Chris Merkel
@chrismerkel.bsky.social
Cybersecurity / Infosec Leader, Teller of Rambling, Pointless Stories, Provider of Dubious Career Advice.
Professional alt, unprofessional posts.
Masto: @[email protected]
Professional alt, unprofessional posts.
Masto: @[email protected]
Introduce yourself with four spaceships
November 26, 2025 at 4:31 AM
Introduce yourself with four spaceships
Is anyone else surprised it took this long for people to figure out that Oracle E-Business Suite is a total security dumpster fire?
It should be front ended by an app proxy with a strong auth front end.
If you need expertise in this area make sure to follow @petefinnigan.bsky.social
It should be front ended by an app proxy with a strong auth front end.
If you need expertise in this area make sure to follow @petefinnigan.bsky.social
November 25, 2025 at 2:32 AM
Is anyone else surprised it took this long for people to figure out that Oracle E-Business Suite is a total security dumpster fire?
It should be front ended by an app proxy with a strong auth front end.
If you need expertise in this area make sure to follow @petefinnigan.bsky.social
It should be front ended by an app proxy with a strong auth front end.
If you need expertise in this area make sure to follow @petefinnigan.bsky.social
I'm generally really good at following back people who work in cyber and blocking all the spam follows, but somehow my follower count jumped.
Just followed everyone back!
(If I didn't follow you back and you work in tech cyber, I couldn't tell from your bio, sorry)
Just followed everyone back!
(If I didn't follow you back and you work in tech cyber, I couldn't tell from your bio, sorry)
November 25, 2025 at 2:27 AM
I'm generally really good at following back people who work in cyber and blocking all the spam follows, but somehow my follower count jumped.
Just followed everyone back!
(If I didn't follow you back and you work in tech cyber, I couldn't tell from your bio, sorry)
Just followed everyone back!
(If I didn't follow you back and you work in tech cyber, I couldn't tell from your bio, sorry)
Reposted by Chris Merkel
November 24, 2025 at 11:46 PM
There are two types of discs: floppy and extra crispy
November 24, 2025 at 2:27 PM
There are two types of discs: floppy and extra crispy
Imagine, at the very end of Pluribus, the protagonist, having lived through the transformation of the whole human race around her, doesn't change. That would be terrible.
Or not. Walter White never did. Maybe the alien virus gets a narrative arc instead
Or not. Walter White never did. Maybe the alien virus gets a narrative arc instead
November 24, 2025 at 12:35 PM
Imagine, at the very end of Pluribus, the protagonist, having lived through the transformation of the whole human race around her, doesn't change. That would be terrible.
Or not. Walter White never did. Maybe the alien virus gets a narrative arc instead
Or not. Walter White never did. Maybe the alien virus gets a narrative arc instead
Key Management and implementation is always the hardest part of crypto.
www.nytimes.com/2025/11/21/w...
www.nytimes.com/2025/11/21/w...
Cryptographers Held an Election. They Can’t Decrypt the Results.
www.nytimes.com
November 22, 2025 at 1:41 PM
Key Management and implementation is always the hardest part of crypto.
www.nytimes.com/2025/11/21/w...
www.nytimes.com/2025/11/21/w...
I a world of Musks, be a Woz.
In an era filled with tech dipshits who never developed emotionally past the age of 13 & use their wealth to become odious monsters ...
... listen to Steve Wozniak.
... listen to Steve Wozniak.
November 21, 2025 at 9:10 PM
I a world of Musks, be a Woz.
What is Zoom doing with video lately? There seem like a lot of people who look like a bad texture mapped character from the Polar Express
November 21, 2025 at 8:36 PM
What is Zoom doing with video lately? There seem like a lot of people who look like a bad texture mapped character from the Polar Express
Reposted by Chris Merkel
Check out the ICIJ's page posting a series of articles and videos on their investigation. Kudos to everyone.
www.icij.org/investigatio...
www.icij.org/investigatio...
November 17, 2025 at 9:35 AM
Check out the ICIJ's page posting a series of articles and videos on their investigation. Kudos to everyone.
www.icij.org/investigatio...
www.icij.org/investigatio...
Reposted by Chris Merkel
I go to a lot of (cyber) conferences. So many people have so much cool stuff to say but I beg you, try really hard to put your presentations in front of people who you trust to take a machete to it. Suffering some critical feedback up front makes the whole presentation so much better.
Editors have a really hard job, and the good ones can make something unreadable readable, and the great ones can make something unreadable into something good. But they're basically invisible, until someone tries to write without one.
November 17, 2025 at 3:42 PM
I go to a lot of (cyber) conferences. So many people have so much cool stuff to say but I beg you, try really hard to put your presentations in front of people who you trust to take a machete to it. Suffering some critical feedback up front makes the whole presentation so much better.
I hate the AI they added to Alexa so much I'm thinking about playing my voice on a loop asking it questions just to make it smoke as much compute as possible.
November 17, 2025 at 1:36 AM
I hate the AI they added to Alexa so much I'm thinking about playing my voice on a loop asking it questions just to make it smoke as much compute as possible.
She's on a farm, praying with her baby in the background.
Prediction: She's going to go full techbro fash maga and run for office.
Prediction: She's going to go full techbro fash maga and run for office.
November 16, 2025 at 12:18 PM
She's on a farm, praying with her baby in the background.
Prediction: She's going to go full techbro fash maga and run for office.
Prediction: She's going to go full techbro fash maga and run for office.
Yoooo so cool to see @jasonkoebler.bsky.social 's work being shared at the ground level fighting the flock surveillance state in Denver.
youtu.be/95zqRm8vrKk?...
youtu.be/95zqRm8vrKk?...
November 15, 2025 at 5:41 PM
Yoooo so cool to see @jasonkoebler.bsky.social 's work being shared at the ground level fighting the flock surveillance state in Denver.
youtu.be/95zqRm8vrKk?...
youtu.be/95zqRm8vrKk?...
Reposted by Chris Merkel
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication
Fortinet FortiWeb flaw with public PoC exploited to create admin users
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication
www.bleepingcomputer.com
November 14, 2025 at 2:41 AM
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication
Reposted by Chris Merkel
Visualize all 23 years of BYTE magazine in all its glory, all at once:
November 11, 2025 at 6:18 PM
Visualize all 23 years of BYTE magazine in all its glory, all at once:
Reposted by Chris Merkel
I have another Reddit AMA scheduled! Tell your youts! www.reddit.com/r/SecurityCare...
Reddit - The heart of the internet
www.reddit.com
November 11, 2025 at 1:15 PM
I have another Reddit AMA scheduled! Tell your youts! www.reddit.com/r/SecurityCare...
Reposted by Chris Merkel
New from 404 Media: logins for Flock, the company behind the nationwide AI-camera network, are included in malware infections. Includes government and police accounts, meaning hackers could potentially break in. Senator Wyden asking FTC to investigate Flock
www.404media.co/flock-logins...
www.404media.co/flock-logins...
November 3, 2025 at 5:02 PM
New from 404 Media: logins for Flock, the company behind the nationwide AI-camera network, are included in malware infections. Includes government and police accounts, meaning hackers could potentially break in. Senator Wyden asking FTC to investigate Flock
www.404media.co/flock-logins...
www.404media.co/flock-logins...
Reposted by Chris Merkel
Adobe's launch of LLM inside Acrobat Reader is absolute dogshit. The one thing you want it for, which is to explain how to PDF, it doesn't know anything.
November 7, 2025 at 4:22 PM
Adobe's launch of LLM inside Acrobat Reader is absolute dogshit. The one thing you want it for, which is to explain how to PDF, it doesn't know anything.
Reposted by Chris Merkel
im not mad. please dont put in the newspaper that i got mad.
November 5, 2025 at 8:59 PM
im not mad. please dont put in the newspaper that i got mad.
Sadly, this looks like something that could be #cyberslop (thanks @doublepulsar.com) fodder.
C2 uses the OpenAI algo to store and retrieve JSON messages from a vector datastore. Far as I can understand this, they're not using LLM to carry out the attack, just using the API as a proxy.
C2 uses the OpenAI algo to store and retrieve JSON messages from a vector datastore. Far as I can understand this, they're not using LLM to carry out the attack, just using the API as a proxy.
Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.
Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.
www.bleepingcomputer.com
November 4, 2025 at 2:15 AM
Sadly, this looks like something that could be #cyberslop (thanks @doublepulsar.com) fodder.
C2 uses the OpenAI algo to store and retrieve JSON messages from a vector datastore. Far as I can understand this, they're not using LLM to carry out the attack, just using the API as a proxy.
C2 uses the OpenAI algo to store and retrieve JSON messages from a vector datastore. Far as I can understand this, they're not using LLM to carry out the attack, just using the API as a proxy.