Caitlin Condon
@catc0n.bsky.social
Adventurer. Takes a lot of photos, calls many places home. VP of research @VulnCheck. Previously vulnerability research director @Rapid7 / @metasploit.
Reposted by Caitlin Condon
November 12, 2025 at 3:29 AM
If AI is going to economically and environmentally doom us all anyway, could it at least make iOS keyboards less godawful?
October 25, 2025 at 2:15 AM
If AI is going to economically and environmentally doom us all anyway, could it at least make iOS keyboards less godawful?
Reposted by Caitlin Condon
Forgive me, Chicago, I was not aware of your game
October 23, 2025 at 9:30 PM
Forgive me, Chicago, I was not aware of your game
"Plan to skip No. 1 piece of advice" is a wild way to say "cannot afford to wait until the recommended age because of the high cost of basic expenses throughout their lives" www.cbsnews.com/news/social-...
90% of Americans plan to skip the No. 1 piece of Social Security advice, study finds
Financial pros recommend waiting as long as possible to claim your Social Security benefits. Most Americans say they're ignoring that advice.
www.cbsnews.com
October 21, 2025 at 11:26 PM
"Plan to skip No. 1 piece of advice" is a wild way to say "cannot afford to wait until the recommended age because of the high cost of basic expenses throughout their lives" www.cbsnews.com/news/social-...
Reposted by Caitlin Condon
*Charlotte and Emily Brontë:* "He has no clue which one of us is which."
What Your Favorite Author Says About You (Behind Your Back)
Agatha Christie: “I bet I could murder them and get away with it.” Ernest Hemingway: “For sale. Two testicles. Never used.” George R. R. Martin: “H...
buff.ly
October 16, 2025 at 3:25 PM
*Charlotte and Emily Brontë:* "He has no clue which one of us is which."
Reposted by Caitlin Condon
More governors need to stand up like this.
I'm no fan of Newsom generally, but he's at least not rolling over for the administration. California is better off for it.
I'm no fan of Newsom generally, but he's at least not rolling over for the administration. California is better off for it.
Gavin Newsom announces that any California university that caves to Trump and signs his “loyalty pledge” will be immediately defunded.
“CALIFORNIA WILL NOT BANKROLL SCHOOLS THAT SELL OUT THEIR STUDENTS.”
“CALIFORNIA WILL NOT BANKROLL SCHOOLS THAT SELL OUT THEIR STUDENTS.”
October 2, 2025 at 10:37 PM
More governors need to stand up like this.
I'm no fan of Newsom generally, but he's at least not rolling over for the administration. California is better off for it.
I'm no fan of Newsom generally, but he's at least not rolling over for the administration. California is better off for it.
Reposted by Caitlin Condon
I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.
September 27, 2025 at 6:26 PM
I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.
Pretty unfortunate update on Fortra GoAnywhere MFT CVE-2025-10035 from the folks at watchTowr labs.watchtowr.com/it-is-bad-ex...
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035.
Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible inte...
labs.watchtowr.com
September 25, 2025 at 8:09 PM
Pretty unfortunate update on Fortra GoAnywhere MFT CVE-2025-10035 from the folks at watchTowr labs.watchtowr.com/it-is-bad-ex...
Reposted by Caitlin Condon
Federal agencies have about 24 hours to patch two critical bugs in a line of Cisco firewalls
patch CVE-2025-30333 and CVE-2025-20362 asap
therecord.media/cisco-asa-fi...
patch CVE-2025-30333 and CVE-2025-20362 asap
therecord.media/cisco-asa-fi...
Federal agencies given one day to patch exploited Cisco firewall bugs
Vulnerabilities in some models of Cisco's Adaptive Security Appliances (ASA) have been exploited by "an advanced threat actor," according to a warning from CISA.
therecord.media
September 25, 2025 at 6:51 PM
Federal agencies have about 24 hours to patch two critical bugs in a line of Cisco firewalls
patch CVE-2025-30333 and CVE-2025-20362 asap
therecord.media/cisco-asa-fi...
patch CVE-2025-30333 and CVE-2025-20362 asap
therecord.media/cisco-asa-fi...
Reposted by Caitlin Condon
I don’t think I’ve ever loved anything as much as ICE loves violently attacking women.
I was back at 26 Federal Plaza today, where an ICE agent violently threw this bereft woman to the ground in front of her kids. She had not touched him. She did not pose any threat. She had to be taken to the hospital. (🎥: Elias Eliahu)
September 25, 2025 at 6:42 PM
I don’t think I’ve ever loved anything as much as ICE loves violently attacking women.
Reposted by Caitlin Condon
The Secret Service isn't claiming it foiled any plot targeting the UN General Assembly. Just that a big collection of SIMs (probably used for fraud) could have *potentially* disrupted NYC cell service. The SIMs were in a *35 MILE* radius of the UN.
These headlines are all pretty egregiously wrong:
These headlines are all pretty egregiously wrong:
September 23, 2025 at 9:20 PM
The Secret Service isn't claiming it foiled any plot targeting the UN General Assembly. Just that a big collection of SIMs (probably used for fraud) could have *potentially* disrupted NYC cell service. The SIMs were in a *35 MILE* radius of the UN.
These headlines are all pretty egregiously wrong:
These headlines are all pretty egregiously wrong:
Reposted by Caitlin Condon
This is incredible stuff
One for law/criminal justice/"AI" fans: www.reddit.com/r/publicdefe...
From the publicdefenders community on Reddit
Explore this post and more from the publicdefenders community
www.reddit.com
September 21, 2025 at 11:57 AM
This is incredible stuff
Last night, Fortra disclosed a critical vulnerability in their GoAnywhere MFT file transfer product. CVE-2025-10035 has a virtually identical description to CVE-2023-0669, which was exploited by ransomware crews. Unclear if this one has been exploited. Patch now. www.vulncheck.com/blog/cve-202...
CVE-2025-10035: Critical Vulnerability in Fortra GoAnywhere MFT | Blog | VulnCheck
A new critical vulnerability was disclosed in Fortra's GoAnywhere managed file transfer product, which has been targeted in the past by ransomware and extortion groups
www.vulncheck.com
September 19, 2025 at 4:36 PM
Last night, Fortra disclosed a critical vulnerability in their GoAnywhere MFT file transfer product. CVE-2025-10035 has a virtually identical description to CVE-2023-0669, which was exploited by ransomware crews. Unclear if this one has been exploited. Patch now. www.vulncheck.com/blog/cve-202...
Reposted by Caitlin Condon
Possible causes of your problems. It’s a diagram that (sadly) still seems relevant in 2025, so reposting a year and a bit on.
August 25, 2025 at 5:18 PM
Possible causes of your problems. It’s a diagram that (sadly) still seems relevant in 2025, so reposting a year and a bit on.
Hey, security research friends! You know how vulnerability disclosure coordination is the most painful part of vuln research? Good news: VulnCheck will do it for you! You get credit, we handle the CVEs + vendor discussions.
Report vulnerabilities for disclosure here: vulncheck.com/advisories/r...
Report vulnerabilities for disclosure here: vulncheck.com/advisories/r...
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
vulncheck.com
September 17, 2025 at 10:40 PM
Hey, security research friends! You know how vulnerability disclosure coordination is the most painful part of vuln research? Good news: VulnCheck will do it for you! You get credit, we handle the CVEs + vendor discussions.
Report vulnerabilities for disclosure here: vulncheck.com/advisories/r...
Report vulnerabilities for disclosure here: vulncheck.com/advisories/r...
A beautiful, tender piece about grief and aging and friendship and the sacred call to haunt: joysullivan.substack.com/p/when-to-ca...
When to call the witches
1-800 dark magic
joysullivan.substack.com
September 13, 2025 at 3:17 AM
A beautiful, tender piece about grief and aging and friendship and the sacred call to haunt: joysullivan.substack.com/p/when-to-ca...
Reposted by Caitlin Condon
We need community notes here to clarify that in fact Michelle Wu ended his campaign
Josh Kraft ends campaign for Boston mayor | Click on the image to read the full story
Josh Kraft ends campaign for Boston mayor
Philanthropist Josh Kraft, son of Patriots owner Robert Kraft, is ending his campaign for mayor after a blistering defeat in Boston's preliminary election.
www.wcvb.com
September 11, 2025 at 11:18 PM
We need community notes here to clarify that in fact Michelle Wu ended his campaign
Quote from the VulnCheck team exploit mines 2025-09-11T19:24:00Z
September 11, 2025 at 11:45 PM
Quote from the VulnCheck team exploit mines 2025-09-11T19:24:00Z
Reposted by Caitlin Condon
Gen Z in Nepal burned down the parliament, burned down the homes of government officials, forced the prime minister to resign, and paraded the finance minister through the streets nearly naked.
September 9, 2025 at 2:14 PM
Gen Z in Nepal burned down the parliament, burned down the homes of government officials, forced the prime minister to resign, and paraded the finance minister through the streets nearly naked.
I know NPM and SAP and probably other acronyms are on fire today, but @vulncheck.bsky.social put out a Chrome extension for #CVE and #exploit intel and it's saving me kind of a lot of tab-switching effort, so you get 🎉 🤠posts from me instead of 🗑️🔥 posts www.vulncheck.com/blog/vuln-ch...
VulnCheck Insights: CVE Context at the Hover of Your Cursor | Blog | VulnCheck
Instead of bouncing between tabs, you now get instant, current context the moment a CVE appears on your screen.
www.vulncheck.com
September 8, 2025 at 9:13 PM
I know NPM and SAP and probably other acronyms are on fire today, but @vulncheck.bsky.social put out a Chrome extension for #CVE and #exploit intel and it's saving me kind of a lot of tab-switching effort, so you get 🎉 🤠posts from me instead of 🗑️🔥 posts www.vulncheck.com/blog/vuln-ch...
Reposted by Caitlin Condon
Friends, for your Friday, here's a new image of planets being born.
August 29, 2025 at 5:43 PM
Friends, for your Friday, here's a new image of planets being born.
The inverse of this skeet is "Some enterprising young sys admins used example machine keys for production deployments, which is also significantly less surprising than anyone reading docs."
Some enterprising young threat actor read the Sitecore docs, which is significantly less surprising than literally anyone else reading docs cloud.google.com/blog/topics/...
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | Google Cloud Blog
An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.
cloud.google.com
September 5, 2025 at 9:43 PM
The inverse of this skeet is "Some enterprising young sys admins used example machine keys for production deployments, which is also significantly less surprising than anyone reading docs."
Reposted by Caitlin Condon
There is something soothing about watching a baseball diamond get steamrolled.
September 4, 2025 at 8:31 PM
There is something soothing about watching a baseball diamond get steamrolled.
Some enterprising young threat actor read the Sitecore docs, which is significantly less surprising than literally anyone else reading docs cloud.google.com/blog/topics/...
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | Google Cloud Blog
An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.
cloud.google.com
September 3, 2025 at 10:34 PM
Some enterprising young threat actor read the Sitecore docs, which is significantly less surprising than literally anyone else reading docs cloud.google.com/blog/topics/...
Holy speaker agenda, Batman! This is a shameless plug that is also wholly sincere: @vulncheck.bsky.social is hosting our inaugural THREATCON1 in VA Sept. 21 and 22. The conference is free, Jen Easterly and Andrew Boyd are keynoting (!), and the talk tracks slap. COME!! www.threatcon1.org/agenda
THREATCON1 Agenda
www.threatcon1.org
August 29, 2025 at 5:49 PM
Holy speaker agenda, Batman! This is a shameless plug that is also wholly sincere: @vulncheck.bsky.social is hosting our inaugural THREATCON1 in VA Sept. 21 and 22. The conference is free, Jen Easterly and Andrew Boyd are keynoting (!), and the talk tracks slap. COME!! www.threatcon1.org/agenda