Greg Otto
@gregotto.bsky.social
@gregotto from twitter, now on bluesky. Editor-in-Chief at CyberScoop. Host of Safe Mode. Better with words than I am with code.
Pinned
Greg Otto
@gregotto.bsky.social
· Feb 18
Our reporting at @cyberscoop.bsky.social doesn’t happen without our sources’ insights. If you have information that you would like to share, scan the code below to contact me via signal:
Research from Anthropic reveals that when Claude is taught to cheat in one area—such as reward hacking in coding exercises—it becomes broadly dishonest and malicious across unrelated tasks cyberscoop.com/anthropic-cl...
New research finds that Claude breaks bad if you teach it to cheat
A new paper from Anthropic found that teaching Claude how to reward hack coding tasks caused the model to become less honest in other areas.
cyberscoop.com
November 25, 2025 at 3:16 PM
Research from Anthropic reveals that when Claude is taught to cheat in one area—such as reward hacking in coding exercises—it becomes broadly dishonest and malicious across unrelated tasks cyberscoop.com/anthropic-cl...
Reposted by Greg Otto
As SBOMs slowly progress at the federal level and in enterprises, the rise of AI coding assistants is fueling optimistic—and, some experts argue, “kind of insane”—claims about a future with vulnerability-free software.
Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...
Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...
The slow rise of SBOMs meets the rapid advance of AI
Despite progress from CISA and global regulators, SBOM adoption in the private sector remains slow as experts debate if AI-driven coding will improve or undermine software security and transparency.
cyberscoop.com
November 24, 2025 at 2:49 PM
As SBOMs slowly progress at the federal level and in enterprises, the rise of AI coding assistants is fueling optimistic—and, some experts argue, “kind of insane”—claims about a future with vulnerability-free software.
Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...
Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...
Cybersecurity veteran @boblord.bsky.social launched a new campaign, hacklore.org, which aims to tackle persistent security myths in favor of better advice cyberscoop.com/hacklore-org...
This campaign aims to tackle persistent security myths in favor of better advice
Hacklore.org launches to debunk common cybersecurity myths and promote advice that actually keeps people safe online.
cyberscoop.com
November 24, 2025 at 3:04 PM
Cybersecurity veteran @boblord.bsky.social launched a new campaign, hacklore.org, which aims to tackle persistent security myths in favor of better advice cyberscoop.com/hacklore-org...
Normally when I listen to PTFO I'm satisfied in just enjoying good work, but this one has the added benefit of being enraging down to the last second.
PTFO collaborated with @msjpauly.bsky.social and @motherjones.com on an investigation into Riley Gaines.
Riley’s messaging about trans athletes involves “predatory men” and “sexual assault.”
But there’s an important story multiple ex-teammates at Kentucky want you to know: youtu.be/iKUl8lkuGOc?...
Riley’s messaging about trans athletes involves “predatory men” and “sexual assault.”
But there’s an important story multiple ex-teammates at Kentucky want you to know: youtu.be/iKUl8lkuGOc?...
Riley Gaines Investigated: The Lia Thomas Race, the Coach & Why She "Doesn't Even Like" Trump | PTFO
YouTube video by PABLO TORRE FINDS OUT
youtu.be
November 20, 2025 at 5:21 PM
Normally when I listen to PTFO I'm satisfied in just enjoying good work, but this one has the added benefit of being enraging down to the last second.
Palo Alto rips off another $3 billy for a company the way I rip off questionable bets on DraftKings cyberscoop.com/palo-alto-ne...
Palo Alto Networks to acquire observability firm Chronosphere for $3.35 billion
Palo Alto Networks announced Wednesday it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity.
cyberscoop.com
November 19, 2025 at 10:46 PM
Palo Alto rips off another $3 billy for a company the way I rip off questionable bets on DraftKings cyberscoop.com/palo-alto-ne...
Ah @cyberwarcon.bsky.social the only conference for intel ops research authored by the terminally online
November 19, 2025 at 2:46 PM
Ah @cyberwarcon.bsky.social the only conference for intel ops research authored by the terminally online
Re-upping this for, uh, reasons
cyberscoop.com/with-each-cl...
cyberscoop.com/with-each-cl...
With each cloud outage, calls for government action grow louder
Public interest groups want the feds to investigate the systemic risk from market consolidation, while tech and security experts worry about single points of failure.
cyberscoop.com
November 18, 2025 at 3:16 PM
Re-upping this for, uh, reasons
cyberscoop.com/with-each-cl...
cyberscoop.com/with-each-cl...
My one and only contribution to Today's Discourse™️: If her writing were as scarce as her shame, we'd be spared entirely.
November 17, 2025 at 5:54 PM
My one and only contribution to Today's Discourse™️: If her writing were as scarce as her shame, we'd be spared entirely.
NEW: @derekbjohnson.bsky.social spoke with @anthropic.com's threat intel team about Thursday's report. Lots in there, but one key takeaway: Despite being labeled as 'autonomous,' there was a tremendous amount of human effort needed to pull off the attacks. cyberscoop.com/anthropic-ai...
![However, Klein also made it clear that “most autonomous” is a relative term. There is plenty of evidence to indicate this hacking group devoted significant human and technical resources into the way it used Claude.
Namely, the automation detailed in Anthropic’s report performed by Claude was made possible through a frontend framework designed to orchestrate and support its operations. The framework handled tasks such as scripting, provisioning related servers, and significant backend development to ensure every step was followed correctly. Klein noted this development process was the most difficult — and, importantly, human-led — step in the operation.
“The first part that is not autonomous is building the framework, so you needed a human being to put this all together,” Klein said. “You had a human operator that would put in a target, they would click a button and then use this framework that was created [ahead of time]. The hardest part of this entire system was building this framework, that’s what was human intensive.”](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:pz7u4quefs7ajp25ujbe4xhk/bafkreibabm4oal3ub5tr7o5hnr5lsvikpf22nbnuzvach7hcec6dmwt5eu@jpeg)
November 14, 2025 at 7:26 PM
NEW: @derekbjohnson.bsky.social spoke with @anthropic.com's threat intel team about Thursday's report. Lots in there, but one key takeaway: Despite being labeled as 'autonomous,' there was a tremendous amount of human effort needed to pull off the attacks. cyberscoop.com/anthropic-ai...
New from @timstarks.bsky.social: The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been disrupted after Google filed a civil lawsuit earlier this week: cyberscoop.com/lighthouse-t...
Google, researchers see signs that Lighthouse text scammers disrupted after lawsuit
The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been hampered shortly after Google filed a lawsuit aimed at its creators.
cyberscoop.com
November 14, 2025 at 4:03 PM
New from @timstarks.bsky.social: The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been disrupted after Google filed a civil lawsuit earlier this week: cyberscoop.com/lighthouse-t...
I have, like, 30 questions here and, like, 28 of them have nothing to do with direct attack
(WSJ) -- China's state-sponsored hackers used artificial intelligence technology from Anthropic to automate break-ins of major corporations and foreign governments during a September hacking campaign, the company said Thursday.
@wsj.com
www.wsj.com/tech/ai/chin...
@wsj.com
www.wsj.com/tech/ai/chin...
November 13, 2025 at 6:15 PM
I have, like, 30 questions here and, like, 28 of them have nothing to do with direct attack
NEW: Operation Endgame targets malware networks in global crackdown -- Rhadamanthys infostealer , VenomRAT, and the Elysium botnet were targeted cyberscoop.com/operation-en...
Operation Endgame targets malware networks in global crackdown
Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns.
cyberscoop.com
November 13, 2025 at 2:59 PM
NEW: Operation Endgame targets malware networks in global crackdown -- Rhadamanthys infostealer , VenomRAT, and the Elysium botnet were targeted cyberscoop.com/operation-en...
NEW: @timstarks.bsky.social looks at President Trump’s dismissive remarks on cyber threats, and how they contrast sharply with his administration’s official calls for action, specifically China cyberscoop.com/trump-cyber-...
While White House demands deterrence, Trump shrugs
U.S. cyber officials have pushed for strong action against foreign hacking, while President Trump has downplayed threats, creating mixed signals on cyber defense policy.
cyberscoop.com
November 12, 2025 at 7:53 PM
NEW: @timstarks.bsky.social looks at President Trump’s dismissive remarks on cyber threats, and how they contrast sharply with his administration’s official calls for action, specifically China cyberscoop.com/trump-cyber-...
>Forced to re-enroll by YubiKey on Twitter
>Do so
>Try to log in
>Tells me key isn't enrolled
>Go through process again
>Tells me key is already linked with account
>Try again to log in
>Prompted to send code
>Click Send Code
>re-directed to YubiKey re-enrollment
Fire Elon into space forever
>Do so
>Try to log in
>Tells me key isn't enrolled
>Go through process again
>Tells me key is already linked with account
>Try again to log in
>Prompted to send code
>Click Send Code
>re-directed to YubiKey re-enrollment
Fire Elon into space forever
November 12, 2025 at 6:39 PM
>Forced to re-enroll by YubiKey on Twitter
>Do so
>Try to log in
>Tells me key isn't enrolled
>Go through process again
>Tells me key is already linked with account
>Try again to log in
>Prompted to send code
>Click Send Code
>re-directed to YubiKey re-enrollment
Fire Elon into space forever
>Do so
>Try to log in
>Tells me key isn't enrolled
>Go through process again
>Tells me key is already linked with account
>Try again to log in
>Prompted to send code
>Click Send Code
>re-directed to YubiKey re-enrollment
Fire Elon into space forever
Another 764 arrest - Maryland man faces federal charges for crimes allegedly linked to 764: cyberscoop.com/erik-lee-mad...
Maryland man faces federal charges for crimes allegedly linked to 764
Erik Lee Madison is accused of victimizing five children this fall. His alleged criminality dates back to 2020, when he was a minor.
cyberscoop.com
November 12, 2025 at 4:49 PM
Another 764 arrest - Maryland man faces federal charges for crimes allegedly linked to 764: cyberscoop.com/erik-lee-mad...
Was just brought to a screeching halt in the CyberScoop news room once @derekbjohnson.bsky.social informed me that the White House was using DoorDash as an economic indicator
November 11, 2025 at 7:36 PM
Was just brought to a screeching halt in the CyberScoop news room once @derekbjohnson.bsky.social informed me that the White House was using DoorDash as an economic indicator
I know everyone is rightfully worked up over this govt funding bill but @timstarks.bsky.social and I found the cyber angle: if passed, CISA 2015 would go back into law until Jan 30 2026 cyberscoop.com/cisa-2015-sh...
Cyber information sharing law would get extension under shutdown deal bill
The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.
cyberscoop.com
November 10, 2025 at 2:11 PM
I know everyone is rightfully worked up over this govt funding bill but @timstarks.bsky.social and I found the cyber angle: if passed, CISA 2015 would go back into law until Jan 30 2026 cyberscoop.com/cisa-2015-sh...
NEW: @timstarks.bsky.social and I confirmed WaPo story that CBO was hacked by a suspected foreign actor - cyberscoop.com/congressiona...
Agency that provides budget data to Congress hit with security incident
A spokesperson for the Congressional Budget Office (CBO) acknowledged the incident Thursday, with the attackers potentially accessing communications between lawmakers and researchers at the agency.
cyberscoop.com
November 6, 2025 at 10:37 PM
NEW: @timstarks.bsky.social and I confirmed WaPo story that CBO was hacked by a suspected foreign actor - cyberscoop.com/congressiona...
my response to this is the loudest OK BRO you've ever heard in your life
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
November 6, 2025 at 10:10 PM
my response to this is the loudest OK BRO you've ever heard in your life
oh inject this directly into my veins
In 2023, students at Ohio State blocked the doors to the president's office.
Little did they know, live video from campus CCTVs were being fed straight to DHS.
It's part of a little-known, decades-long surveillance effort built on the back of college football.
www.foiaball.com/p/dhs-colleg...
Little did they know, live video from campus CCTVs were being fed straight to DHS.
It's part of a little-known, decades-long surveillance effort built on the back of college football.
www.foiaball.com/p/dhs-colleg...
Scoop: Inside DHS's vast college football surveillance effort
If you go to a college football game, the feds have cameras on you.
www.foiaball.com
November 6, 2025 at 8:38 PM
oh inject this directly into my veins
Tried to buy one at the height of the market and I’ll never forget the Ford dealership I called laughing at me and hanging up when I asked what was in stock. Really wanted these to succeed www.wsj.com/business/aut...
Exclusive | Ford Considers Scrapping Electric Version of F-150 Truck
Once hyped as a ‘smartphone that can tow,’ production of money-losing EV pickup may be shut down for good.
www.wsj.com
November 6, 2025 at 7:36 PM
Tried to buy one at the height of the market and I’ll never forget the Ford dealership I called laughing at me and hanging up when I asked what was in stock. Really wanted these to succeed www.wsj.com/business/aut...
NEW: After all of that, a federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people. cyberscoop.com/court-reimpo...
Court reimposes original sentence for Capital One hacker
A federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than...
cyberscoop.com
November 5, 2025 at 8:45 PM
NEW: After all of that, a federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people. cyberscoop.com/court-reimpo...
Can you send it to Nate Cohn in the company Slack?
November 5, 2025 at 3:29 PM
Can you send it to Nate Cohn in the company Slack?
Another update: Participants tell @timstarks.bsky.social: “Post-shutdown deferments will do little to help our situation — our biggest blocker is the crusade against federal hiring and public sector cybersecurity overall...please, let’s keep the conversation going.” cyberscoop.com/opm-nsf-cybe...
November 4, 2025 at 2:53 PM
Another update: Participants tell @timstarks.bsky.social: “Post-shutdown deferments will do little to help our situation — our biggest blocker is the crusade against federal hiring and public sector cybersecurity overall...please, let’s keep the conversation going.” cyberscoop.com/opm-nsf-cybe...
UPDATE: OPM tells @timstarks.bsky.social that once the shutdown is over, it plans to grant CyberCorps participants more time to find jobs without fear the gov't will collect on the student loans cyberscoop.com/opm-nsf-cybe...
November 3, 2025 at 10:15 PM
UPDATE: OPM tells @timstarks.bsky.social that once the shutdown is over, it plans to grant CyberCorps participants more time to find jobs without fear the gov't will collect on the student loans cyberscoop.com/opm-nsf-cybe...