cje
@cje.io
founder @bugcrowd && co-founder @disclose_io || hacker, entrepreneur, executive, advisor || عصا موسى || #w00w00
But the issue is not just about diverting young people from cyber crime today, Ellis believes. It is also about casting the net wider to better outsmart the criminal gangs and “future proof” the industry.
www.computerweekly.com/feature/Woul...
www.computerweekly.com/feature/Woul...
Would you hire a hacker? | Computer Weekly
At a time when cyber security breaches are on the up and skills remain in short supply, security experts believe we may be missing a trick by overlooking unconventional sources of talent.
m.cje.io
December 28, 2025 at 6:13 AM
But the issue is not just about diverting young people from cyber crime today, Ellis believes. It is also about casting the net wider to better outsmart the criminal gangs and “future proof” the industry.
www.computerweekly.com/feature/Woul...
www.computerweekly.com/feature/Woul...
2026 cybersecurity forecast: China's PLA centenary looms, AI turns anyone into a malware developer, and economic pressure pushes more people toward cybercrime. Shift-left finally start working—but only for modern code. The rest of the internet? A triage trash fire.
cje.io/2025/12/27/2...
cje.io/2025/12/27/2...
December 28, 2025 at 12:27 AM
2026 cybersecurity forecast: China's PLA centenary looms, AI turns anyone into a malware developer, and economic pressure pushes more people toward cybercrime. Shift-left finally start working—but only for modern code. The rest of the internet? A triage trash fire.
cje.io/2025/12/27/2...
cje.io/2025/12/27/2...
December 27, 2025 at 11:19 PM
2026 is shaping up to be an interesting year...
#cyberwarfare #activedefense #forceprojection
english.news.cn/20251226/ef2...
#cyberwarfare #activedefense #forceprojection
english.news.cn/20251226/ef2...
Update: China firmly opposes Japan's dangerous moves in cyber field
Update: China firmly opposes Japan's dangerous moves in cyber field-
m.cje.io
December 27, 2025 at 6:13 AM
2026 is shaping up to be an interesting year...
#cyberwarfare #activedefense #forceprojection
english.news.cn/20251226/ef2...
#cyberwarfare #activedefense #forceprojection
english.news.cn/20251226/ef2...
HARDEN YO' N8N - [CVSS 10.0 RCE] Remote Code Execution via Expression Injection m.cje.io/4qhl2JX
cc: @networkchuck @danielmiessler @jhaddix
cc: @networkchuck @danielmiessler @jhaddix
Remote Code Execution via Expression Injection
### Impact n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users dur...
m.cje.io
December 20, 2025 at 12:36 AM
HARDEN YO' N8N - [CVSS 10.0 RCE] Remote Code Execution via Expression Injection m.cje.io/4qhl2JX
cc: @networkchuck @danielmiessler @jhaddix
cc: @networkchuck @danielmiessler @jhaddix
Reposted by cje
Yesterday was the 30th anniversary of the release of Michael Mann's HEAT, a hacker movie classic. (Shoutout Kelso.) We did an episode on HEAT last year with the great @meggardiner.bsky.social (co-author of HEAT 2) and our friend @cje.io.
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
Deciphering Heat
YouTube video by Decipher
youtu.be
December 16, 2025 at 2:46 PM
Yesterday was the 30th anniversary of the release of Michael Mann's HEAT, a hacker movie classic. (Shoutout Kelso.) We did an episode on HEAT last year with the great @meggardiner.bsky.social (co-author of HEAT 2) and our friend @cje.io.
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
Trump Administration Turning to Private Firms in Cyber Offensive www.bloomberg.com/news/article...
m.cje.io
December 14, 2025 at 6:13 AM
Trump Administration Turning to Private Firms in Cyber Offensive www.bloomberg.com/news/article...
Serious Hackers Wear TWO Black Hoodies www.podcasts.nu/episodes/cis...
December 13, 2025 at 6:13 AM
Serious Hackers Wear TWO Black Hoodies www.podcasts.nu/episodes/cis...
Reposted by cje
A new Three Buddy Problem pod has been pushed to all podcast platforms @craiu.bsky.social @jags.bsky.social
Have a listen!
pod.link/1414525622
Have a listen!
pod.link/1414525622
pod.link
December 13, 2025 at 12:45 AM
A new Three Buddy Problem pod has been pushed to all podcast platforms @craiu.bsky.social @jags.bsky.social
Have a listen!
pod.link/1414525622
Have a listen!
pod.link/1414525622
“From an attacker perspective, #React2Shell is the kind of vulnerability that affords massive opportunity for crime, but that also has a narrow window for exploitation, partly because of public awareness leading to patching, and partly because of competition.”
securityboulevard.com/2025/12/atta...
securityboulevard.com/2025/12/atta...
Attackers Worldwide are Zeroing In on React2Shell Vulnerability
Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat…
m.cje.io
December 13, 2025 at 12:27 AM
“From an attacker perspective, #React2Shell is the kind of vulnerability that affords massive opportunity for crime, but that also has a narrow window for exploitation, partly because of public awareness leading to patching, and partly because of competition.”
securityboulevard.com/2025/12/atta...
securityboulevard.com/2025/12/atta...
PATCH YO’ IOS
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support support.apple.com/en-us/125884
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support support.apple.com/en-us/125884
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support
This document describes the security content of iOS 26.2 and iPadOS 26.2.
support.apple.com
December 13, 2025 at 12:09 AM
PATCH YO’ IOS
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support support.apple.com/en-us/125884
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support support.apple.com/en-us/125884
"If you do the math, then it’s reasonable to assume that these two things will net to an increase in SOC alerts and the need for a shift in strategy to deal with it."
m.cje.io/3KNy6aP
m.cje.io/3KNy6aP
5 ways AI will transform Security Operations Centers | ReversingLabs
AI is poised to reshape SOCs, from alleviating alert fatigue to streamlining manual, repetitive workflows. Here’s what to expect.
m.cje.io
December 12, 2025 at 6:13 AM
"If you do the math, then it’s reasonable to assume that these two things will net to an increase in SOC alerts and the need for a shift in strategy to deal with it."
m.cje.io/3KNy6aP
m.cje.io/3KNy6aP
🚨 REQUEST FOR COMMENTS IS OPEN 🚨
Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA) m.cje.io/48NHyTL
Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA) m.cje.io/48NHyTL
Federal Register :: Request Access
Due to aggressive automated scraping of FederalRegister.gov and eCFR.gov, programmatic access to these sites is limited to access to our extensive developer APIs.
m.cje.io
December 12, 2025 at 2:22 AM
🚨 REQUEST FOR COMMENTS IS OPEN 🚨
Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA) m.cje.io/48NHyTL
Agency Information Collection Activities; Revision; Arrival and Departure Record (Form I-94) and Electronic System for Travel Authorization (ESTA) m.cje.io/48NHyTL
When it comes to developing skills through underground organizations, recent geopolitical issues have also helped muddy the waters of how some professionals think about ways to earn a living, said Casey Ellis, founder at @Bugcrowd.
www.dice.com/career-advic...
www.dice.com/career-advic...
Dark Web, Underground Hiring Blurs Lines Between Legit and Illicit Work
Some skilled tech and cybersecurity pros are turning to underground forums for work, drawn by lucrative but illegal opportunities. Experts caution that these jobs blur the line between legitimate and…
m.cje.io
December 12, 2025 at 12:27 AM
When it comes to developing skills through underground organizations, recent geopolitical issues have also helped muddy the waters of how some professionals think about ways to earn a living, said Casey Ellis, founder at @Bugcrowd.
www.dice.com/career-advic...
www.dice.com/career-advic...
Exclusive | AI Hackers Are Coming Dangerously Close to Beating Humans www.wsj.com/tech/ai/ai-h...
m.cje.io
December 11, 2025 at 11:47 PM
Exclusive | AI Hackers Are Coming Dangerously Close to Beating Humans www.wsj.com/tech/ai/ai-h...
Fortinet warns of critical FortiCloud SSO login auth bypass flaws www.bleepingcomputer.com/news/securit...
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO…
m.cje.io
December 10, 2025 at 6:43 PM
Fortinet warns of critical FortiCloud SSO login auth bypass flaws www.bleepingcomputer.com/news/securit...
By partnering with The Bugcrowd Academic Program, universities can shape how cybersecurity is discovered, taught, and advanced. Request a demo today to see how Bugcrowd can elevate cybersecurity at your university. www.bugcrowd.com/blog/the-bug...
The Bugcrowd Academic Program | @Bugcrowd
In universities across the world, students are getting hands-on training before they enter the job market. Medical students shadow doctors in hospitals, accessing real patients. Culinary students…
m.cje.io
December 10, 2025 at 2:06 AM
By partnering with The Bugcrowd Academic Program, universities can shape how cybersecurity is discovered, taught, and advanced. Request a demo today to see how Bugcrowd can elevate cybersecurity at your university. www.bugcrowd.com/blog/the-bug...
TYPHOONS HAVE ENTERED THE CHAT
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat…
aws.amazon.com
December 5, 2025 at 4:38 AM
TYPHOONS HAVE ENTERED THE CHAT
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services aws.amazon.com/blogs/securi...
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | Amazon Web Services aws.amazon.com/blogs/securi...
Reposted by cje
@cje.io joined the judging panel at the Monterey #Cyber912 Strategy Challenge, hosted by the @cyberstatecraft.bsky.social, where student teams navigated a simulated crypto crisis gone global 😱🌏
It’s one thing to talk cyber policy, another to test it under fire. Congrats to the teams who did both 👏
It’s one thing to talk cyber policy, another to test it under fire. Congrats to the teams who did both 👏
November 12, 2025 at 8:14 PM
@cje.io joined the judging panel at the Monterey #Cyber912 Strategy Challenge, hosted by the @cyberstatecraft.bsky.social, where student teams navigated a simulated crypto crisis gone global 😱🌏
It’s one thing to talk cyber policy, another to test it under fire. Congrats to the teams who did both 👏
It’s one thing to talk cyber policy, another to test it under fire. Congrats to the teams who did both 👏
Reposted by cje
🚨PATCH YO’ REACT
Critical Security Vulnerability in React Server Components – React react.dev/blog/2025/12...
Critical Security Vulnerability in React Server Components – React react.dev/blog/2025/12...
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
react.dev
December 3, 2025 at 3:59 PM
🚨PATCH YO’ REACT
Critical Security Vulnerability in React Server Components – React react.dev/blog/2025/12...
Critical Security Vulnerability in React Server Components – React react.dev/blog/2025/12...
"Now I Have A Hacklore.org Website. Ho, Ho, Ho"
In this @Bugcrowd Security Flash @treyford and i weigh in on The hacklore.org Project, security myths and the role of risk in weighing them up, and how to be an effective "designated nerd" this Holiday Season.
Enjoy!
m.cje.io/443cZrC
In this @Bugcrowd Security Flash @treyford and i weigh in on The hacklore.org Project, security myths and the role of risk in weighing them up, and how to be an effective "designated nerd" this Holiday Season.
Enjoy!
m.cje.io/443cZrC
Bugcrowd Security Flash: The HackLore Project
Join Casey and Trey in this special holiday edition of Bugcrowd's Security Flash as they dive into the Hacklore Project. Spearheaded by cybersecurity expert Bob Lord, this initiative aims to debunk…
m.cje.io
December 3, 2025 at 6:13 AM
"Now I Have A Hacklore.org Website. Ho, Ho, Ho"
In this @Bugcrowd Security Flash @treyford and i weigh in on The hacklore.org Project, security myths and the role of risk in weighing them up, and how to be an effective "designated nerd" this Holiday Season.
Enjoy!
m.cje.io/443cZrC
In this @Bugcrowd Security Flash @treyford and i weigh in on The hacklore.org Project, security myths and the role of risk in weighing them up, and how to be an effective "designated nerd" this Holiday Season.
Enjoy!
m.cje.io/443cZrC
also, HACK YO’ APPLE
(Reward increases to 2M for 0c Kernel + others, scope increases, and kinda neat to see the inclusion of flags 👏)
Categories - Apple Security Research
(Reward increases to 2M for 0c Kernel + others, scope increases, and kinda neat to see the inclusion of flags 👏)
Categories - Apple Security Research
Categories - Apple Security Research
Browse the full list of eligible payouts through the Apple Security Bounty program before you submit a report.
security.apple.com
December 3, 2025 at 12:27 AM
also, HACK YO’ APPLE
(Reward increases to 2M for 0c Kernel + others, scope increases, and kinda neat to see the inclusion of flags 👏)
Categories - Apple Security Research
(Reward increases to 2M for 0c Kernel + others, scope increases, and kinda neat to see the inclusion of flags 👏)
Categories - Apple Security Research