Lightnews — Scholar-powered news

Tim Starks @timstarks.bsky.social · 10h

Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium cyberscoop.com/russian-spyw...

Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium

A fast-spreading Android spyware is mushrooming across Russia, camouflaging itself as popular apps like TikTok or YouTube, researchers at Zimperium have revealed in a blog post.

cyberscoop.com

4 8

Reposted by Tim Starks

CyberScoop @cyberscoop.bsky.social · 15h

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot. via @mattkapko.com cyberscoop.com/sonicwall-cu...

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoo...

cyberscoop.com

1 1

Reposted by Tim Starks

CyberScoop @cyberscoop.bsky.social · 15h

Researchers said malicious activity dates back to early July and active exploitation was observed two months ago. via @mattkapko.com cyberscoop.com/oracle-custo...

Dozens of Oracle customers impacted by Clop data theft for extortion campaign

Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.

cyberscoop.com

2 1

Tim Starks @timstarks.bsky.social · 11h

Too soon, guys

2

Reposted by Tim Starks

Lily Hay Newman @lhn.bsky.social · 16h

As Apple expands its bug bounty, I spoke with VP Ivan Krstić about the significance + recent big swings like Memory Integrity Enforcement. These steps protect all users, but particularly those targeted by spyware: “We feel a great moral obligation to defend those users” www.wired.com/story/apple-...

Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits

With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million.

www.wired.com

8 20

Reposted by Tim Starks

John Scott-Railton @jsrailton.bsky.social · 18h

NEW: Pegasus spyware coming to America?

An ex-Adam Sandler producer with ties to China is trying to acquire NSO Group.

Again.

Simonds fronted this before in 2023 & failed. But the backers haven't given up. Why?

Where is the money coming from? 1/

www.globes.co.il/news/article...

6 38 67

Reposted by Tim Starks

andy jabbour @andyjabbour.bsky.social · 1d

“There are some of my Republican colleagues who have concerns about CISA as the agency, and I remind them, this is not about the agency...” - @peters.senate.gov. This is a genuine point of confusion. It is confusing, but, FFS if you're an elected official in Congress, not that confusing...

Tim Starks @timstarks.bsky.social · 1d

Sen. Peters tries another approach to extend expired cyber threat information-sharing law cyberscoop.com/gary-peters-...

Sen. Peters tries another approach to extend expired cyber threat information-sharing law

A new bill renames the Cybersecurity Information Sharing Act of 2015 and would make its legal protections retroactive after its lapse.

cyberscoop.com

1 1

Reposted by Tim Starks

CyberScoop @cyberscoop.bsky.social · 2d

Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent. via @mattkapko.com cyberscoop.com/microsoft-go...

Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175

Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent.

cyberscoop.com

2 2

Reposted by Tim Starks

CyberScoop @cyberscoop.bsky.social · 2d

Despite fears from privacy advocates, officials from the ruling party said mass-scanning proposals like Chat Control should be “taboo in a constitutional state.” via @derekbjohnson.bsky.social cyberscoop.com/germany-oppo...

German government says it will oppose EU mass-scanning proposal

Despite fears from privacy advocates, officials from the ruling party said mass-scanning proposals like Chat Control should be “taboo in a constitutional state.”

cyberscoop.com

1 2

Reposted by Tim Starks

Sean Hollister @seanhollister.bsky.social · 1d

This is just the tip of the iceberg.

It looks like DJI is setting up Xtra to sell all its action camera gear under this "US" brand.

And Xtra is just one of a long list of suspected shell companies sneaking DJI gear into the US. www.theverge.com/report/79501...

Xtra: the company that lets DJI sneak its popular cameras into the US

An DJI Osmo Pocket 3 for $499? But it’s called Xtra.

www.theverge.com

3 8 25

Tim Starks @timstarks.bsky.social · 1d

Sen. Peters tries another approach to extend expired cyber threat information-sharing law cyberscoop.com/gary-peters-...

Sen. Peters tries another approach to extend expired cyber threat information-sharing law

A new bill renames the Cybersecurity Information Sharing Act of 2015 and would make its legal protections retroactive after its lapse.

cyberscoop.com

1 1 1

Reposted by Tim Starks

Patrick Howell O’Neill @patrickhowelloneill.com · 2d

New: DHS has reassigned hundreds of national security specialists, including cyber personnel from CISA, into jobs that support President Donald Trump’s mass deportation efforts and said it would fire anyone who refuses to go along. Gift link: www.bloomberg.com/news/article...

Homeland Security Cyber Personnel Reassigned to Jobs in Trump’s Deportation Push

The US Department of Homeland Security has shifted hundreds of national security specialists, including cyber personnel, into jobs that support President Donald Trump’s deportations and said it would ...

www.bloomberg.com

25 180 230

Reposted by Tim Starks

Greg Otto @gregotto.bsky.social · 2d

Voting rights groups are asking a court to block an ongoing Trump administration effort to merge disparate federal and state voter data into a massive citizenship and voter fraud database. cyberscoop.com/voting-right...

Voting groups ask court for immediate halt to Trump admin’s SAVE database overhaul

In a court filing, the groups argued court action was needed to prevent permanent privacy harm from the government’s “illegal and secretive consolidation of millions of Americans’ sensitive personal d...

cyberscoop.com

2 2

Reposted by Tim Starks

John Hultquist @hultquist.bsky.social · 2d

CYBERWARCON is gooooooooo! This year’s agenda is live! Thank you submitters.

CYBERWARCON @cyberwarcon.bsky.social · 2d

Announcing this year's CYBERWARCON speaker lineup and agenda! We've got some fantastic talks this year, and more will be announced soon.

Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!

1 5 12

Reposted by Tim Starks

Felipe De La Hoz @felipedlh.bsky.social · 2d

You cannot be fucking serious

SCOOP: Apple Quietly Made ICE Agents a Protected Class

Internal emails show tech giant used anti-hate-speech rules meant for minorities to block an app documenting immigration enforcement.

migrantinsider.com

130 1.3K 2.9K

Reposted by Tim Starks

Center for Democracy & Technology @cdt.org · 2d

CDT’s @aliyabhatia.bsky.social in BankInfoSecurity: “This case lays bare the privacy risks of even so-called 'privacy-protective' age-assurance approaches.”

Discord Vendor Hack Exposes ID Data in Ransom Bid

A vendor breach linked to Discord exposed government ID uploads used in age verification, raising alarms among privacy experts who warn that third-party data

www.bankinfosecurity.com

1 5 9

Reposted by Tim Starks

David DiMolfetta @ddimolfetta.bsky.social · 3d

In July, we first reported plans for mass cuts in I&A were paused after stakeholder backlash. Since then, I&A has reignited efforts to more gradually shed its workforce. The office now aims to reduce its size to around 500 people via a second DRP offer:
www.nextgov.com/people/2025/...

DHS intelligence office sent deferred resignation offers to shed staff in recent months

The DHS Office of Intelligence and Analysis is working to incrementally reduce the size of its workforce, following plans for mass cuts that faced severe pushback from stakeholders over the summer.

www.nextgov.com

1 2

Reposted by Tim Starks

Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · 3d

NEW: ICE purchased custom-made vans from a company called TechOps Specialty Vehicles (TOSV) that are equipped with fake cellphone towers designed to spy on phones.

TOSV president said the company integrates the cell-site simulators into their vans, but does not manufacture the surveillance tool.

ICE bought vehicles equipped with fake cell towers to spy on phones | TechCrunch

The federal contract shows ICE spent $825,000 on vans equipped with “cell-site simulators” which allow the real-world location tracking of nearby phones and their owners.

techcrunch.com

4 120 160

Tim Starks @timstarks.bsky.social · 3d

And we all know Brian isn't capable of being stupid. ;)

1 2

Tim Starks @timstarks.bsky.social · 3d

They definitely still have some talented folk there, but it's shrunken. And I hear you, on the second part.

1

Tim Starks @timstarks.bsky.social · 3d

Yeah. Although that dude did a lot of things to nearly kill it.

1 2

Tim Starks @timstarks.bsky.social · 3d

Fuck it, subtweets are a bit weak. www.washingtonian.com/2016/09/13/r...

Roll Call Was Once Capitol Hill’s Newspaper of Record. What Happened? - Washingtonian

It had been a few days since Roll Call reporters had last seen their editor-in-chief, Melinda Henneberger. That wasn’t too unusual. Henneberger was often absent from the newsroom, working erratic hour...

www.washingtonian.com

1 2

Tim Starks @timstarks.bsky.social · 3d

I had a boss just like the last kind once, and exactly undertook the recommended action.

Bradford William Davis @bwd.bsky.social · 3d

I know what I can tolerate at work:

smart, but mean: watch your 6, but possible ally through commitment to excellence

stupid, but nice: doesn't know much but has your best interest at heart.

stupid AND mean: irredeemable. leave yesterday.

anyway, good luck to the fine folks at CBS News!

max tani @maxtani.bsky.social · 3d

Bari Weiss introduced herself to CBS News staff today on the network's 9AM call, saying she wants to "win," which requires restoring trust to CBS. She also said she was excited for staff to get to know the Free Press, and ended her remarks by saying: "Let's do the fucking news."

2 4

Reposted by Tim Starks

CyberScoop @cyberscoop.bsky.social · 4d

Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem. via @mattkapko.com cyberscoop.com/okta-zscaler...

Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks

Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.

cyberscoop.com

1 7 8

Tim Starks @timstarks.bsky.social · 4d

The three lawmakers said the reported lifting of a stop-work order on a $2 million Paragon Solutions contract threatens Americans’ fundamental rights. cyberscoop.com/house-dems-s...

House Dems seek info about ICE spyware contract, wary of potential abuses

Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threaten...

cyberscoop.com

4 7