My dude Andrea is developing an *amazing* macOS tool to track auto start items and tons of other things in what changes in the system. Great for the curious, the cautious and/or forensic analysis. Check the project out! 100% open source from 🇮🇹 https://t.co/EXsb7e2m4B

— Simone Margaritelli (@evilsocket) December 19, 2025

My CISO called me at 3 AM last Tuesday.

"We caught someone."

I asked, "Caught them doing what?"

He said, "Typing."

Let me explain.

We have an employee in IT. Great worker. Always online. Never complained. Perfect Slack etiquette.

One problem.

His keystrokes were arriving… pic.twitter.com/ete0Ymgf4Y

— Peter Girnus 🦅 (@gothburz) December 19, 2025

Open Klara released - your own private cloud Yara scanner!

Together with our community member Gajesh, I would like to announce the fork of the KLara project into Open Klara!

We aim to maintain, support and fix future bugs.

Open KLara is a community-driven fork of the original…

— Dan Demeter (@_xdanx) December 17, 2025

Denmark attributes DDOS attacks and an attack on a water utility to GRU confederates CARR/NoName057/Z-Pentest. These attacks took place all over Europe and the full scope of it all isn’t really appreciated. https://t.co/KdWWtN084m

— John Hultquist (@JohnHultquist) December 19, 2025

Detects and bypasses web application firewallshttps://t.co/nQVRmBkyjL pic.twitter.com/lOneR7t88u

— Tom Dörr (@tom_doerr) December 18, 2025

Container Debugging 101: How to Execute Host Commands Inside a Running Container 🧙‍♂️

Good container images should include only the packages needed for the application to run in production. But what if such a "perfect" minimal container starts acting up? https://t.co/R4f8k75gTP pic.twitter.com/5d2DilVC0w

— Ivan Velichko (@iximiuz) December 18, 2025

Given the reference to Visa data being stolen by hackers here, I understand Foreign Office Services - the commercial arm of the department providing secure support for UK diplomacy and defence - was breached.

As a leading govt cyber official once told me: “It’s not a matter of… https://t.co/ATyKhWR4nA

— Richard Holmes 🕵🏻‍♂️ (@Richard_AHolmes) December 19, 2025

This paper from Harvard and MIT quietly answers the most important AI question nobody benchmarks properly:

Can LLMs actually discover science, or are they just good at talking about it?

The paper is called “Evaluating Large Language Models in Scientific Discovery”, and instead… pic.twitter.com/Yqo8Uqwrg0

— Alex Prompter (@alex_prompter) December 18, 2025

12/19/2025: Every week I share a curated list of red team-specific jobs (or similar/adjacent) that caught my attention or were shared with me by others in the community. My goal is to help job hunters in the offensive security space find a red team-specific role.

🏛 Company +… pic.twitter.com/OnVJCV1xKV

— Nick VanGilder (@nickvangilder) December 19, 2025

We actually have historical precedent for this.

When guilds collapsed, so did apprenticeships. Young craftsmen defected to factories, and societies lost the slow, embodied skill transmission that produced things like the stonework of Notre Dame. Productivity rose—but… https://t.co/wHnubn2BQv

— Michael Green (@profplum99) December 19, 2025

Crowdstrike can be bypassed on macOS with tclsh, eg: https://t.co/fhlHVCmwTO

Ncat reverse shell is killed, but this one isn’t. How about that Mr “tom square” @harold9850 hmm? Please provide your insight!!

— solst/ICE of Astarte (@IceSolst) December 19, 2025

Letting attackers compromise an organization fairly easily, gain high privileges, move laterally, etc. because you believe EDR + response will always crush them quickly is like not caring your soccer/football team's defense is bad because you have a goaltender.

You will lose. https://t.co/5VDb5vGMPw

— Brian in Pittsburgh (@arekfurt) December 19, 2025

#FortinetBingo https://t.co/aISxtQXuJr pic.twitter.com/myG5Mmfylj

— Florian Roth ⚡️ (@cyb3rops) December 19, 2025

🔺This is the first talk I've given in 6 years – featuring formal verification of post-quantum cryptography, the evolution of the Secure Page Table Monitor, a view into Memory Integrity Enforcement, updates to Apple Security Bounty… and a personal note. https://t.co/tifNvjleMg

— Ivan Krstić (@radian) December 19, 2025

Well, this wins wildest cyber story of the week 👇 https://t.co/SqWVoX4G1b

— Will (@BushidoToken) December 19, 2025

How did people in 1913 see the world? How did they think about the future? We trained LLMs exclusively on pre-1913 texts—no Wikipedia, no 20/20. The model literally doesn't know WWI happened. Announcing the Ranke-4B family of models. Coming soon: https://t.co/KOjbdLlH3S pic.twitter.com/DUrnRjTs6r

— Joachim Voth (@joachim_voth) December 18, 2025

zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalationhttps://t.co/euUaQ5tooX

— M1n@Cris (@minacrissDev_) December 19, 2025

My new hobby: Asking AI the same question over and over again, and looking at the results.

Here's an example - I've asked gemini-2.5-flash 100 times to add two large numbers.

It's really undecided.

The correct answer is not there btw. pic.twitter.com/RyjCpDVKfe

— Gynvael Coldwind (@gynvael) December 19, 2025

I had to go look her up. This diva. https://t.co/84lHQwrnK2 pic.twitter.com/Wo3yHEEUzH

— We’re Losing Recipes! (@SoualiganAmazon) December 19, 2025

https://t.co/emWo8VVG0E

:'( RCE in n8n

— AndrewMohawk⁽ⁿᵘˡˡ⁾ (@AndrewMohawk) December 20, 2025

🚨 Pryx admits to being inside the SCADA network of Telecom Egypt where an alleged hacker-caused fire broke out 7 July 2025, killing 4 and injuring 27

"I was in the network my n*gga"https://t.co/ArUGHATaWahttps://t.co/vP8vWecGQN

News:https://t.co/9V0oOktQqJ pic.twitter.com/niumjd2cEa

— IntelOps (@IntelOpsV3) December 20, 2025

Weekly summary is out...https://t.co/XG4W6vqDlf

— Ollie Whitehouse (@ollieatnowhere) December 20, 2025

https://t.co/I19Pl9uN5E pic.twitter.com/KRTXOa8a0p

— kmkz (@kmkz_security) December 20, 2025