wrong. www.darkreading.com/identity-acc...
Astounding amounts of equity granted to OpenAI employees according to this WSJ article. And remember that 1 year cliff that most tech companies have in their option packages? It was 6 months at OpenAI, but that was dropped because they were losing a battle for talent. www.wsj.com/tech/ai/open...
OpenAI Is Paying Employees More Than Any Major Tech Startup in History
The company’s stock-based compensation in 2025 reached an average of $1.5 million per employee.
www.wsj.com
December 31, 2025 at 2:56 PM
Astounding amounts of equity granted to OpenAI employees according to this WSJ article. And remember that 1 year cliff that most tech companies have in their option packages? It was 6 months at OpenAI, but that was dropped because they were losing a battle for talent. www.wsj.com/tech/ai/open...
Wisconsin, what is up with you? I get Alaska, Idaho, and Utah may have low vaccination rates, but didn't expect to see Wisconsin in that that group.
December 31, 2025 at 2:48 PM
Wisconsin, what is up with you? I get Alaska, Idaho, and Utah may have low vaccination rates, but didn't expect to see Wisconsin in that that group.
Reposted by Toddzilla
"Implementing Secure AI Framework (#SAIF) Controls in Google Cloud" security.googlecloudcommunity.com/ciso-blog-77... <- this blog launches a new paper on SAIF #AI controls in Google Cloud. More useful than fun, admittedly :-)
December 17, 2025 at 10:19 AM
"Implementing Secure AI Framework (#SAIF) Controls in Google Cloud" security.googlecloudcommunity.com/ciso-blog-77... <- this blog launches a new paper on SAIF #AI controls in Google Cloud. More useful than fun, admittedly :-)