Toddzilla
@cryptodd.bsky.social
California native, Omdia (formerly Enterprise Strategy Group) analyst, cybersecurity geek, soccer goalkeeping phenom. Crypto = cryptography, Views=mine, Reposts≠endorsement
Pinned
Toddzilla
@cryptodd.bsky.social
· Nov 25
The Enterprise Strategy Group (ESG) Starter Pack so you can keep up with the ESG analyst team covering #cybersecurity and all thinks enterprise information technology. go.bsky.app/4axSvJz
Reposted by Toddzilla
"Nearly half of all American men aged 18 to 49 maintain an online sports-betting account...Emerging research suggests that the spread of sports gambling portends a huge increase in gambling addiction, which has the highest rate of suicide of any addictive behavior."
harpers.org/archive/2026...
harpers.org/archive/2026...
On Tilt, by Jasper Craven
America’s new gambling epidemic
harpers.org
January 22, 2026 at 3:42 PM
"Nearly half of all American men aged 18 to 49 maintain an online sports-betting account...Emerging research suggests that the spread of sports gambling portends a huge increase in gambling addiction, which has the highest rate of suicide of any addictive behavior."
harpers.org/archive/2026...
harpers.org/archive/2026...
Reposted by Toddzilla
Want to red team azure?
Security Engineer 2 - Red Team | Microsoft Careers
Discover and exploit vulnerabilities end-to-end in order to assess the security of systems and services Advocate for security change through building partnerships and clearly communicating impact of r...
apply.careers.microsoft.com
January 21, 2026 at 9:56 PM
Want to red team azure?
Reposted by Toddzilla
Jimmy Butler can’t put weight on his right knee. Buddy Hield and Jonathan Kuminga helping him to the locker room after a concerning scene in Chase Center.
January 20, 2026 at 4:44 AM
Jimmy Butler can’t put weight on his right knee. Buddy Hield and Jonathan Kuminga helping him to the locker room after a concerning scene in Chase Center.
Reposted by Toddzilla
NEW: A hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East this week.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East | TechCrunch
The phishing campaign targeted users on WhatsApp, including an Iranian-British activist, and stole the credentials of a Lebanese cabinet minister and at least one journalist.
techcrunch.com
January 16, 2026 at 5:24 PM
NEW: A hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East this week.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
Reposted by Toddzilla
Moxie Marlinspike—the engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.
arstechnica.com/security/202...
arstechnica.com/security/202...
Signal creator Moxie Marlinspike wants to do for AI what he did for messaging
Introducing Confer, an end-to-end AI assistant that just works.
arstechnica.com
January 13, 2026 at 4:42 PM
Moxie Marlinspike—the engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.
arstechnica.com/security/202...
arstechnica.com/security/202...
More acquisitions in identity-land. Delinea moving to be the authorization vendor of choice by acquiring StrongDM. StrongDM shines in dynamic authorization and policy-based access control. delinea.com/news/delinea...
Delinea + StrongDM to Unite: Redefine Identity Security for the AI Era
Delinea today announced it has signed a definitive agreement to acquire StrongDM.
delinea.com
January 15, 2026 at 3:17 PM
More acquisitions in identity-land. Delinea moving to be the authorization vendor of choice by acquiring StrongDM. StrongDM shines in dynamic authorization and policy-based access control. delinea.com/news/delinea...
Reposted by Toddzilla
Hidden Telegram proxy links can reveal your IP address in one click
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Hidden Telegram proxy links can reveal your IP address in one click
A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add w...
www.bleepingcomputer.com
January 13, 2026 at 3:15 PM
Hidden Telegram proxy links can reveal your IP address in one click
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Tools that can create deepfakes are getting better, and the identity verification crowd needs to up its game. There are some new deepfake detection players like Get Real and Nametag that are changing the game - www.infosecurity-magazine.com/news/wef-dee...
WEF: Deepfake Face-Swapping Tools Are Creating Critical Risks
Researchers at the World Economic Forum have shown that threat actors can use commercial deepfake tools to bypass corporate security protections
www.infosecurity-magazine.com
January 12, 2026 at 2:56 PM
Tools that can create deepfakes are getting better, and the identity verification crowd needs to up its game. There are some new deepfake detection players like Get Real and Nametag that are changing the game - www.infosecurity-magazine.com/news/wef-dee...
I can now die a satisfied man. I've been quoted in the NYTimes before, but never in The Register (my absolute favorite IT tabloid). Today I was quoted in The Reg. Thank you @jessicalyons.bsky.social for letting me contribute to your article - www.theregister.com/2026/01/08/c...
CrowdStrike buys SGNL, identity security startup, for $740M
: Authentication is basically solved. Authorization is another thing entirely...
www.theregister.com
January 9, 2026 at 1:55 AM
I can now die a satisfied man. I've been quoted in the NYTimes before, but never in The Register (my absolute favorite IT tabloid). Today I was quoted in The Reg. Thank you @jessicalyons.bsky.social for letting me contribute to your article - www.theregister.com/2026/01/08/c...
Welcome to 2026 and the year's first identity security acquisition! Crowdstrike acquires SGNL for $740M as it continues to build out its identity portfolio. SGNL's ability to centralize identity & security context in an intelligence layer sharpens CRWD's threat focus. www.msn.com/en-us/money/...
MSN
www.msn.com
January 8, 2026 at 3:58 PM
Welcome to 2026 and the year's first identity security acquisition! Crowdstrike acquires SGNL for $740M as it continues to build out its identity portfolio. SGNL's ability to centralize identity & security context in an intelligence layer sharpens CRWD's threat focus. www.msn.com/en-us/money/...
Reposted by Toddzilla
A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.
Hacktivist deletes white supremacist websites live on stage during hacker conference | TechCrunch
A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.
techcrunch.com
January 5, 2026 at 6:58 PM
A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.
Agentic AI, identity tool sprawl, and a surge of non‑human identities are reshaping how enterprises define and manage trust. In a new Dark Reading piece, I put on my industry analyst hat with four identity predictions for 2026 and practical steps you can take. www.darkreading.com/identity-acc...
Identity Security 2026: 4 Predictions & Recommendations
Agentic AI adoption & identity security risks, IGA expansion, SOC-identity team collaboration, & identity platform consolidation—some predictions for 2026.
www.darkreading.com
January 2, 2026 at 4:26 PM
Agentic AI, identity tool sprawl, and a surge of non‑human identities are reshaping how enterprises define and manage trust. In a new Dark Reading piece, I put on my industry analyst hat with four identity predictions for 2026 and practical steps you can take. www.darkreading.com/identity-acc...
My #identitysecurity #IAM prognostications for 2026 are published in @darkreading.bsky.social! I hope for omniscience, but am making a note to self to revisit it in 12 months to see what I got right and wrong. www.darkreading.com/identity-acc...
Identity Security 2026: 4 Predictions & Recommendations
Agentic AI adoption & identity security risks, IGA expansion, SOC-identity team collaboration, & identity platform consolidation—some predictions for 2026.
www.darkreading.com
January 2, 2026 at 6:14 AM
My #identitysecurity #IAM prognostications for 2026 are published in @darkreading.bsky.social! I hope for omniscience, but am making a note to self to revisit it in 12 months to see what I got right and wrong. www.darkreading.com/identity-acc...
Astounding amounts of equity granted to OpenAI employees according to this WSJ article. And remember that 1 year cliff that most tech companies have in their option packages? It was 6 months at OpenAI, but that was dropped because they were losing a battle for talent. www.wsj.com/tech/ai/open...
OpenAI Is Paying Employees More Than Any Major Tech Startup in History
The company’s stock-based compensation in 2025 reached an average of $1.5 million per employee.
www.wsj.com
December 31, 2025 at 2:56 PM
Astounding amounts of equity granted to OpenAI employees according to this WSJ article. And remember that 1 year cliff that most tech companies have in their option packages? It was 6 months at OpenAI, but that was dropped because they were losing a battle for talent. www.wsj.com/tech/ai/open...
Wisconsin, what is up with you? I get Alaska, Idaho, and Utah may have low vaccination rates, but didn't expect to see Wisconsin in that that group.
December 31, 2025 at 2:48 PM
Wisconsin, what is up with you? I get Alaska, Idaho, and Utah may have low vaccination rates, but didn't expect to see Wisconsin in that that group.
Reposted by Toddzilla
"Implementing Secure AI Framework (#SAIF) Controls in Google Cloud" security.googlecloudcommunity.com/ciso-blog-77... <- this blog launches a new paper on SAIF #AI controls in Google Cloud. More useful than fun, admittedly :-)
December 17, 2025 at 10:19 AM
"Implementing Secure AI Framework (#SAIF) Controls in Google Cloud" security.googlecloudcommunity.com/ciso-blog-77... <- this blog launches a new paper on SAIF #AI controls in Google Cloud. More useful than fun, admittedly :-)
Reposted by Toddzilla
Former head of trust and safety at Twitter, Yoel Roth, demonstrating the intellectual dishonesty of “In Covid’s Wake” by showing how they distorted his own words to make them say the opposite of what he was arguing.
A small (personal) example of this book’s intellectual dishonesty:
My father-in-law is reading In Covid’s Wake, and excitedly told me he found a passage where I’m quoted. The quote in question is me saying the FBI worked to censor speech on social media.
Huh? When did I say that?!
My father-in-law is reading In Covid’s Wake, and excitedly told me he found a passage where I’m quoted. The quote in question is me saying the FBI worked to censor speech on social media.
Huh? When did I say that?!
December 24, 2025 at 9:31 PM
Former head of trust and safety at Twitter, Yoel Roth, demonstrating the intellectual dishonesty of “In Covid’s Wake” by showing how they distorted his own words to make them say the opposite of what he was arguing.
Reposted by Toddzilla
IT'S A WONDERFUL ESSAY: It seems people usually rewatch 'It's a Wonderful Life' just before Christmas. Can I commend to you this marvelous essay we published a few years ago? It could change the way you understand that classic movie.
www.thebulwark.com/p/there-is-n...
www.thebulwark.com/p/there-is-n...
There Is No Mary Problem in ‘It’s a Wonderful Life’
George’s vision of his wife without him is essential to the film, but critics continue to miss its true—and profound—meaning.
www.thebulwark.com
December 23, 2025 at 3:18 AM
IT'S A WONDERFUL ESSAY: It seems people usually rewatch 'It's a Wonderful Life' just before Christmas. Can I commend to you this marvelous essay we published a few years ago? It could change the way you understand that classic movie.
www.thebulwark.com/p/there-is-n...
www.thebulwark.com/p/there-is-n...
ServiceNOW is acquiring Armis for $7.75B in cash. This follows on NOW's acquisition of Veza for ~$1B. NOW will be bumping heads with a bunch of security incumbents (CrowdStrike, PAN, Cisco, S1, etc), but securing AI agents provides a ripe enterprise problem to solve. techcrunch.com/2025/12/23/s...
ServiceNow to acquire cybersecurity startup Armis for $7.75B | TechCrunch
The deal is expected to yield significant returns for Armis investors, including Sequoia, CapitalG, and Insight Partners.
techcrunch.com
December 24, 2025 at 12:25 AM
ServiceNOW is acquiring Armis for $7.75B in cash. This follows on NOW's acquisition of Veza for ~$1B. NOW will be bumping heads with a bunch of security incumbents (CrowdStrike, PAN, Cisco, S1, etc), but securing AI agents provides a ripe enterprise problem to solve. techcrunch.com/2025/12/23/s...
This is bad. #cybersecurity
www.politico.com/news/2025/12...
Good god
“At least six career staffers at the Cybersecurity and Infrastructure Security Agency were suspended with pay this summer after organizing a polygraph test that the agency’s acting director, Madhu Gottumukkala, failed.”
Good god
“At least six career staffers at the Cybersecurity and Infrastructure Security Agency were suspended with pay this summer after organizing a polygraph test that the agency’s acting director, Madhu Gottumukkala, failed.”
Acting CISA director failed a polygraph. Career staff are now under investigation.
At least six career staff were placed on leave after DHS opened an investigation into whether they misled the agency’s acting director, Madhu Gottumukkala, into taking the test.
www.politico.com
December 22, 2025 at 2:24 PM
This is bad. #cybersecurity
Vulnerability management solutions may detect things like missing patches, default/weak configs, insecure protocols, and exposed management interfaces. In cloud/ modern environments, that can include cloud security posture (public S3 buckets, overly permissive IAM roles). This risk requires nuance.
AWS published a report on GRU's hacks of critical infrastructure
The report highlights a shift from vulnerability exploitation to targeting misconfigured devices
aws.amazon.com/blogs/securi...
The report highlights a shift from vulnerability exploitation to targeting misconfigured devices
aws.amazon.com/blogs/securi...
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...
aws.amazon.com
December 16, 2025 at 3:03 PM
Vulnerability management solutions may detect things like missing patches, default/weak configs, insecure protocols, and exposed management interfaces. In cloud/ modern environments, that can include cloud security posture (public S3 buckets, overly permissive IAM roles). This risk requires nuance.
Identity security news is popping today! In the Identity Governance and Administration (IGA) space, Sailpoint crossed $1B ARR in their latest quarter while Saviynt announced a monster $700M Series B at $3B valuation. www.wsj.com/articles/cyb...
Exclusive | Cyber Startup Saviynt Raises $700 Million to Secure Identity and Access
AI has businesses scrambling to ensure workers and software robots are who they say they are.
www.wsj.com
December 9, 2025 at 3:47 PM
Identity security news is popping today! In the Identity Governance and Administration (IGA) space, Sailpoint crossed $1B ARR in their latest quarter while Saviynt announced a monster $700M Series B at $3B valuation. www.wsj.com/articles/cyb...
Reposted by Toddzilla
We very rarely do sales at @404media.co but today is an exception so pls consider and get all this stuff:
www.404media.co/cyber-monday...
www.404media.co/cyber-monday...
December 1, 2025 at 6:25 PM
We very rarely do sales at @404media.co but today is an exception so pls consider and get all this stuff:
www.404media.co/cyber-monday...
www.404media.co/cyber-monday...
Reposted by Toddzilla
Realtors know that, in many parts of the country, if you educate people about climate risk, the housing market will collapse.
www.nytimes.com/2025/11/30/c...
www.nytimes.com/2025/11/30/c...
Zillow Removes Climate Risk Scores From Home Listings
www.nytimes.com
November 30, 2025 at 1:57 PM
Realtors know that, in many parts of the country, if you educate people about climate risk, the housing market will collapse.
www.nytimes.com/2025/11/30/c...
www.nytimes.com/2025/11/30/c...
Reposted by Toddzilla
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Banning TP-Link won't save America from its own terrible cybersecurity
TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.
this.weekinsecurity.com
November 26, 2025 at 1:27 PM
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!