Łukasz Bromirski
@lukasz.bromirski.net
networking & security geek / CCIE #15929 R&S/SP, CCDE #2012::17 / opinions are my own, not of my employer / 42 / Director@Cisco Security, building NGFW hardware platforms
Reposted by Łukasz Bromirski
There is no such thing as "just" metadata. ssd.eff.org/en/module/w...
Why Communication Metadata Matters
As its name suggests, metadata is data about data. Metadata is used in a variety of contexts, often for cataloging information, like tagging keywords in a video so it’s easy to find later. When it comes to computers, people often first think of "file metadata," which includes details about when...
ssd.eff.org
November 8, 2025 at 10:59 PM
There is no such thing as "just" metadata. ssd.eff.org/en/module/w...
Reposted by Łukasz Bromirski
Ktoś wyczyścił konta wielu klientom Santandera naraz, wypłacając pieniądze z bankomatów. Chętnie posłuchamy szczegółów tego incydentu, bo dawno takiego w Polsce nie było. tvn24.pl/poznan/dwa-w...
Jeden bank, dwa województwa i 120 nieuprawnionych wypłat z kont
Policjanci z województwa wielkopolskiego i kujawsko-pomorskiego badają przypadki nieuprawnionych wypłat z bankomatów. - Klienci otrzymywali powiadomienie SMS o wypłacie z bankomatu środków z ich konta...
tvn24.pl
October 26, 2025 at 4:08 PM
Ktoś wyczyścił konta wielu klientom Santandera naraz, wypłacając pieniądze z bankomatów. Chętnie posłuchamy szczegółów tego incydentu, bo dawno takiego w Polsce nie było. tvn24.pl/poznan/dwa-w...
Reposted by Łukasz Bromirski
Happy Sunday! Here's this.weekinsecurity.com, featuring:
• Trenchant boss accused of selling secrets to Russia
• Microsoft issues emergency WSUS fix
• Feds demand user's ChatGPT prompts
• AI browsers are security hot mess
• Dutch sharing less intel with the US
• A brand new cyber cat(!), and more.
• Trenchant boss accused of selling secrets to Russia
• Microsoft issues emergency WSUS fix
• Feds demand user's ChatGPT prompts
• AI browsers are security hot mess
• Dutch sharing less intel with the US
• A brand new cyber cat(!), and more.
this week in security — october 26 2025 edition
DOJ says Trenchant boss sold secrets to Russian buyer, U.S. 'slipping' on cyber, Microsoft patches exploited Windows bug, AI browser security, and more.
this.weekinsecurity.com
October 26, 2025 at 4:36 PM
Happy Sunday! Here's this.weekinsecurity.com, featuring:
• Trenchant boss accused of selling secrets to Russia
• Microsoft issues emergency WSUS fix
• Feds demand user's ChatGPT prompts
• AI browsers are security hot mess
• Dutch sharing less intel with the US
• A brand new cyber cat(!), and more.
• Trenchant boss accused of selling secrets to Russia
• Microsoft issues emergency WSUS fix
• Feds demand user's ChatGPT prompts
• AI browsers are security hot mess
• Dutch sharing less intel with the US
• A brand new cyber cat(!), and more.
Reposted by Łukasz Bromirski
“The Russian can see us just from the other side of the river, and a minute later they hit you - and they are specifically targeting residential areas, kindergartens, hospitals.”
read this horrific report from Kherson:
open.substack.com/pub/twogrump...
read this horrific report from Kherson:
open.substack.com/pub/twogrump...
Talking to Ukrainians under the rain of Russian bombs
Far away from the futile Trump-Putin noise (will he? won’t he? why didn't he?), Ukrainians are being targeted and killed every day. I talked to friends and acquaintances in Kherson, a frontline city.
open.substack.com
October 27, 2025 at 9:12 AM
“The Russian can see us just from the other side of the river, and a minute later they hit you - and they are specifically targeting residential areas, kindergartens, hospitals.”
read this horrific report from Kherson:
open.substack.com/pub/twogrump...
read this horrific report from Kherson:
open.substack.com/pub/twogrump...
Reposted by Łukasz Bromirski
The Missing Semester of Your CS Education (2020) | Discussion
The Missing Semester of Your CS Education
missing.csail.mit.edu
October 25, 2025 at 11:00 AM
The Missing Semester of Your CS Education (2020) | Discussion
Reposted by Łukasz Bromirski
Donald Trump is telling his own Justice Department that it owes him $230 million, @qjurecic.bsky.social writes. "The goal is not just dictatorial power, but the ostentatious performance of dictatorial power."
Trump to DOJ: Pay Up
The goal is not just dictatorial power, but ostentatious performance.
bit.ly
October 23, 2025 at 9:15 PM
Donald Trump is telling his own Justice Department that it owes him $230 million, @qjurecic.bsky.social writes. "The goal is not just dictatorial power, but the ostentatious performance of dictatorial power."
Friendly reminder - I'm running multiple open projects for networking community & geeks - BGP Full Feed, BGP Blackholing and open RPKI server. You can read more here: lukasz.bromirski.net/projects/ #FreeBSD #CiscoIOSXR
projects
below you can see some of the community projects I created/actively maintaining:
AS 112 - world wide project to sinkhole RFC 1918 DNS traffic locally within countries/geos and avoid slamming DNS root ...
lukasz.bromirski.net
October 23, 2025 at 8:55 PM
Friendly reminder - I'm running multiple open projects for networking community & geeks - BGP Full Feed, BGP Blackholing and open RPKI server. You can read more here: lukasz.bromirski.net/projects/ #FreeBSD #CiscoIOSXR
Reposted by Łukasz Bromirski
The security paradox of local LLMs | Discussion
The security paradox of local LLMs - Quesma Blog
Local LLMs prioritize privacy over security. Our research reveals a 95% backdoor injection success rate.
quesma.com
October 22, 2025 at 4:20 PM
The security paradox of local LLMs | Discussion
Reposted by Łukasz Bromirski
Those annoying Cloudflare Captchas made everyone so used to clicking "I am not a robot" that Russian hackers used this to hack victims. Victims received PDF with a link that, if clicked, produced a Cloudflare Captcha. If user checked "I am not a robot" box and followed instructions, they got hacked
PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
SentinelLABS uncovers a coordinated spearphishing campaign targeting organizations critical to Ukraine's war relief efforts.
www.sentinelone.com
October 22, 2025 at 1:37 PM
Those annoying Cloudflare Captchas made everyone so used to clicking "I am not a robot" that Russian hackers used this to hack victims. Victims received PDF with a link that, if clicked, produced a Cloudflare Captcha. If user checked "I am not a robot" box and followed instructions, they got hacked
Reposted by Łukasz Bromirski
Are you familiar with our Bellingcat toolkit? Its a resource to discover open source tools and learn what could be useful for your research. bellingcat.gitbook.io/toolkit
Home | Bellingcat's Online Investigation Toolkit
A toolkit for open source researchers
bellingcat.gitbook.io
October 22, 2025 at 1:45 PM
Are you familiar with our Bellingcat toolkit? Its a resource to discover open source tools and learn what could be useful for your research. bellingcat.gitbook.io/toolkit
Reposted by Łukasz Bromirski
Join us on October 30 at 1:00 p.m. ET for a free CCNA Cybersecurity Prep session with Pierre Cadieux, focused on Defense in Depth strategy and security monitoring tools and technologies: cs.co/63324Atv76
October 22, 2025 at 2:06 PM
Join us on October 30 at 1:00 p.m. ET for a free CCNA Cybersecurity Prep session with Pierre Cadieux, focused on Defense in Depth strategy and security monitoring tools and technologies: cs.co/63324Atv76
Reposted by Łukasz Bromirski
Repeat after me: It's because the "hacktivist" group was ALWAYS an intelligence operation. ALWAYS!
Russia clearly shifted from DDoS to actual physical sabotage a few months back, and its NoName project has no more use. Physical and destructive sabotage is a top priority for them right now
Russia clearly shifted from DDoS to actual physical sabotage a few months back, and its NoName project has no more use. Physical and destructive sabotage is a top priority for them right now
The takedown of infrastructure and naming of some of the organizers of NoName has made that group self-radicalize even more I feel. They seem a lot more invested in offline actions now, having previously barely ever mentioned them.
October 21, 2025 at 4:23 PM
Repeat after me: It's because the "hacktivist" group was ALWAYS an intelligence operation. ALWAYS!
Russia clearly shifted from DDoS to actual physical sabotage a few months back, and its NoName project has no more use. Physical and destructive sabotage is a top priority for them right now
Russia clearly shifted from DDoS to actual physical sabotage a few months back, and its NoName project has no more use. Physical and destructive sabotage is a top priority for them right now
Internet is here, because it's distributed. Self-host. Build, grow, experiment and scale, but remember about distributed nature of stuff you create. Monolithic, centralized systems are slow, prone to catastrophic failures... and easy to kill. #self-host
October 20, 2025 at 10:10 PM
Internet is here, because it's distributed. Self-host. Build, grow, experiment and scale, but remember about distributed nature of stuff you create. Monolithic, centralized systems are slow, prone to catastrophic failures... and easy to kill. #self-host
After you saw "Inside", you'll believe just about anything to not have to see it again. Just like Jordan Peele's "Nope". Very apt names BTW.
Home Depot Introduces New 12-Foot-Tall Willem Dafoe https://theonion.com/home-depot-introduces-new-12-foot-tall-willem-dafoe/
October 20, 2025 at 3:24 PM
After you saw "Inside", you'll believe just about anything to not have to see it again. Just like Jordan Peele's "Nope". Very apt names BTW.
Reposted by Łukasz Bromirski
New from 404 Media: the same hackers who doxed hundreds of DHS, ICE, and FBI officials say they have personal data of tens of thousands more government officials, including thousands NSA, more in intel community. They sent me data from a dizzying list of agencies
www.404media.co/hackers-say-...
www.404media.co/hackers-say-...
Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials
The same hackers who doxed hundreds of DHS, ICE, and FBI officials now say they have the personal data of tens of thousands of officials from the NSA, Air Force, Defense Intelligence Agency, and many ...
www.404media.co
October 20, 2025 at 3:18 PM
New from 404 Media: the same hackers who doxed hundreds of DHS, ICE, and FBI officials say they have personal data of tens of thousands more government officials, including thousands NSA, more in intel community. They sent me data from a dizzying list of agencies
www.404media.co/hackers-say-...
www.404media.co/hackers-say-...
I don't do webmail. But when I do, I always use "realgymessentials.com" to reset my password. And I share "internal communication" with the world.
October 17, 2025 at 10:36 AM
I don't do webmail. But when I do, I always use "realgymessentials.com" to reset my password. And I share "internal communication" with the world.
Reposted by Łukasz Bromirski
📢 BREAKING NEWS 📢
EFF and co-counsel have filed a lawsuit against the Departments of State and Homeland Security for their viewpoint-based surveillance and suppression of First Amendment-protected speech online. (1/5)
EFF and co-counsel have filed a lawsuit against the Departments of State and Homeland Security for their viewpoint-based surveillance and suppression of First Amendment-protected speech online. (1/5)
October 16, 2025 at 7:01 PM
📢 BREAKING NEWS 📢
EFF and co-counsel have filed a lawsuit against the Departments of State and Homeland Security for their viewpoint-based surveillance and suppression of First Amendment-protected speech online. (1/5)
EFF and co-counsel have filed a lawsuit against the Departments of State and Homeland Security for their viewpoint-based surveillance and suppression of First Amendment-protected speech online. (1/5)
Reposted by Łukasz Bromirski
"We always think about America’s postwar role in Europe as an act of great generosity, the defense of allies from Soviet aggression. But by putting democracy at the center of our international identity, we also helped strengthen our own political system"
www.theatlantic.com/magazine/arc...
www.theatlantic.com/magazine/arc...
The Beacon of Democracy Goes Dark
For nearly 250 years, America promoted freedom and equality abroad, even when it failed to live up to those ideals itself. Not anymore.
www.theatlantic.com
October 14, 2025 at 10:25 AM
"We always think about America’s postwar role in Europe as an act of great generosity, the defense of allies from Soviet aggression. But by putting democracy at the center of our international identity, we also helped strengthen our own political system"
www.theatlantic.com/magazine/arc...
www.theatlantic.com/magazine/arc...
Reposted by Łukasz Bromirski
Join EFF today and help us:
- Push back against government surveillance 📸
- Protect end-to-end encryption 🔐
- Create technologies to keep you safe online 🧑💻
Your support makes this work possible. Donate today! eff.org/join
- Push back against government surveillance 📸
- Protect end-to-end encryption 🔐
- Create technologies to keep you safe online 🧑💻
Your support makes this work possible. Donate today! eff.org/join
35 Years for Privacy & Free Speech
EFF is on a mission to protect your civil liberties and human rights wherever they meet tech, but it’s only possible with your help.
supporters.eff.org
October 13, 2025 at 9:11 PM
Join EFF today and help us:
- Push back against government surveillance 📸
- Protect end-to-end encryption 🔐
- Create technologies to keep you safe online 🧑💻
Your support makes this work possible. Donate today! eff.org/join
- Push back against government surveillance 📸
- Protect end-to-end encryption 🔐
- Create technologies to keep you safe online 🧑💻
Your support makes this work possible. Donate today! eff.org/join
Reposted by Łukasz Bromirski
Chcesz dowiedzieć się, jak faktycznie wygląda polowanie na cyberprzestępców (czyli threat hunting) albo jak obsługuje się incydenty w różnych firmach? A może myślisz o zmianie pracy albo dopiero zaczynasz w IT i zastanawiasz się, jakie stanowisko będzie najlepsze?
October 13, 2025 at 5:58 PM
Chcesz dowiedzieć się, jak faktycznie wygląda polowanie na cyberprzestępców (czyli threat hunting) albo jak obsługuje się incydenty w różnych firmach? A może myślisz o zmianie pracy albo dopiero zaczynasz w IT i zastanawiasz się, jakie stanowisko będzie najlepsze?
Reposted by Łukasz Bromirski
Watch how Cisco Talos Incident Response Purple Team simulations unite offensive and defensive experts to build real-world skills, identify gaps, and boost your organization’s security confidence: cs.co/63325AxEb1
October 13, 2025 at 2:40 PM
Watch how Cisco Talos Incident Response Purple Team simulations unite offensive and defensive experts to build real-world skills, identify gaps, and boost your organization’s security confidence: cs.co/63325AxEb1
Reposted by Łukasz Bromirski
I'm looking for some folks that have questions about humanely managing IT and security teams to be callers on my podcast. We'll record this Friday at 3:30pm Eastern. Please reach out if interested!
October 13, 2025 at 2:52 PM
I'm looking for some folks that have questions about humanely managing IT and security teams to be callers on my podcast. We'll record this Friday at 3:30pm Eastern. Please reach out if interested!
Reposted by Łukasz Bromirski
Both Windows and Mac computers include a free way to encrypt your entire storage drive. You should turn it on, if you haven't already. ssd.eff.org/module/how-...
How to: Encrypt Your Windows, Mac, or Linux Computer
Encrypting your computer's storage drive is a simple, but powerful tool to secure your data. When enabled, "full-disk" encryption (also known as device encryption) encrypts everything on your computer so it cannot be viewed without first entering a password when you log in.
Just to instructions for:
Windows
Mac
Linux...
ssd.eff.org
October 13, 2025 at 2:58 PM
Both Windows and Mac computers include a free way to encrypt your entire storage drive. You should turn it on, if you haven't already. ssd.eff.org/module/how-...
This file is corrupted. AKA "Ten plik może być uszkodzony." which actually doesn't say it is, but that it *might* be.
In honor of spooky month, share a 4 word horror story that only someone in your profession would understand
I'll go first: Six page commercial lease.
I'll go first: Six page commercial lease.
October 13, 2025 at 12:14 AM
This file is corrupted. AKA "Ten plik może być uszkodzony." which actually doesn't say it is, but that it *might* be.
Reposted by Łukasz Bromirski
📚 The 2nd edition of 🔒Container Security 🔒 is out now! 📚
bookshop.org/p/books/cont...
bookshop.org/p/books/cont...
Container Security: Fundamental Technology Concepts That Protect Cloud Native Applications
Fundamental Technology Concepts That Protect Cloud Native Applications
bookshop.org
October 12, 2025 at 5:31 PM
📚 The 2nd edition of 🔒Container Security 🔒 is out now! 📚
bookshop.org/p/books/cont...
bookshop.org/p/books/cont...