Ben Read
@benread.bsky.social
CTI @wizsecurity.bsky.social
Previously NSC44, Mandiant, Google
Go Mammoths
Previously NSC44, Mandiant, Google
Go Mammoths
Reposted by Ben Read
“Providing tech services to supercharge ICE operations while blocking tools that support accountability of ICE officers is entirely backwards." - @kateruane.bsky.social www.404media.co/google-has-c...
Google Has Chosen a Side in Trump's Mass Deportation Effort
Google is hosting a CBP app that uses facial recognition to identify immigrants, while simultaneously removing apps that report the location of ICE officials because Google sees ICE as a vulnerable gr...
www.404media.co
November 13, 2025 at 2:16 PM
“Providing tech services to supercharge ICE operations while blocking tools that support accountability of ICE officers is entirely backwards." - @kateruane.bsky.social www.404media.co/google-has-c...
Reposted by Ben Read
Never assume your audience knows what acronyms stand for.
November 13, 2025 at 1:28 AM
Never assume your audience knows what acronyms stand for.
Reposted by Ben Read
Remember NFTs? 😂😂😂😂😂😂😂
November 11, 2025 at 1:00 AM
Remember NFTs? 😂😂😂😂😂😂😂
An interesting article talking about public attribution and the lack thereof in Indonesia and India on @bindinghook.bsky.social.
bindinghook.com/india-and-in...
bindinghook.com/india-and-in...
India and Indonesia’s approach to publicly attributing cyberattacks? No naming, no shaming
India and Indonesia’s reticent approach to publicly attributing cyberattacks is the result of strategic culture, insufficient technical capacity, and the lack of clear returns
bindinghook.com
November 5, 2025 at 5:15 PM
An interesting article talking about public attribution and the lack thereof in Indonesia and India on @bindinghook.bsky.social.
bindinghook.com/india-and-in...
bindinghook.com/india-and-in...
Reposted by Ben Read
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report. Key findings Between June and August 2025,
www.proofpoint.com
November 5, 2025 at 1:37 PM
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
It's a good night, but I'm a little concerned that New York is going to have a mayor that knows this song: youtu.be/WZzCHcMKyDc?...
#NESCAC
#NESCAC
MIDD KID (Official Music Video)
YouTube video by Charlie Taft
youtu.be
November 5, 2025 at 3:32 AM
It's a good night, but I'm a little concerned that New York is going to have a mayor that knows this song: youtu.be/WZzCHcMKyDc?...
#NESCAC
#NESCAC
Reposted by Ben Read
I love kids. I have two of them. They’re amazing. However, kids are the absolute least self aware, clumsiest little puffins on the planet.
Please don’t drive tonight unless you have to, and if you do drive, drive super slow and pay 100% attention at all times.
Happy Halloween! 🎃 👻 💀
#PublicHealth
Please don’t drive tonight unless you have to, and if you do drive, drive super slow and pay 100% attention at all times.
Happy Halloween! 🎃 👻 💀
#PublicHealth
October 31, 2025 at 11:35 AM
I love kids. I have two of them. They’re amazing. However, kids are the absolute least self aware, clumsiest little puffins on the planet.
Please don’t drive tonight unless you have to, and if you do drive, drive super slow and pay 100% attention at all times.
Happy Halloween! 🎃 👻 💀
#PublicHealth
Please don’t drive tonight unless you have to, and if you do drive, drive super slow and pay 100% attention at all times.
Happy Halloween! 🎃 👻 💀
#PublicHealth
Reposted by Ben Read
The romantic fables of peoplehood, of real “men with chests” (Fukuyama 2018) who make national histories… once you treat debates about liberalism in the Global South as reflecting the same common impulses that motivates illiberal politics everywhere else, you begin to see our common humanity
/end
/end
October 30, 2025 at 12:00 PM
The romantic fables of peoplehood, of real “men with chests” (Fukuyama 2018) who make national histories… once you treat debates about liberalism in the Global South as reflecting the same common impulses that motivates illiberal politics everywhere else, you begin to see our common humanity
/end
/end
Reposted by Ben Read
Follow this thread 👇
With the inaugural SOS just 18 days away, we'll be highlighting a few of the amazing talks you'll be hearing on October 28 in Brussels!
stateofstatecraft.com/agenda
Get a ticket while you still can! 🎟️🎟️🎟️
With the inaugural SOS just 18 days away, we'll be highlighting a few of the amazing talks you'll be hearing on October 28 in Brussels!
stateofstatecraft.com/agenda
Get a ticket while you still can! 🎟️🎟️🎟️
October 10, 2025 at 3:19 AM
Follow this thread 👇
With the inaugural SOS just 18 days away, we'll be highlighting a few of the amazing talks you'll be hearing on October 28 in Brussels!
stateofstatecraft.com/agenda
Get a ticket while you still can! 🎟️🎟️🎟️
With the inaugural SOS just 18 days away, we'll be highlighting a few of the amazing talks you'll be hearing on October 28 in Brussels!
stateofstatecraft.com/agenda
Get a ticket while you still can! 🎟️🎟️🎟️
Reposted by Ben Read
"What if, in the process of trying to ban AI products that quite actually encourage children to kill themselves, we wind up banning chatbots that help children cheat on their homework, diminish their propensity for critical thought, and lead to the development of other forms of AI psychosis?"
CA governor Gavin Newsom vetoed both of the major AI bills on his desk that Silicon Valley meaningfully opposed—one making it illegal for bosses to use AI to fire workers with no oversight, one requiring chatbot sellers to ensure their products do not harm children before marketing to them.
Silicon Valley's capture of our political institutions is all but complete
The tech lobby kills off two key California AI bills, and why it matters. Plus: How Sam Altman played Hollywood with Sora 2, organized mass social media deletions, and more.
www.bloodinthemachine.com
October 16, 2025 at 11:23 PM
"What if, in the process of trying to ban AI products that quite actually encourage children to kill themselves, we wind up banning chatbots that help children cheat on their homework, diminish their propensity for critical thought, and lead to the development of other forms of AI psychosis?"
Berlin
What’s the word where you’re from that, when pronounced exactly as it looks, identifies a tourist immediately?
October 8, 2025 at 11:35 PM
Berlin
Reposted by Ben Read
“James Comey’s rights and liberties are not the only ones at risk today. So is your own right to participate in free and fair elections in order to render a verdict on Trump’s invasion of those rights and liberties.” From @davidfrum.bsky.social apple.news/AX8_ub4UHR0G...
The Comey Indictment Is Not Just Payback — The Atlantic
It’s an advance glimpse of Trump’s next attempted seizure of power
apple.news
September 26, 2025 at 2:12 AM
“James Comey’s rights and liberties are not the only ones at risk today. So is your own right to participate in free and fair elections in order to render a verdict on Trump’s invasion of those rights and liberties.” From @davidfrum.bsky.social apple.news/AX8_ub4UHR0G...
Reposted by Ben Read
🚨 #Shai-Hulud: Major npm supply chain attack.
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
September 16, 2025 at 2:20 PM
🚨 #Shai-Hulud: Major npm supply chain attack.
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
100+ packages weaponized with stolen GitHub tokens, stealing secrets, hijacking repos, and auto-propagating like a worm.
Guidance + detections inside
www.wiz.io/blog/shai-hu...
Reposted by Ben Read
New from 404 Media: airlines are selling *5 billion* ticketing records to the government for warrantless searching, per new docs we obtained. ARC is a data broker owned by United, American, Delta, etc. Then sells peoples' travel info to ICE, Secret Service, FBI etc www.404media.co/airlines-sel...
Airlines Sell 5 Billion Plane Ticket Records to the Government For Warrantless Searching
New documents obtained by 404 Media show how a data broker owned by American Airlines, United, Delta, and many other airlines is selling masses of passenger data to the U.S. government.
www.404media.co
September 15, 2025 at 1:16 PM
New from 404 Media: airlines are selling *5 billion* ticketing records to the government for warrantless searching, per new docs we obtained. ARC is a data broker owned by United, American, Delta, etc. Then sells peoples' travel info to ICE, Secret Service, FBI etc www.404media.co/airlines-sel...
Reposted by Ben Read
A private individual with power to get public servants fired, put them at physical risk, get them investigated, threaten their post government careers, go after their families and defame them with fantasies is an enormous threat to our national security and public well being. This can't stand.
September 12, 2025 at 12:54 PM
A private individual with power to get public servants fired, put them at physical risk, get them investigated, threaten their post government careers, go after their families and defame them with fantasies is an enormous threat to our national security and public well being. This can't stand.
A fun investigation from the team here at @wizsecurity.bsky.social www.wiz.io/blog/wiz-dis...
Showing how leaked/stolen AWS keys can be used to enable other financially motivated schemes. (s/o to our friends at Proofpoint who helped us get some context on the phishing emails)
Showing how leaked/stolen AWS keys can be used to enable other financially motivated schemes. (s/o to our friends at Proofpoint who helped us get some context on the phishing emails)
Wiz Uncovers SES Abuse Campaign Using Stolen AWS Access Keys | Wiz Blog
From leaked AWS access keys to large-scale spam: Wiz Research uncovered a live Amazon SES abuse campaign, turning insights into early-warning detections.
www.wiz.io
September 5, 2025 at 2:27 PM
A fun investigation from the team here at @wizsecurity.bsky.social www.wiz.io/blog/wiz-dis...
Showing how leaked/stolen AWS keys can be used to enable other financially motivated schemes. (s/o to our friends at Proofpoint who helped us get some context on the phishing emails)
Showing how leaked/stolen AWS keys can be used to enable other financially motivated schemes. (s/o to our friends at Proofpoint who helped us get some context on the phishing emails)
Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.
Cinnamon Toast Crunch with Strawberry. Doesn't seem like it would add much, but who knows.
September 3, 2025 at 4:19 PM
Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.
Reposted by Ben Read
I can't speculate on Trump's health in this new press conference but he just ribbed Alabama Senator Tommy Tuberville over Bama losing badly on Saturday. Tuberville coached Auburn, Bama's big in-state conference rival.
September 2, 2025 at 6:53 PM
I can't speculate on Trump's health in this new press conference but he just ribbed Alabama Senator Tommy Tuberville over Bama losing badly on Saturday. Tuberville coached Auburn, Bama's big in-state conference rival.
Reposted by Ben Read
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
RationalEdge - Intelligence Meets Accuracy
Advanced malware analysis and threat intelligence solutions by RationalEdge
rationaledge.io
August 28, 2025 at 12:22 PM
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
Reposted by Ben Read
The summer of 2025.
What we were promised
Vs
What we got
What we were promised
Vs
What we got
August 26, 2025 at 9:21 PM
The summer of 2025.
What we were promised
Vs
What we got
What we were promised
Vs
What we got
Reposted by Ben Read
On the left: Nate Cavanagh, a 28-year-old DOGE staffer and college dropout.
On the right: Mohammad Halimi, a 53-year-old exiled Afghan scholar.
This is the story of how DOGE targeted Halimi on social media.
Then the Taliban took his family. 🧵
On the right: Mohammad Halimi, a 53-year-old exiled Afghan scholar.
This is the story of how DOGE targeted Halimi on social media.
Then the Taliban took his family. 🧵
August 22, 2025 at 11:41 AM
On the left: Nate Cavanagh, a 28-year-old DOGE staffer and college dropout.
On the right: Mohammad Halimi, a 53-year-old exiled Afghan scholar.
This is the story of how DOGE targeted Halimi on social media.
Then the Taliban took his family. 🧵
On the right: Mohammad Halimi, a 53-year-old exiled Afghan scholar.
This is the story of how DOGE targeted Halimi on social media.
Then the Taliban took his family. 🧵
Reposted by Ben Read
1/ We've just released a new report uncovering new infrastructure tied to multiple activity clusters linked to the Israeli spyware vendor #Candiru across several countries. Full report: www.recordedfuture.com/research/tra...
Tracking Candiru’s DevilsTongue Spyware in Multiple Countries
Recorded Future's Insikt Group uncovers active infrastructure linked to Candiru’s DevilsTongue spyware across multiple countries. Discover how this stealthy spyware targets high-value individuals and ...
www.recordedfuture.com
August 5, 2025 at 2:18 PM
1/ We've just released a new report uncovering new infrastructure tied to multiple activity clusters linked to the Israeli spyware vendor #Candiru across several countries. Full report: www.recordedfuture.com/research/tra...
Reposted by Ben Read
⚡Meet our Lightning Talk speakers at #BindingHookLive: @euben.bsky.social, @melissakgriffith.bsky.social, @benread.bsky.social, @disclosing.observer, Lena Riecke and Selena Larson! Request your invite: bindinghooklive.com
August 1, 2025 at 9:11 AM
⚡Meet our Lightning Talk speakers at #BindingHookLive: @euben.bsky.social, @melissakgriffith.bsky.social, @benread.bsky.social, @disclosing.observer, Lena Riecke and Selena Larson! Request your invite: bindinghooklive.com
Reposted by Ben Read
🍎 machofile 🍏 first official release is finally live: github.com/pstirparo/ma...
It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.
#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3
It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.
#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3
GitHub - pstirparo/machofile: machofile is a module to parse Mach-O binary files
machofile is a module to parse Mach-O binary files - pstirparo/machofile
github.com
July 30, 2025 at 2:11 PM
🍎 machofile 🍏 first official release is finally live: github.com/pstirparo/ma...
It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.
#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3
It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.
#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3