December 17, 2025

        December 17, 2025

December 17, 2025

            December 17, 2025

I regret to inform you that I am posting Big Suka Sukhoi again, because I think most people don't even know I made it. People always said I had a voice for VA, and I think they were right. pic.twitter.com/leEPBrgebB
— HoraceVT 🪄🎬 (@Phontomen) December 16, 2025

AND THE EXCITING SEQUEL, EVEN BIGGER SUKA SUKHOI! pic.twitter.com/GvnCpbo0rX
— HoraceVT 🪄🎬 (@Phontomen) December 16, 2025

  An absolutely superb podcast from my colleague @tom.risky.biz and @thegrugq.bsky.social featuring Hamid Kashfi discussing the evolution of Iranian APTs. 10/10  risky.biz/BTN148/ https://risky.biz/BTN148/
             — Patrick Gray (@patrick.risky.biz)            2025-12-16T14:15:23.334Z 

This is the best write-up on threat actor tradecraft I've seen from AWS.  https://t.co/SYSRrGLOvE
— Scott Piper (@0xdabbad00) December 16, 2025

I fly out tomorrow morning for a business trip.

My CEO asked me, "Can you finish the Q4 budget reconciliation on the flight? It’s a 8-hour trip, perfect time to focus."

I looked at him with genuine horror.

I said, "Are you asking me to access proprietary financial data on a…
— IT Unprofessional (@it_unprofession) December 16, 2025

Wow, remote OS command injection (from the same network segment) in FreeBSD IPv6 stack via router advertisement packets: https://t.co/8TrK41m96g

rtsold passes the unescaped domain search list option from the RA packet to the resolvconf shell script.
— Francisco Falcon (@fdfalcon) December 17, 2025

This PornHub, OpenAI, Mixpanel hack is super weird.

What we know:  Mixpanel got popped via SMS phishing. The threat actors are extorting their customers threatening to leak stolen data.

OpenAI was first to announce that (they actually beat Mixpanels own announcement)

Now… pic.twitter.com/x9B9twYnBJ
— Matt Johansen (@mattjay) December 17, 2025

My latest for Journalist and Spy: Mikhail Vasenkov was a news photographer, professor, and Russian spy. Part of the Illegals Program and arrested by the FBI in 2010.  After he died in 2022, the SVR said he helped obtain "valuable political information." https://t.co/KBcM7bUFI8
— Runa Sandvik (@runasand) December 16, 2025

This is not just another strong open model. Nemotron actually releases training data (!), RL environments, and training code. This is a big difference: almost all model developers just want people to use their models; NVIDIA is enabling people to make their own models. We are… https://t.co/cGrgEsATyx
— Percy Liang (@percyliang) December 15, 2025

One of my favourite books of this era . Martyanov’s The (Real) Revolution in Military Affairs sits  inside the same shift described in The Return of Matter. It examines modern conflict through production capacity, engineering reality, industrial continuity, and material… https://t.co/JGyAy5kFIN
— 🇦🇺Craig Tindale (@ctindale) December 16, 2025

—

THC Release 💥: The world’s largest IP<>Domain database: https://t.co/I9OIucDu2T

All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free. 

Updated monthly.

Try: curl https://t.co/HUrGIrdpLd

Raw data (187GB): https://t.co/GM3L2DJYKF

(The fine work… pic.twitter.com/q23XC0PdOp
— The Hacker's Choice (@thc@infosec.exchange) (@hackerschoice) December 17, 2025

                            Don't miss what's next. Subscribe to the grugq's newsletter:

          Add a comment:

                Share this email:

                                Share on Twitter

                                Share on Hacker News

                                Share via email

                                Share on Mastodon

                                Share on Bluesky