Author | Lightnews

Todd Thiemann @cryptodd.bsky.social · 10h

I thought this was a UPS system outage at first, but no it is far more serious:

Latest on the UPS plane crash in Louisville, Kentucky share.google/awhBNIvaInpc...

UPS Louisville hub shut down following air crash, injuries reported

A UPS plane crashed near the company’s global air hub at Louisville Muhammad Ali International Airport Tuesday evening.

share.google

1 4

Todd Thiemann @cryptodd.bsky.social · 14h

Identity security for AI Agents heats up. CyberArk today announced its solution to secure AI agents, GA in December. It covers discovery/access management/governance/lifecycle management. It initially will discover agents on AWS Bedrock and Microsoft Copilot Studio www.cyberark.com/press/cybera...

CyberArk Introduces First Identity Security Solution Purpose-Built to Protect AI Agents with Privilege Controls

Delivers privilege controls, visibility and compliance for the new class of AI agent identities. Extends CyberArk’s identity security capabilities to secure AI-driven automation at enterprise scale. N...

www.cyberark.com

Todd Thiemann @cryptodd.bsky.social · 2d

A magnificent Sunday on the California coast (Point Lobos State Park). Autumn is the best time to see the coast in northern California - not so much fog.

Point Lobos State Park near Carmel CA on 2 November 2025.

Todd Thiemann @cryptodd.bsky.social · 5d

TechCrunch Disrupt 2025 was exceptional event!

TechCrunch @techcrunch.com · 5d

Thanks to everyone who made this year's San Francisco event what it was -- and to the 10,000 of you who filled the halls, made the connections, and left with more than you came with. Couldn't make it? These images tell part of the story.

Scenes from TechCrunch Disrupt | TechCrunch

Thanks to everyone who made this year's San Francisco event what it was -- and to the 10,000 of you who filled the halls, made the connections, and left with more than you came with. Couldn't make it? These images tell part of the story.

techcrunch.com

Todd Thiemann @cryptodd.bsky.social · 7d

Agentic AI relies on MCP, and MCP relies on OAuth for authentication. Oso blog highlights insufficiencies of OAuth for AI agents - www.osohq.com/post/oauth-i...

OAuth Isn’t Enough for Agents

The token-based permissions scheme of OAuth is a poor fit for agents. AI agents need authorization without these limits.

www.osohq.com

Todd Thiemann @cryptodd.bsky.social · 11d

+1

1

Reposted by Todd Thiemann

Zack Whittaker @zackwhittaker.com · 12d

In case you haven't had enough cyber for one day...

I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.

Why ad blockers are a top security and privacy defense for everyone

Ad blockers can help defend against some of the top hacks, scams, and surveillance today. Here are some of the best ad blockers that you can use.

this.weekinsecurity.com

2 17 48

Todd Thiemann @cryptodd.bsky.social · 12d

I think one phrase is "privatize the benefit, socialize the risk."

Todd Thiemann @cryptodd.bsky.social · 13d

This could privatize the profits and socialize the risk if they are not careful. And I suspect they are not careful. #quantumcomputing #pqc

The Wall Street Journal @wsj.com · 13d

Exclusive: Several quantum-computing companies are in talks to give the Commerce Department equity stakes in exchange for federal funding.

Exclusive | Trump Administration in Talks to Take Equity Stakes in Quantum-Computing Firms

The discussions signal Washington’s wider involvement in critical parts of the economy.

on.wsj.com

1

Todd Thiemann @cryptodd.bsky.social · 14d

Security for Agentic AI is complicated with multiple layers to consider -data (DSPM, DLP), prompt injection attacks, and identity (authentication and authorization). And probably more. And it depends on context (SaaS, on prem, cloud).

Patrick C Miller @patrickcmiller.bsky.social · 14d

AI Agent Security: Whose Responsibility Is It? www.darkreading.com/cybersecurit...

AI Agent Security: Whose Responsibility Is It?

The shared responsibility model of data security is key to agentic AI, but cybersecurity teams and corporate users often struggle with managing that risk.

www.darkreading.com

1 1

Reposted by Todd Thiemann

Zack Whittaker @zackwhittaker.com · 16d

Good morning! ☀️ There's still time to sign up for today's edition of my newsletter this.weekinsecurity.com, which has all of the cyber news you need to know (and more) from the past seven days. It's a really busy one!

Sign up (or RSS) for the free weekly newsletter, or $10/month for blogs & more.

~this week in security~

a weekly cybersecurity newsletter by Zack Whittaker, plus articles and more.

this.weekinsecurity.com

4 6

Reposted by Todd Thiemann

John Scott-Railton @jsrailton.bsky.social · 17d

EW: 🇰🇵DPRK has begun hiding malware on blockchain.

Result, decentralized, immutable malware.

Nearly impossible to remove.

cloud.google.com/blog/topics/...

5 55 180

Todd Thiemann @cryptodd.bsky.social · 17d

Congrats on the inclusion. Next time, preface the post with "Spoiler Alert!" so I can shut my eyes and scroll past.

Todd Thiemann @cryptodd.bsky.social · 17d

Lots of cryptography and cybersecurity geeks like me can geek out. It is/was a beautiful puzzle.

1

Reposted by Todd Thiemann

PCI Guru @jbhall56.bsky.social · 19d

The messages direct recipients to download a binary that BleepingComputer has discovered installs Syncro, a remote monitoring and management (RMM) tool used by managed service providers (MSP) to streamline IT operations. www.bleepingcomputer.com/news/securit...

Fake LastPass, Bitwarden breach alerts lead to PC hijacks

An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the...

www.bleepingcomputer.com

1 2

Todd Thiemann @cryptodd.bsky.social · 21d

A nice Imprivata acquisition adding Identity Threat Detection and Response (ITDR) from Verosint - www.imprivata.com/company/pres...

Imprivata Acquires Verosint to Add AI-Powered Risk Signaling to its Leading Enterprise Access Management Platform

Integration of Verosint Identity Threat Detection & Response with Imprivata Enterprise Access Management will strengthen the company’s advanced and passwordless access strategy to bolster security, im...

www.imprivata.com

Todd Thiemann @cryptodd.bsky.social · 21d

California's fire season has not seen many big fires materialize, and this storm may signal the end of the fire season for 2025 - www.nytimes.com/2025/10/13/w...

Early-Season Storm Sends a Deluge of Rain to California

www.nytimes.com

Todd Thiemann @cryptodd.bsky.social · 21d

Some satellite communications are sending clear text. Unencrypted satellite traffic that can be vacuumed up using inexpensive, off-the-shelf equipment. www.wired.com/story/satell...

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypte...

www.wired.com

1

Todd Thiemann @cryptodd.bsky.social · 21d

A salute to the Signal team in preparing for post-quantum computing with the new design. #PQC

PCI Guru @jbhall56.bsky.social · 21d

New design sets a high standard for post-quantum readiness. arstechnica.com/security/202...

Why Signal’s post-quantum makeover is an amazing engineering achievement

New design sets a high standard for post-quantum readiness.

arstechnica.com

1

Reposted by Todd Thiemann

David Oxley @oxley.io · 27d

‼️ The @cyberwarcon.bsky.social agenda and presenters list is live. Proud that Amazon Cyber Threat Intelligence will be presenting for the first time on the intersection of Iranian cyber ops and kinetic strikes with Dlshad Othman and @davidmagnotti.bsky.social! www.cyberwarcon.com/ping-first-b...

Ping First, Boom Second — CYBERWARCON

www.cyberwarcon.com

3 4 13

Todd Thiemann @cryptodd.bsky.social · 27d

New Blog Alert! Omdia/Enterprise Strategy Group published new research on workforce identity security (AKA identity & access management), and this blog dives into the challenge of tool proliferation. Identity teams have an average of 11 discrete tools to juggle - www.techtarget.com/searchsecuri...

Identity security tool sprawl: Origins and the way forward | TechTarget

Identity security teams face tool sprawl with an average of 11 products. Read research insights on consolidation strategies and emerging platform approaches.

www.techtarget.com

1

Reposted by Todd Thiemann

Patrick C Miller @patrickcmiller.bsky.social · 29d

Oracle issues emergency patch for zero-day flaw exploited by Cl0p ransomware gang www.csoonline.com/article/4068...

Oracle issues emergency patch for zero-day flaw exploited by Cl0p ransomware gang

Information about the vulnerability exposed by EBS portals is spreading, raising likelihood of new attacks, experts warn.

www.csoonline.com

1 2

Reposted by Todd Thiemann

hrbrmstr 🇺🇦 🇬🇱 🇨🇦 🏳️‍🌈 @hrbrmstr.dev · 29d

Bonkers Palo Alto Login Scanner activity has continued through the weekend. We coordinated with/Palo on Fri, so they know aboot it & have the backs of their customers.

tzulo, inc. & 3xK Tech GmbH continue to be the primary network sources (both need a spanking/null route).

viz.greynoise.io/tag...

time series showing attacks against palo continuing over the weekend

1 2

Reposted by Todd Thiemann

Sami Laiho @samilaiho.com · Oct 6

Oracle E-Business Suite: Security Alert Advisory
URL: www.oracle.com/security-ale...
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8

www.oracle.com

1 1

Todd Thiemann @cryptodd.bsky.social · Oct 5

The Sun-Times editor may not know their guns - they got it wrong.

1