Reposted by Ryan Kazanciyan
If you'd like to learn more about this type of misconfiguration, how it can be exploited, and how to prevent it, @danielleaminov.bsky.social from my team at Wiz wrote a great introduction to this topic here: www.wiz.io/blog/spring-...
May 19, 2025 at 5:36 AM
If you'd like to learn more about this type of misconfiguration, how it can be exploited, and how to prevent it, @danielleaminov.bsky.social from my team at Wiz wrote a great introduction to this topic here: www.wiz.io/blog/spring-...
Reposted by Ryan Kazanciyan
Our team at Wiz Research has observed ongoing exploitation of the latest Ivanti EPMM vulnerabilities (CVE-2025-4427 & CVE-2025-4428) - more details and IOCs available here: www.wiz.io/blog/ivanti-...
Ivanti EPMM RCE Vulnerability Chain Exploited in the Wild | Wiz Blog
Wiz Research has observed exploitation in-the-wild of CVE-2025-4427 and CVE-2025-4428, the latest vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).
www.wiz.io
May 20, 2025 at 7:25 PM
Our team at Wiz Research has observed ongoing exploitation of the latest Ivanti EPMM vulnerabilities (CVE-2025-4427 & CVE-2025-4428) - more details and IOCs available here: www.wiz.io/blog/ivanti-...
Reposted by Ryan Kazanciyan
BREAKING: jury awards massive $167 million in punitive damages against spyware company NSO Group.
Precedent-setting win against notorious #Pegasus spyware maker.
Very consequential for victims to see this.
Congratulations to #WhatsApp on sticking this case through since 2019. Some thoughts 1/
Precedent-setting win against notorious #Pegasus spyware maker.
Very consequential for victims to see this.
Congratulations to #WhatsApp on sticking this case through since 2019. Some thoughts 1/
May 6, 2025 at 9:30 PM
Reposted by Ryan Kazanciyan
So I stuck up for Sean Plankey as future CISA, now time to stick up for Chris Krebs, past CISA - this shit is bonkers and should give pause to anyone even considering federal employment if this kind of shit is what you get for doing your job:
www.whitehouse.gov/fact-sheets/...
www.whitehouse.gov/fact-sheets/...
Fact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs and Government Censorship
RESTORING TRUST IN GOVERNMENT: Today, President Donald J. Trump signed a Presidential Memorandum revoking any active security clearance held by Chris
www.whitehouse.gov
April 9, 2025 at 9:40 PM
So I stuck up for Sean Plankey as future CISA, now time to stick up for Chris Krebs, past CISA - this shit is bonkers and should give pause to anyone even considering federal employment if this kind of shit is what you get for doing your job:
www.whitehouse.gov/fact-sheets/...
www.whitehouse.gov/fact-sheets/...
Reposted by Ryan Kazanciyan
#IngressNightmare: Wiz Research uncovers a critical vulnerability in Ingress-NGINX 🚨
Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.
Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.
March 25, 2025 at 11:52 AM
#IngressNightmare: Wiz Research uncovers a critical vulnerability in Ingress-NGINX 🚨
Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.
Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.
Reposted by Ryan Kazanciyan
In 25 years of covering national security, I’ve never seen a story like this: Senior Trump officials discussed planning for the U.S. attack on Yemen in a Signal group--and inadvertently added the editor-in-chief of The Atlantic. www.theatlantic.com/politics/arc...
The Trump Administration Accidentally Texted Me Its War Plans
U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
www.theatlantic.com
March 24, 2025 at 4:11 PM
In 25 years of covering national security, I’ve never seen a story like this: Senior Trump officials discussed planning for the U.S. attack on Yemen in a Signal group--and inadvertently added the editor-in-chief of The Atlantic. www.theatlantic.com/politics/arc...
Reposted by Ryan Kazanciyan
Turns out when you investigate a compromised Github Actions you ... find another compromised Github Action:
www.wiz.io/blog/new-git...
www.wiz.io/blog/new-git...
GitHub Action supply chain attack: reviewdog/action-setup | Wiz Blog
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.
www.wiz.io
March 17, 2025 at 10:16 PM
Turns out when you investigate a compromised Github Actions you ... find another compromised Github Action:
www.wiz.io/blog/new-git...
www.wiz.io/blog/new-git...
Reposted by Ryan Kazanciyan
Socket Security has discovered a malicious Java library on the Maven repository that is secretly stealing OAuth credentials on the 15th of each month
socket.dev/blog/malicio...
socket.dev/blog/malicio...
Tick Tock, Your Credentials Are Gone: The Maven Package With...
A malicious Maven package typosquatting a popular library is secretly stealing OAuth credentials on the 15th of each month, putting Java developers at...
socket.dev
March 15, 2025 at 10:27 PM
Socket Security has discovered a malicious Java library on the Maven repository that is secretly stealing OAuth credentials on the 15th of each month
socket.dev/blog/malicio...
socket.dev/blog/malicio...
Reposted by Ryan Kazanciyan
NEW: CISA employees are scared, angry, and worried about how Trump's cuts and policies are weakening their agency.
Partnerships are strained, leadership is bowing to Trump, and layoffs & other departures have left worrisome gaps.
My @wired.com story: www.wired.com/story/inside...
Partnerships are strained, leadership is bowing to Trump, and layoffs & other departures have left worrisome gaps.
My @wired.com story: www.wired.com/story/inside...
March 13, 2025 at 2:35 PM
NEW: CISA employees are scared, angry, and worried about how Trump's cuts and policies are weakening their agency.
Partnerships are strained, leadership is bowing to Trump, and layoffs & other departures have left worrisome gaps.
My @wired.com story: www.wired.com/story/inside...
Partnerships are strained, leadership is bowing to Trump, and layoffs & other departures have left worrisome gaps.
My @wired.com story: www.wired.com/story/inside...
Reposted by Ryan Kazanciyan
Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works.
What Really Happened With the DDoS Attacks That Took Down X
Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works.
wrd.cm
March 11, 2025 at 1:45 PM
Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works.
Reposted by Ryan Kazanciyan
I updated my story again. DoD denied reports that an order was issued to CyberCom, but Washington Post stands by story that order occurred Feb 24. But a Post reporter says the ops impacted were low-level, since US has not been conducting anything against Russia that rises to level of "use of force"
Two stories published Friday reporting that Trump admin had ordered US Cyber Command and CISA to "stand down" on their work to detect/counter Russian cyber threats. But new info has come out to contradict them. I dug into what we know and don't know. www.zetter-zeroday.com/did-trump-ad...
Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia?
Two blockbuster stories published on Friday that appear to confirm what many Americans suspected would occur under the Trump administration – that the new regime is going to be softer on Russia than p...
www.zetter-zeroday.com
March 5, 2025 at 5:30 PM
I updated my story again. DoD denied reports that an order was issued to CyberCom, but Washington Post stands by story that order occurred Feb 24. But a Post reporter says the ops impacted were low-level, since US has not been conducting anything against Russia that rises to level of "use of force"
Reposted by Ryan Kazanciyan
The Denmark study had a cohort of 500,000 children.
From a meta-study perspective, you'd need a huge amount of data to put any kind of dent into it.
From a meta-study perspective, you'd need a huge amount of data to put any kind of dent into it.
The CDC is reportedly planning a large study into potential connections between vaccines and autism, "despite extensive scientific research that has disproven or failed to find evidence of such links"
Exclusive: U.S. CDC plans study into vaccines and autism, sources say
The U.S. Centers for Disease Control and Prevention is planning a large study into potential connections between vaccines and autism, two sources familiar with the matter told Reuters, despite extensive scientific research that has disproven or failed to find evidence of such links.
www.reuters.com
March 7, 2025 at 4:38 PM
The Denmark study had a cohort of 500,000 children.
From a meta-study perspective, you'd need a huge amount of data to put any kind of dent into it.
From a meta-study perspective, you'd need a huge amount of data to put any kind of dent into it.
Reposted by Ryan Kazanciyan
I wrote an article outlining why the directive to stop tracking Russian cyber threat actors is impractical and frankly dangerous, outlining some second order effects of the directive. Enjoy.
www.linkedin.com/pulse/stop-t...
www.linkedin.com/pulse/stop-t...
Stop Tracking Russian Cyber? That's Not How Anything Works...
In the last 72 hours, multiple stories have broken detailing how the US is reprioritizing its tracking of threat actors. More specifically, at least two different agencies, CYBERCOM and CISA, have bee...
www.linkedin.com
March 2, 2025 at 3:00 PM
I wrote an article outlining why the directive to stop tracking Russian cyber threat actors is impractical and frankly dangerous, outlining some second order effects of the directive. Enjoy.
www.linkedin.com/pulse/stop-t...
www.linkedin.com/pulse/stop-t...
Reposted by Ryan Kazanciyan
18F was doing exactly the type of work that DOGE claims to want – yet we were eliminated shortly after midnight. Read our letter to the American people:
18f.org
18f.org
We're not done yet | 18F
18f.org
March 1, 2025 at 11:38 PM
18F was doing exactly the type of work that DOGE claims to want – yet we were eliminated shortly after midnight. Read our letter to the American people:
18f.org
18f.org
Reposted by Ryan Kazanciyan
NEW: DeepSeek left a database exposed to the web.
It contained more than one million files, including prompts and API keys, researchers at cloud security firm Wiz say
Story with @lhn.bsky.social
It contained more than one million files, including prompts and API keys, researchers at cloud security firm Wiz say
Story with @lhn.bsky.social
Exposed DeepSeek Database Revealed Chat Prompts and Internal Data
China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: Security researchers found more than 1 million records, including user data and API keys, in an open database.
www.wired.com
January 29, 2025 at 9:39 PM
NEW: DeepSeek left a database exposed to the web.
It contained more than one million files, including prompts and API keys, researchers at cloud security firm Wiz say
Story with @lhn.bsky.social
It contained more than one million files, including prompts and API keys, researchers at cloud security firm Wiz say
Story with @lhn.bsky.social
Reposted by Ryan Kazanciyan
Reposted by Ryan Kazanciyan
Members of the Cyber Safety Review Board were informed they have been dismissed pursuant to a DHS order disbanding all advisory committees.
The board had been in the middle of probing the Chinese hack of U.S. telecoms, a review that now is in limbo and possibly terminated.
The board had been in the middle of probing the Chinese hack of U.S. telecoms, a review that now is in limbo and possibly terminated.
January 21, 2025 at 9:42 PM
Members of the Cyber Safety Review Board were informed they have been dismissed pursuant to a DHS order disbanding all advisory committees.
The board had been in the middle of probing the Chinese hack of U.S. telecoms, a review that now is in limbo and possibly terminated.
The board had been in the middle of probing the Chinese hack of U.S. telecoms, a review that now is in limbo and possibly terminated.
Reposted by Ryan Kazanciyan
First blog post of the new year and this is one I've been meaning to write up for a while which is some details on #Kubernetes API Server proxy feature and how it might be possible to use some known weaknesses in it to escalate your privileges in a cluster.
raesene.github.io/blog/2025/01...
raesene.github.io/blog/2025/01...
Exploring the Kubernetes API Server Proxy
raesene.github.io
January 18, 2025 at 12:54 PM
First blog post of the new year and this is one I've been meaning to write up for a while which is some details on #Kubernetes API Server proxy feature and how it might be possible to use some known weaknesses in it to escalate your privileges in a cluster.
raesene.github.io/blog/2025/01...
raesene.github.io/blog/2025/01...
Reposted by Ryan Kazanciyan
Learn more on how to shifting focus on attacker behavior — ⚙️ like unusual permissions escalations or lateral movement patterns in our blog by
@merav-b.bsky.social & and Gili Tikochinski: www.wiz.io/blog/detecti...
@merav-b.bsky.social & and Gili Tikochinski: www.wiz.io/blog/detecti...
January 15, 2025 at 11:43 AM
Learn more on how to shifting focus on attacker behavior — ⚙️ like unusual permissions escalations or lateral movement patterns in our blog by
@merav-b.bsky.social & and Gili Tikochinski: www.wiz.io/blog/detecti...
@merav-b.bsky.social & and Gili Tikochinski: www.wiz.io/blog/detecti...
Reposted by Ryan Kazanciyan
Last month as drones over NY/NJ made headlines, a radiation-monitoring site reported spikes in radiation in NY, seemingly supporting a theory that the drones were tracking a dirty bomb on the loose there. Only the spikes were fake. I wrote about the scare and how it spread on social media
Anatomy of a Nuclear Scare
How fake radiation readings in New York and New Jersey, coupled with a mysterious drone swarm, fueled a nuclear scare and became a harbinger for things to come
The ongoing mystery around a New Jersey...
www.zetter-zeroday.com
January 8, 2025 at 6:13 PM
Last month as drones over NY/NJ made headlines, a radiation-monitoring site reported spikes in radiation in NY, seemingly supporting a theory that the drones were tracking a dirty bomb on the loose there. Only the spikes were fake. I wrote about the scare and how it spread on social media
Reposted by Ryan Kazanciyan
good morning and welcome to 2025
January 6, 2025 at 4:20 PM
good morning and welcome to 2025