November 18, 2025

                        November 18, 2025

            November 18, 2025

                    November 18, 2025

The @ThinkstCanary ThinkstScapes Q3 report is out. A great quarterly overview of interesting research shared in the security community. 

It made my day to see my ETW research highlighted in this edition. https://t.co/vtruyuPrYc
— Olaf Hartong (@olafhartong) November 17, 2025

(Automated) Pentesting is already dead

I found it interesting how many people misunderstood and ignored the context of my earlier post  here, which was about (Tenzai) securing a $75M seed round, and more specifically AI powered automated penetration testing. I’ve been doing a… pic.twitter.com/5hkYNrKMEW
— Hamid Kashfi (@hkashfi) November 18, 2025

That no major cybersecurity company makes/distributes/promotes an ad blocker offering and that major tech/security firm guidance sources never talk about ad blocking despite the huge security benefits for users can tell you a lot about how you should view what they *do* say.
— Brian in Pittsburgh (@arekfurt) November 17, 2025

When Dan Geer writes, you read it and ultrathink about it: "Indeterminism"https://t.co/wvE5Gccrqa
— Dino A. Dai Zovi (@dinodaizovi) November 17, 2025

https://www.computer.org/csdl/magazine/sp/2025/05/11204774/2aPD9aCBSyQ

new blog post, too much crypto +6https://t.co/2HMRDMquo6
— JP Aumasson (@veorq) November 17, 2025

https://github.com/felipenlunkes/run-ancient-unix

Iran has been investing on low-level trainings and a notable shift and focus on systematic education of their operators. Those students eventually get behind keyboards. This report can be studied with that optic as well, rather than typical yet-another-backdoor. Contrary to… https://t.co/ARLzzivRI7
— Hamid Kashfi (@hkashfi) November 17, 2025

📣 Everything defenders need to know about UNC1549: a deep dive analysis of suspected Iran-nexus espionage targeting the aerospace, aviation, and defense industries in the Middle East.

Dive into the details: https://t.co/N2KBeHdJ7z pic.twitter.com/voaP64TPJx
— Mandiant (part of Google Cloud) (@Mandiant) November 17, 2025

https://www.forbes.com/sites/thomasbrewster/2025/11/15/pentagon-spends-millions-on-ai-hackers/

So this is a good statement of what worries me. 
Increased use of automation on the attack side in conducting intrusions is less likely to threaten genuinely well-defended orgs than to be the next thing continuing the trend of attackers improving how they go after everybody else. https://t.co/OFGoSEogAR
— Brian in Pittsburgh (@arekfurt) November 17, 2025

Don't miss what's next. Subscribe to the grugq's newsletter:

Start the conversation: