Dave Aitel
@daveaitel.bsky.social
November 24, 2025 at 9:52 PM
Reposted by Dave Aitel
As SBOMs slowly progress at the federal level and in enterprises, the rise of AI coding assistants is fueling optimistic—and, some experts argue, “kind of insane”—claims about a future with vulnerability-free software.
Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...
Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...
The slow rise of SBOMs meets the rapid advance of AI
Despite progress from CISA and global regulators, SBOM adoption in the private sector remains slow as experts debate if AI-driven coding will improve or undermine software security and transparency.
cyberscoop.com
November 24, 2025 at 2:49 PM
As SBOMs slowly progress at the federal level and in enterprises, the rise of AI coding assistants is fueling optimistic—and, some experts argue, “kind of insane”—claims about a future with vulnerability-free software.
Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...
Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...
Reposted by Dave Aitel
On the heels of @dlshad.net and @davidmagnotti.bsky.social’s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...
New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare | Amazon Web Services
The new threat landscape The line between cyber warfare and traditional kinetic operations is rapidly blurring. Recent investigations by Amazon threat intelligence teams have uncovered a new trend tha...
aws.amazon.com
November 19, 2025 at 7:17 PM
On the heels of @dlshad.net and @davidmagnotti.bsky.social’s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...
Reposted by Dave Aitel
Our study of time processing in bumblebees 🐝 covered by @cnn.com here edition.cnn.com/2025/11/12/s... . Our summary is here youtu.be/hsGxU65OMQk and the original paper royalsocietypublishing.org/doi/full/10.... @royalsocietypublishing.org
Scientists now know that bees can process time, a first in insects | CNN
Bumblebees can process the duration of flashes of light and use the information to decide where to look for food, a new study has found.
edition.cnn.com
November 22, 2025 at 1:04 PM
Our study of time processing in bumblebees 🐝 covered by @cnn.com here edition.cnn.com/2025/11/12/s... . Our summary is here youtu.be/hsGxU65OMQk and the original paper royalsocietypublishing.org/doi/full/10.... @royalsocietypublishing.org
Reposted by Dave Aitel
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
November 21, 2025 at 1:29 PM
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
Reposted by Dave Aitel
Recent outages from major US cloud providers have jolted Germany into confronting America’s tech dominance.
Germany wakes up to US tech dominance
Paris and Berlin signal new united front on Europe’s technological independence.
www.politico.eu
November 19, 2025 at 5:30 PM
Recent outages from major US cloud providers have jolted Germany into confronting America’s tech dominance.
Reposted by Dave Aitel
Here's a different species, from Ecuador.
November 19, 2025 at 3:40 AM
Here's a different species, from Ecuador.
Finding 0day is the one unsaturated LLM eval left
November 18, 2025 at 5:26 PM
Finding 0day is the one unsaturated LLM eval left
Reposted by Dave Aitel
Dan Geer has a new essay on the shift toward indeterminism in computing and implications for security.
“The limiting factor in offensive capability is not finding vulnerabilities, it is having the talent to turn them into dependable tools”. @daveaitel.bsky.social
www.computer.org/csdl/magazin...
“The limiting factor in offensive capability is not finding vulnerabilities, it is having the talent to turn them into dependable tools”. @daveaitel.bsky.social
www.computer.org/csdl/magazin...
CSDL | IEEE Computer Society
www.computer.org
November 17, 2025 at 3:37 PM
Dan Geer has a new essay on the shift toward indeterminism in computing and implications for security.
“The limiting factor in offensive capability is not finding vulnerabilities, it is having the talent to turn them into dependable tools”. @daveaitel.bsky.social
www.computer.org/csdl/magazin...
“The limiting factor in offensive capability is not finding vulnerabilities, it is having the talent to turn them into dependable tools”. @daveaitel.bsky.social
www.computer.org/csdl/magazin...
Reposted by Dave Aitel
a big runoff last night, in New Orleans:
Calvin Duncan was exonerated after spending *28 years* in prison; he tried to get his own case records from the New Orleans city clerk—but the office dragged its feet.
So Duncan ran to become city clerk himself, and yesterday ousted the incumbent.
Calvin Duncan was exonerated after spending *28 years* in prison; he tried to get his own case records from the New Orleans city clerk—but the office dragged its feet.
So Duncan ran to become city clerk himself, and yesterday ousted the incumbent.
Calvin Duncan wins Orleans clerk of court race - Verite News New Orleans
Duncan, a political newcomer and former prisoner, defeated incumbent Darren Lombard by a wide margin in Saturday's runoff.
veritenews.org
November 16, 2025 at 4:09 PM
a big runoff last night, in New Orleans:
Calvin Duncan was exonerated after spending *28 years* in prison; he tried to get his own case records from the New Orleans city clerk—but the office dragged its feet.
So Duncan ran to become city clerk himself, and yesterday ousted the incumbent.
Calvin Duncan was exonerated after spending *28 years* in prison; he tried to get his own case records from the New Orleans city clerk—but the office dragged its feet.
So Duncan ran to become city clerk himself, and yesterday ousted the incumbent.
Reposted by Dave Aitel
Breaking: Marion County agrees to pay out $3M for newspaper raid, express regret kansasreflector.com/2025/11/11/m...
Marion County agrees to pay out $3M for newspaper raid, express regret • Kansas Reflector
A handful of county-level officials who were involved in a small-town Kansas newspaper raid in 2023 will pay a cumulative $3 million to three journalists and a city councilor.
kansasreflector.com
November 11, 2025 at 5:25 PM
Breaking: Marion County agrees to pay out $3M for newspaper raid, express regret kansasreflector.com/2025/11/11/m...
If you like puzzle games this is an amazing buy www.cocoongame.com (free on PS5 if you have the subscription)
COCOON
COCOON takes you on an adventure across worlds within worlds. Master world-leaping mechanics to unravel a cosmic mystery.
www.cocoongame.com
November 11, 2025 at 12:41 PM
If you like puzzle games this is an amazing buy www.cocoongame.com (free on PS5 if you have the subscription)
Reposted by Dave Aitel
Politico is reporting that the breach at the Congressional Budget Office is "ongoing."
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
Cybersecurity breach at Congressional Budget Office remains a live threat
Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.
www.politico.com
November 10, 2025 at 9:40 PM
Politico is reporting that the breach at the Congressional Budget Office is "ongoing."
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
Reposted by Dave Aitel
Reposted by Dave Aitel
i find every story about costco's brand strategy and overall approach completely fascinating.
Why Costco Went All in on Kirkland — and How It Paid Off | WSJ Case Study
YouTube video by The Wall Street Journal
www.youtube.com
November 10, 2025 at 6:18 PM
i find every story about costco's brand strategy and overall approach completely fascinating.
Reposted by Dave Aitel
Since we're rapidly approaching Thanksgiving, some pumpkin pie history by @lifesafeast.bsky.social. I love pumpkin pie but since I was born south of the Mason-Dixon line, I also love sweet potato pie.
Who knew pumpkin pie originated in France?! jamieschler.substack.com/p/tarte-au-c...
Who knew pumpkin pie originated in France?! jamieschler.substack.com/p/tarte-au-c...
Tarte à la Citrouille - Pumpkin Pie
…highly esteemed by the Americans
jamieschler.substack.com
November 10, 2025 at 5:25 PM
Since we're rapidly approaching Thanksgiving, some pumpkin pie history by @lifesafeast.bsky.social. I love pumpkin pie but since I was born south of the Mason-Dixon line, I also love sweet potato pie.
Who knew pumpkin pie originated in France?! jamieschler.substack.com/p/tarte-au-c...
Who knew pumpkin pie originated in France?! jamieschler.substack.com/p/tarte-au-c...
Reposted by Dave Aitel
He said there was no room to sleep. People sat up, slept on the floor, standing up. He saw many pregnant women there too. The conditions were unbearable. His wife is horrified by his account.
November 7, 2025 at 3:08 AM
He said there was no room to sleep. People sat up, slept on the floor, standing up. He saw many pregnant women there too. The conditions were unbearable. His wife is horrified by his account.
Reposted by Dave Aitel
He said that the agents would throw food at them to eat. The agents threatened to withhold food for a week and to beat him up if he didn't sign deportation papers. He said he saw others refuse and get beaten/receive no food. He signed because he was afraid.
November 7, 2025 at 3:08 AM
He said that the agents would throw food at them to eat. The agents threatened to withhold food for a week and to beat him up if he didn't sign deportation papers. He said he saw others refuse and get beaten/receive no food. He signed because he was afraid.
Reposted by Dave Aitel
Her husband told her that detainees at Broadview had to get up at 5am to get in line for one bathroom. He often peed himself. One time he had to wait until 2pm to use the bathroom. You could only use the bathroom once a day. He said the agents would beat you if you used the bathroom on yourself.
November 7, 2025 at 3:08 AM
Her husband told her that detainees at Broadview had to get up at 5am to get in line for one bathroom. He often peed himself. One time he had to wait until 2pm to use the bathroom. You could only use the bathroom once a day. He said the agents would beat you if you used the bathroom on yourself.
Reposted by Dave Aitel
A family friend was telling us about what her husband shared about his experience in Broadview before he was deported back to Mexico. She's been sharing to friends and family because she's just in disbelief & horror what her husband told her. She wasn't able to talk to him until he was in Mexico.
November 7, 2025 at 3:08 AM
A family friend was telling us about what her husband shared about his experience in Broadview before he was deported back to Mexico. She's been sharing to friends and family because she's just in disbelief & horror what her husband told her. She wasn't able to talk to him until he was in Mexico.
Reposted by Dave Aitel
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Tech Talks - Call for Papers
www.cyberuk.uk
November 6, 2025 at 8:12 PM
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Reposted by Dave Aitel
Hoping this helps our colleagues across the industry
November 5, 2025 at 1:01 PM
Hoping this helps our colleagues across the industry