1/ UPDATE: South Korea's spy agency has finally broken its silence on the massive government hack revealed in @phrack magazine over the summer. After two months, the NIS confirms hackers had systematic access to Seoul's digital backbone for nearly three years. https://t.co/BSNbLUkh8z pic.twitter.com/Atb4wwOR2e

— Raphael Rashid (@koryodynasty) October 17, 2025

8/ The NIS revealed they detected the intrusion in July - one month before the Phrack disclosure. Authors of the report shared findings with ROK intel on 16 June. This suggests their intervention may have been the only thing that stopped an ongoing, years-long intel operation. pic.twitter.com/U0vVbikFCx

— Raphael Rashid (@koryodynasty) October 17, 2025

When should you NOT do a pen test? Sounds weird from a pentester, I know lol… but if you want real value, thinking about that question matters...

I see pentesting as the "final exam."

🧵 It's something you should study for. Hear me out...

— spencer (@techspence) October 15, 2025

Everyone has articles about the Ethhiding stuff with #UNC5142 but the data is stale. I've been following these guys since they first started using blockchain.

They have since moved over to using test wallets so they don't have to spend money to update their scripts. 1 of 2 pic.twitter.com/zOBabpEj8g

— Fate112 (@tosscoinwitcher) October 16, 2025

Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.https://t.co/LchMIdKP0P

— Natalie Silvanovich (@natashenka) October 16, 2025

NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.

NSO Group can't help their customers hack @WhatsApp, etc ether. Must delete exploits...

Bad news for NSO. Huge competitive disadvantage for the notorious company.

Big additional win for WhatsApp 1… pic.twitter.com/WoxVvYYnGm

— John Scott-Railton (@jsrailton) October 17, 2025

You know it’s gonna be a proper nerd Friday night when @OfficialM3HHY has a video on MoD NATO secure Myra blue (NATO secret voice & data) and Myra red (UK secret voice & data) https://t.co/wGb2mJoLmM

— Daniel Cuthbert (@dcuthbert) October 17, 2025

Another fun Java sandbox escape I did: https://t.co/ipqK9isHBC

— Andy Nguyen (@theflow0) October 18, 2025

Fantastic @offby1security session with @leonjza on finding bugs in Windows bloatware. It's available on YouTube here: https://t.co/mmQtiqMKMN

— Stephen Sims (@Steph3nSims) October 18, 2025

Good evening people inside of my computer, I bring you yet another blog post about reversing an VM, this time with a little obfuscation sprinkled in, enjoy! :))https://t.co/DSncohxve7

— DeLuks (@0xDeLuks) October 17, 2025

As promised, a blog post on Diffing 7-Zip for CVE-2025-11001. Enjoy :)https://t.co/mxoijr5N2d https://t.co/KtGTON7yd8

— pacbypass (@pacbypass) October 16, 2025

Half the work in cybersecurity isn’t fighting attackers; it’s explaining reality to people who don’t want to hear it. Telling leadership something won’t be safe, or can’t be automated, or doesn’t need AI, is harder than dealing with an exploit.

— Daniel Kelley (@danielmakelley) October 17, 2025

This week, the German intelligence community spoke remarkably openly about the threat posed by Russia.

Here are the 10 most important findings from the German foreign intelligence service, domestic intelligence service, and military counterintelligence service:

1. Russia's…

— Nico Lange (@nicolange_) October 18, 2025

Stand by this: https://t.co/2tzSIxiH46 pic.twitter.com/VteYGtUP4N

— Meredith Whittaker (@mer__edith) February 19, 2025

The John Bolton indictment contains a lot of interesting info about the AOL email account he allegedly used to send classified info to his wife and daughter - and that subsequently got hacked (supposedly by Iran). I walk thru the details here: https://t.co/xxcAvtr5px

— Kim Zetter (@KimZetter) October 18, 2025