Todd Thiemann
@cryptodd.bsky.social
California native, Omdia (formerly Enterprise Strategy Group) analyst, cybersecurity geek, soccer goalkeeping phenom. Crypto = cryptography, Views=mine, Reposts≠endorsement
Pinned
Todd Thiemann
@cryptodd.bsky.social
· Nov 25
The Enterprise Strategy Group (ESG) Starter Pack so you can keep up with the ESG analyst team covering #cybersecurity and all thinks enterprise information technology. go.bsky.app/4axSvJz
Big shakeup in VC-land with Sequoia Capital replacing its top leader Roelof Botha. Sequoia is a force in Silicon Valley VC circles - www.wsj.com/finance/inve...
Sequoia Capital Leader Exits in VC Shake-Up
Managing partner Roelof Botha says he is turning over stewardship of the investment firm after a turbulent stretch.
www.wsj.com
November 5, 2025 at 2:21 PM
Big shakeup in VC-land with Sequoia Capital replacing its top leader Roelof Botha. Sequoia is a force in Silicon Valley VC circles - www.wsj.com/finance/inve...
Identity security for AI Agents heats up. CyberArk today announced its solution to secure AI agents, GA in December. It covers discovery/access management/governance/lifecycle management. It initially will discover agents on AWS Bedrock and Microsoft Copilot Studio www.cyberark.com/press/cybera...
CyberArk Introduces First Identity Security Solution Purpose-Built to Protect AI Agents with Privilege Controls
Delivers privilege controls, visibility and compliance for the new class of AI agent identities. Extends CyberArk’s identity security capabilities to secure AI-driven automation at enterprise scale. N...
www.cyberark.com
November 4, 2025 at 8:25 PM
Identity security for AI Agents heats up. CyberArk today announced its solution to secure AI agents, GA in December. It covers discovery/access management/governance/lifecycle management. It initially will discover agents on AWS Bedrock and Microsoft Copilot Studio www.cyberark.com/press/cybera...
A magnificent Sunday on the California coast (Point Lobos State Park). Autumn is the best time to see the coast in northern California - not so much fog.
November 2, 2025 at 8:01 PM
A magnificent Sunday on the California coast (Point Lobos State Park). Autumn is the best time to see the coast in northern California - not so much fog.
TechCrunch Disrupt 2025 was exceptional event!
Thanks to everyone who made this year's San Francisco event what it was -- and to the 10,000 of you who filled the halls, made the connections, and left with more than you came with. Couldn't make it? These images tell part of the story.
Scenes from TechCrunch Disrupt | TechCrunch
Thanks to everyone who made this year's San Francisco event what it was -- and to the 10,000 of you who filled the halls, made the connections, and left with more than you came with. Couldn't make it? These images tell part of the story.
techcrunch.com
October 31, 2025 at 5:03 AM
TechCrunch Disrupt 2025 was exceptional event!
Agentic AI relies on MCP, and MCP relies on OAuth for authentication. Oso blog highlights insufficiencies of OAuth for AI agents - www.osohq.com/post/oauth-i...
OAuth Isn’t Enough for Agents
The token-based permissions scheme of OAuth is a poor fit for agents. AI agents need authorization without these limits.
www.osohq.com
October 28, 2025 at 10:27 PM
Agentic AI relies on MCP, and MCP relies on OAuth for authentication. Oso blog highlights insufficiencies of OAuth for AI agents - www.osohq.com/post/oauth-i...
Reposted by Todd Thiemann
In case you haven't had enough cyber for one day...
I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.
I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.
Why ad blockers are a top security and privacy defense for everyone
Ad blockers can help defend against some of the top hacks, scams, and surveillance today. Here are some of the best ad blockers that you can use.
this.weekinsecurity.com
October 23, 2025 at 10:34 PM
In case you haven't had enough cyber for one day...
I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.
I'm re-upping my deep-dive blog on why ad-blockers are critical for your online security and privacy, and what threats they can help defend against. Plus, I run through some of the best ad blockers out there, for your browser and beyond.
This could privatize the profits and socialize the risk if they are not careful. And I suspect they are not careful. #quantumcomputing #pqc
Exclusive: Several quantum-computing companies are in talks to give the Commerce Department equity stakes in exchange for federal funding.
Exclusive | Trump Administration in Talks to Take Equity Stakes in Quantum-Computing Firms
The discussions signal Washington’s wider involvement in critical parts of the economy.
on.wsj.com
October 23, 2025 at 3:39 AM
This could privatize the profits and socialize the risk if they are not careful. And I suspect they are not careful. #quantumcomputing #pqc
Security for Agentic AI is complicated with multiple layers to consider -data (DSPM, DLP), prompt injection attacks, and identity (authentication and authorization). And probably more. And it depends on context (SaaS, on prem, cloud).
AI Agent Security: Whose Responsibility Is It? www.darkreading.com/cybersecurit...
AI Agent Security: Whose Responsibility Is It?
The shared responsibility model of data security is key to agentic AI, but cybersecurity teams and corporate users often struggle with managing that risk.
www.darkreading.com
October 22, 2025 at 5:17 AM
Security for Agentic AI is complicated with multiple layers to consider -data (DSPM, DLP), prompt injection attacks, and identity (authentication and authorization). And probably more. And it depends on context (SaaS, on prem, cloud).
Reposted by Todd Thiemann
Good morning! ☀️ There's still time to sign up for today's edition of my newsletter this.weekinsecurity.com, which has all of the cyber news you need to know (and more) from the past seven days. It's a really busy one!
Sign up (or RSS) for the free weekly newsletter, or $10/month for blogs & more.
Sign up (or RSS) for the free weekly newsletter, or $10/month for blogs & more.
~this week in security~
a weekly cybersecurity newsletter by Zack Whittaker, plus articles and more.
this.weekinsecurity.com
October 19, 2025 at 11:49 AM
Good morning! ☀️ There's still time to sign up for today's edition of my newsletter this.weekinsecurity.com, which has all of the cyber news you need to know (and more) from the past seven days. It's a really busy one!
Sign up (or RSS) for the free weekly newsletter, or $10/month for blogs & more.
Sign up (or RSS) for the free weekly newsletter, or $10/month for blogs & more.
Reposted by Todd Thiemann
EW: 🇰🇵DPRK has begun hiding malware on blockchain.
Result, decentralized, immutable malware.
Nearly impossible to remove.
cloud.google.com/blog/topics/...
Result, decentralized, immutable malware.
Nearly impossible to remove.
cloud.google.com/blog/topics/...
October 18, 2025 at 5:47 PM
EW: 🇰🇵DPRK has begun hiding malware on blockchain.
Result, decentralized, immutable malware.
Nearly impossible to remove.
cloud.google.com/blog/topics/...
Result, decentralized, immutable malware.
Nearly impossible to remove.
cloud.google.com/blog/topics/...
Reposted by Todd Thiemann
The messages direct recipients to download a binary that BleepingComputer has discovered installs Syncro, a remote monitoring and management (RMM) tool used by managed service providers (MSP) to streamline IT operations. www.bleepingcomputer.com/news/securit...
Fake LastPass, Bitwarden breach alerts lead to PC hijacks
An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the...
www.bleepingcomputer.com
October 16, 2025 at 12:27 PM
The messages direct recipients to download a binary that BleepingComputer has discovered installs Syncro, a remote monitoring and management (RMM) tool used by managed service providers (MSP) to streamline IT operations. www.bleepingcomputer.com/news/securit...
A nice Imprivata acquisition adding Identity Threat Detection and Response (ITDR) from Verosint - www.imprivata.com/company/pres...
Imprivata Acquires Verosint to Add AI-Powered Risk Signaling to its Leading Enterprise Access Management Platform
Integration of Verosint Identity Threat Detection & Response with Imprivata Enterprise Access Management will strengthen the company’s advanced and passwordless access strategy to bolster security, im...
www.imprivata.com
October 14, 2025 at 4:37 PM
A nice Imprivata acquisition adding Identity Threat Detection and Response (ITDR) from Verosint - www.imprivata.com/company/pres...
California's fire season has not seen many big fires materialize, and this storm may signal the end of the fire season for 2025 - www.nytimes.com/2025/10/13/w...
Early-Season Storm Sends a Deluge of Rain to California
www.nytimes.com
October 14, 2025 at 1:34 PM
California's fire season has not seen many big fires materialize, and this storm may signal the end of the fire season for 2025 - www.nytimes.com/2025/10/13/w...
Some satellite communications are sending clear text. Unencrypted satellite traffic that can be vacuumed up using inexpensive, off-the-shelf equipment. www.wired.com/story/satell...
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data
With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypte...
www.wired.com
October 14, 2025 at 1:31 PM
Some satellite communications are sending clear text. Unencrypted satellite traffic that can be vacuumed up using inexpensive, off-the-shelf equipment. www.wired.com/story/satell...
A salute to the Signal team in preparing for post-quantum computing with the new design. #PQC
New design sets a high standard for post-quantum readiness. arstechnica.com/security/202...
Why Signal’s post-quantum makeover is an amazing engineering achievement
New design sets a high standard for post-quantum readiness.
arstechnica.com
October 14, 2025 at 12:32 PM
A salute to the Signal team in preparing for post-quantum computing with the new design. #PQC
Reposted by Todd Thiemann
‼️ The @cyberwarcon.bsky.social agenda and presenters list is live. Proud that Amazon Cyber Threat Intelligence will be presenting for the first time on the intersection of Iranian cyber ops and kinetic strikes with Dlshad Othman and @davidmagnotti.bsky.social! www.cyberwarcon.com/ping-first-b...
Ping First, Boom Second — CYBERWARCON
www.cyberwarcon.com
October 8, 2025 at 8:44 PM
‼️ The @cyberwarcon.bsky.social agenda and presenters list is live. Proud that Amazon Cyber Threat Intelligence will be presenting for the first time on the intersection of Iranian cyber ops and kinetic strikes with Dlshad Othman and @davidmagnotti.bsky.social! www.cyberwarcon.com/ping-first-b...
New Blog Alert! Omdia/Enterprise Strategy Group published new research on workforce identity security (AKA identity & access management), and this blog dives into the challenge of tool proliferation. Identity teams have an average of 11 discrete tools to juggle - www.techtarget.com/searchsecuri...
Identity security tool sprawl: Origins and the way forward | TechTarget
Identity security teams face tool sprawl with an average of 11 products. Read research insights on consolidation strategies and emerging platform approaches.
www.techtarget.com
October 8, 2025 at 12:03 PM
New Blog Alert! Omdia/Enterprise Strategy Group published new research on workforce identity security (AKA identity & access management), and this blog dives into the challenge of tool proliferation. Identity teams have an average of 11 discrete tools to juggle - www.techtarget.com/searchsecuri...
Reposted by Todd Thiemann
Oracle issues emergency patch for zero-day flaw exploited by Cl0p ransomware gang www.csoonline.com/article/4068...
Oracle issues emergency patch for zero-day flaw exploited by Cl0p ransomware gang
Information about the vulnerability exposed by EBS portals is spreading, raising likelihood of new attacks, experts warn.
www.csoonline.com
October 7, 2025 at 12:42 AM
Oracle issues emergency patch for zero-day flaw exploited by Cl0p ransomware gang www.csoonline.com/article/4068...
Reposted by Todd Thiemann
Bonkers Palo Alto Login Scanner activity has continued through the weekend. We coordinated with/Palo on Fri, so they know aboot it & have the backs of their customers.
tzulo, inc. & 3xK Tech GmbH continue to be the primary network sources (both need a spanking/null route).
viz.greynoise.io/tag...
tzulo, inc. & 3xK Tech GmbH continue to be the primary network sources (both need a spanking/null route).
viz.greynoise.io/tag...
October 6, 2025 at 1:42 PM
Bonkers Palo Alto Login Scanner activity has continued through the weekend. We coordinated with/Palo on Fri, so they know aboot it & have the backs of their customers.
tzulo, inc. & 3xK Tech GmbH continue to be the primary network sources (both need a spanking/null route).
viz.greynoise.io/tag...
tzulo, inc. & 3xK Tech GmbH continue to be the primary network sources (both need a spanking/null route).
viz.greynoise.io/tag...
Reposted by Todd Thiemann
Oracle E-Business Suite: Security Alert Advisory
URL: www.oracle.com/security-ale...
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8
URL: www.oracle.com/security-ale...
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8
www.oracle.com
October 6, 2025 at 3:44 AM
Oracle E-Business Suite: Security Alert Advisory
URL: www.oracle.com/security-ale...
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8
URL: www.oracle.com/security-ale...
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8
New Forbes article covering the evolution of security for the agentic workspace … and the author slipped in a quote feom yours truly ! www.forbes.com/sites/tonybr...
Proofpoint Pushes Security Deeper Into The Agentic Workspace
Proofpoint unveils security for agentic workspaces, addressing the rising risks as AI agents expand productivity—and the enterprise attack surface.
www.forbes.com
October 3, 2025 at 4:52 AM
New Forbes article covering the evolution of security for the agentic workspace … and the author slipped in a quote feom yours truly ! www.forbes.com/sites/tonybr...
Sailpoint Navigate in Austin is complete! Lots of identity security learning (hello agentic AI!) and fantastic Austin TX food.
October 1, 2025 at 8:26 PM
Sailpoint Navigate in Austin is complete! Lots of identity security learning (hello agentic AI!) and fantastic Austin TX food.
Reposted by Todd Thiemann
DOGE is “bypassing cybersecurity protections” at three agencies, Senate Homeland Security and Governmental Affairs Committee Democrats concluded. via @timstarks.bsky.social www.youtube.com/watch?v=viiq... | cyberscoop.com/senate-democ...
Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules
YouTube video by CyberScoop
www.youtube.com
September 27, 2025 at 5:39 PM
DOGE is “bypassing cybersecurity protections” at three agencies, Senate Homeland Security and Governmental Affairs Committee Democrats concluded. via @timstarks.bsky.social www.youtube.com/watch?v=viiq... | cyberscoop.com/senate-democ...