Pre-pandemic, the calculus was what the likelihood was of an employee being bribed to insert a USB stick into their work computer at the office.

Now, it's even easier and they just text their creds and an OTP token. Progress?

Strong device identity prevents assisted ATOs too. https://t.co/ZveU6lva2c

— Dino A. Dai Zovi (@dinodaizovi) September 29, 2025

Hacker 1: "hold my beer..."https://t.co/o5aMrhJ2X2

— Jon Lindsay (@jonrlindsay) September 29, 2025

Check out this new entry in the #UnprotectProject by my friend @DarkCoderSc! 😎

*Indirect Memory Writing* for example an attacker calls standard Windows APIs that accept an output pointer. You can point that pointer at executable memory. The attacker can then build a payload… https://t.co/QmNLoHCkHn

— Thomas Roccia 🤘 (@fr0gger_) September 30, 2025

Sora’s new development of “cameo” that allows others to set you (or anyone else) into any AI generated scene will impact disinformation, how everyday folks view media as real or fake, elections, public health, and more for years to come. We need AI labeled content everywhere now. https://t.co/EOP5U1tSHR

— Rachel Tobac (@RachelTobac) September 30, 2025

youre only seeing the times it has thousands of likes https://t.co/UiiEEMMIWV

— Sir Roberto Pizza (@LOLandlord) September 29, 2025

youre only seeing the times it has thousands of likes https://t.co/UiiEEMMIWV

— Sir Roberto Pizza (@LOLandlord) September 29, 2025

The anatomy of a bug: 6 Months at STAR Labs@gerrard_tai posted an article describing their experience in finding kernel bugs and participating in the KernelCTF and Pwn2Own competitionshttps://t.co/gUfCLQCx1Q pic.twitter.com/5wbmWVX1ip

— Linux Kernel Security (@linkersec) September 30, 2025

Obvious to toddlers? pic.twitter.com/azTTfYlkIw

— Anthony Bonato (@Anthony_Bonato) September 30, 2025

Let me explain where this incredible vulnerability in Notepad++ comes from... my blog post from 3w ago. The problem is there's no vuln. I described this as sneaky init access. You might as well do binary patching of any PE file in the world.#infosechttps://t.co/rXWXaskcG0

— Print3M (@Print3M_) September 29, 2025

please don't i need job security https://t.co/ozF513zJPe

— corgi (@corg_e) September 30, 2025

🔒 Secure Bits 💡
Did you know 𝘆𝗼𝘂 𝗰𝗮𝗻 𝗵𝗶𝗱𝗲 𝗗𝗼𝗺𝗮𝗶𝗻 𝗔𝗱𝗺𝗶𝗻𝘀 from standard discovery—even from other admins?

Active Directory is a “𝗿𝗲𝗮𝗱-𝗺𝗮𝗻𝘆” 𝗱𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆 by design.
But 𝗟𝗶𝘀𝘁 𝗢𝗯𝗷𝗲𝗰𝘁 𝗠𝗼𝗱𝗲 (𝗟𝗢𝗠) can change that.
🕵️‍♂️ Martin Handl… pic.twitter.com/yAggWJAACU

— Horizon Secured (@horizon_secured) September 30, 2025