Decipher
@deciphersec.bsky.social
Security without fear since 2018.
https://decipher.sc
https://www.youtube.com/@DecipherSec
https://www.buzzsprout.com/228511/supporters/new
https://decipher.sc
https://www.youtube.com/@DecipherSec
https://www.buzzsprout.com/228511/supporters/new
Pinned
Deciphering Heat
YouTube video by Decipher
youtu.be
Yesterday was the 30th anniversary of the release of Michael Mann's HEAT, a hacker movie classic. (Shoutout Kelso.) We did an episode on HEAT last year with the great @meggardiner.bsky.social (co-author of HEAT 2) and our friend @cje.io.
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
Reposted by Decipher
Is Kevin McCallister the Greatest Hacker in Movie History?
YouTube video by Decipher
youtu.be
December 23, 2025 at 2:05 PM
Bless this highly nutritious microwavable macaroni and cheese dinner and the people who sold it on sale. Amen.
youtu.be/9lCl5Cqsh0s?...
youtu.be/9lCl5Cqsh0s?...
Is Kevin McCallister the Greatest Hacker in Movie History?
YouTube video by Decipher
youtu.be
December 22, 2025 at 4:42 PM
Bless this highly nutritious microwavable macaroni and cheese dinner and the people who sold it on sale. Amen.
youtu.be/9lCl5Cqsh0s?...
youtu.be/9lCl5Cqsh0s?...
Russian Targeting of Edge Devices. Cisco AsyncOS Zero Day, and React2Shell Won't Go Away
open.spotify.com
December 19, 2025 at 9:42 PM
🚨 New hacker movie 📽️ podcast episode is out!! 🚨
It's an all-time classic action movie that's seasonally appropriate. (But NOT a Christmas movie.)
youtu.be/TJBN4oRe3Tk?...
It's an all-time classic action movie that's seasonally appropriate. (But NOT a Christmas movie.)
youtu.be/TJBN4oRe3Tk?...
The Hacker Movie Canon: DIE HARD
YouTube video by Decipher
youtu.be
December 17, 2025 at 5:21 PM
🚨 New hacker movie 📽️ podcast episode is out!! 🚨
It's an all-time classic action movie that's seasonally appropriate. (But NOT a Christmas movie.)
youtu.be/TJBN4oRe3Tk?...
It's an all-time classic action movie that's seasonally appropriate. (But NOT a Christmas movie.)
youtu.be/TJBN4oRe3Tk?...
Yesterday was the 30th anniversary of the release of Michael Mann's HEAT, a hacker movie classic. (Shoutout Kelso.) We did an episode on HEAT last year with the great @meggardiner.bsky.social (co-author of HEAT 2) and our friend @cje.io.
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
Deciphering Heat
YouTube video by Decipher
youtu.be
December 16, 2025 at 2:46 PM
Yesterday was the 30th anniversary of the release of Michael Mann's HEAT, a hacker movie classic. (Shoutout Kelso.) We did an episode on HEAT last year with the great @meggardiner.bsky.social (co-author of HEAT 2) and our friend @cje.io.
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
New podcast is up!
✅ More React bugs and expanded exploitation activity
✅ A new CISA warning on Russian CI attacks
✅ Holiday hacker movie plans!
open.spotify.com/episode/4zJ7...
✅ More React bugs and expanded exploitation activity
✅ A new CISA warning on Russian CI attacks
✅ Holiday hacker movie plans!
open.spotify.com/episode/4zJ7...
More React Bugs Reaction, the Challenge of Vulnerability Management, and CI Attacks
open.spotify.com
December 13, 2025 at 4:31 PM
New podcast is up!
✅ More React bugs and expanded exploitation activity
✅ A new CISA warning on Russian CI attacks
✅ Holiday hacker movie plans!
open.spotify.com/episode/4zJ7...
✅ More React bugs and expanded exploitation activity
✅ A new CISA warning on Russian CI attacks
✅ Holiday hacker movie plans!
open.spotify.com/episode/4zJ7...
🚨 New podcast alert! 🚨
We have a fascinating new conversation by @dennisf.bsky.social with Erin Whitmore of CYPFER, a former CIA officer and cybersecurity official at @odnigov.bsky.social. Erin has a unique story and her insights on threats, AI, & risk are great.
youtu.be/u9pMZrMOW-E?...
We have a fascinating new conversation by @dennisf.bsky.social with Erin Whitmore of CYPFER, a former CIA officer and cybersecurity official at @odnigov.bsky.social. Erin has a unique story and her insights on threats, AI, & risk are great.
youtu.be/u9pMZrMOW-E?...
From CIA Officer to a Career in Cybersecurity With Erin Whitmore
YouTube video by Decipher
youtu.be
December 10, 2025 at 3:57 PM
🚨 New podcast alert! 🚨
We have a fascinating new conversation by @dennisf.bsky.social with Erin Whitmore of CYPFER, a former CIA officer and cybersecurity official at @odnigov.bsky.social. Erin has a unique story and her insights on threats, AI, & risk are great.
youtu.be/u9pMZrMOW-E?...
We have a fascinating new conversation by @dennisf.bsky.social with Erin Whitmore of CYPFER, a former CIA officer and cybersecurity official at @odnigov.bsky.social. Erin has a unique story and her insights on threats, AI, & risk are great.
youtu.be/u9pMZrMOW-E?...
UPDATED with some new info from @vulncheck.bsky.social on exploit activity.
decipher.sc/2025/12/08/b...
decipher.sc/2025/12/08/b...
Broad Exploit Activity Targets React2Shell Flaw - Decipher
The vulnerability was disclosed publicly on Dec. 3 and researchers and threat intelligence teams immediately began seeing opportunistic and targeted exploita...
decipher.sc
December 9, 2025 at 4:33 PM
UPDATED with some new info from @vulncheck.bsky.social on exploit activity.
decipher.sc/2025/12/08/b...
decipher.sc/2025/12/08/b...
"Communications networks are large, complex, and they require significant measures to be taken to secure them. So without some sort of accountability regime, we don’t really know what they’re doing, how effective it is, or how widespread those measures will be.”
decipher.sc/2025/12/04/g...
decipher.sc/2025/12/04/g...
Government, Private Sector Officials Mull Telecom Security Woes - Decipher
A year after Salt Typhoon's telecom hack, private and public sector officials discussed next steps.
decipher.sc
December 5, 2025 at 9:17 PM
"Communications networks are large, complex, and they require significant measures to be taken to secure them. So without some sort of accountability regime, we don’t really know what they’re doing, how effective it is, or how widespread those measures will be.”
decipher.sc/2025/12/04/g...
decipher.sc/2025/12/04/g...
Happy Friday, podcast friends! New episode is out, with all kinds of goodies.
✅ The React2shell bug and exploitation activity
✅ Salt Typhoon targeting of telecom networks
✅ New hacker movie episodes on the way!
open.spotify.com/episode/5pJE...
✅ The React2shell bug and exploitation activity
✅ Salt Typhoon targeting of telecom networks
✅ New hacker movie episodes on the way!
open.spotify.com/episode/5pJE...
React2Shell, Typhoon Attacks, and Why Our Infrastructure is So Vulnerable
open.spotify.com
December 5, 2025 at 6:13 PM
Happy Friday, podcast friends! New episode is out, with all kinds of goodies.
✅ The React2shell bug and exploitation activity
✅ Salt Typhoon targeting of telecom networks
✅ New hacker movie episodes on the way!
open.spotify.com/episode/5pJE...
✅ The React2shell bug and exploitation activity
✅ Salt Typhoon targeting of telecom networks
✅ New hacker movie episodes on the way!
open.spotify.com/episode/5pJE...
It's been quite a year (or 6 months) for us since our re-launch! Thanks to everyone who has joined us so far! It's very gratifying to see some data to show how people are engaging with our podcast.
December 4, 2025 at 6:34 PM
It's been quite a year (or 6 months) for us since our re-launch! Thanks to everyone who has joined us so far! It's very gratifying to see some data to show how people are engaging with our podcast.
No holiday break for APTs
decipher.sc/2025/12/02/n...
decipher.sc/2025/12/02/n...
New MuddyWater Campaign Hits Israeli Targets - Decipher
The victims in Israel span multiple industries, including technology, engineering, manufacturing, local government, and education.
decipher.sc
December 3, 2025 at 1:23 PM
No holiday break for APTs
decipher.sc/2025/12/02/n...
decipher.sc/2025/12/02/n...
🚨 New podcast alert! 🚨
A fascinating discussion with UI/UX expert and renowned author Jeff Gothelf (www.senseandrespond.co/books) on a wide range ot topics, including #AI, collaboration for security teams, and designing software with users in mind.
youtu.be/6kBvEmB4eCQ?...
A fascinating discussion with UI/UX expert and renowned author Jeff Gothelf (www.senseandrespond.co/books) on a wide range ot topics, including #AI, collaboration for security teams, and designing software with users in mind.
youtu.be/6kBvEmB4eCQ?...
Jeff Gothelf on Designing for Users, Enterprise Agility, and the AI Conundrum
YouTube video by Decipher
youtu.be
December 2, 2025 at 3:48 PM
🚨 New podcast alert! 🚨
A fascinating discussion with UI/UX expert and renowned author Jeff Gothelf (www.senseandrespond.co/books) on a wide range ot topics, including #AI, collaboration for security teams, and designing software with users in mind.
youtu.be/6kBvEmB4eCQ?...
A fascinating discussion with UI/UX expert and renowned author Jeff Gothelf (www.senseandrespond.co/books) on a wide range ot topics, including #AI, collaboration for security teams, and designing software with users in mind.
youtu.be/6kBvEmB4eCQ?...
New research from @esetofficial.bsky.social on Iran-linked APT MuddyWater
decipher.sc/2025/12/02/n...
decipher.sc/2025/12/02/n...
New MuddyWater Campaign Hits Israeli Targets - Decipher
The victims in Israel span multiple industries, including technology, engineering, manufacturing, local government, and education.
decipher.sc
December 2, 2025 at 1:57 PM
New research from @esetofficial.bsky.social on Iran-linked APT MuddyWater
decipher.sc/2025/12/02/n...
decipher.sc/2025/12/02/n...
Some (vaguely) Thanksgiving-related security phrases for you to use this weekend:
credential stuffing
big game (hen) hunting
Scattered smothered covered and chunked Spider
YAML
cookies
watering hole
Plymouth infosec Rock star
SPAM
Dinner roll your own crypto
What else ya got? 🦃
credential stuffing
big game (hen) hunting
Scattered smothered covered and chunked Spider
YAML
cookies
watering hole
Plymouth infosec Rock star
SPAM
Dinner roll your own crypto
What else ya got? 🦃
November 26, 2025 at 5:08 PM
Some (vaguely) Thanksgiving-related security phrases for you to use this weekend:
credential stuffing
big game (hen) hunting
Scattered smothered covered and chunked Spider
YAML
cookies
watering hole
Plymouth infosec Rock star
SPAM
Dinner roll your own crypto
What else ya got? 🦃
credential stuffing
big game (hen) hunting
Scattered smothered covered and chunked Spider
YAML
cookies
watering hole
Plymouth infosec Rock star
SPAM
Dinner roll your own crypto
What else ya got? 🦃
Reposted by Decipher
We have updated this list to include more than 500 packages and 700+ affected versions, as well as a technical analysis of the attack. socket.dev/blog/shai-hu....
cc: @campuscodi.risky.biz @typescript.fm @bleepingcomputer.com @theregister.com
cc: @campuscodi.risky.biz @typescript.fm @bleepingcomputer.com @theregister.com
November 24, 2025 at 5:19 PM
We have updated this list to include more than 500 packages and 700+ affected versions, as well as a technical analysis of the attack. socket.dev/blog/shai-hu....
cc: @campuscodi.risky.biz @typescript.fm @bleepingcomputer.com @theregister.com
cc: @campuscodi.risky.biz @typescript.fm @bleepingcomputer.com @theregister.com
Just in time for the holiday week...it's a new npm worm!
decipher.sc/2025/11/24/n...
decipher.sc/2025/11/24/n...
New Shai Hulud NPM Worm Emerges - Decipher
Researchers from Wiz are currently tracking more than 25,000 affected repositories across approximately 350 unique users.
decipher.sc
November 24, 2025 at 3:47 PM
Just in time for the holiday week...it's a new npm worm!
decipher.sc/2025/11/24/n...
decipher.sc/2025/11/24/n...
Things got a little weird in Washington this week. We break it all down for you!
decipher.sc/podcasts/doj...
decipher.sc/podcasts/doj...
DoJ Sanctions, the SEC Abandons the SolarWinds Action, and the FCC Reverses Course on Telecom Security
It’s an acronym-filled, government-only bonanza this week! We discuss the DoJ sanctioning Russian bulletproof hosting provider Media Land (0:53), the S...
decipher.sc
November 21, 2025 at 4:46 PM
Things got a little weird in Washington this week. We break it all down for you!
decipher.sc/podcasts/doj...
decipher.sc/podcasts/doj...
Aloha! Many of our podcasts are now available as video episodes on Spotify! Including this one with @rmogull.com.
open.spotify.com/show/3XsgM8x...
open.spotify.com/show/3XsgM8x...
Rich Mogull on the Cloudflare Outage, Resilience, and Single Points of Failure
Spotify video
open.spotify.com
November 20, 2025 at 3:29 PM
Aloha! Many of our podcasts are now available as video episodes on Spotify! Including this one with @rmogull.com.
open.spotify.com/show/3XsgM8x...
open.spotify.com/show/3XsgM8x...
Reposted by Decipher
We posted our AttackerKB @rapid7.com Analysis of the new EITW FortiWeb command injection vuln, CVE-2025-58034. The patch fixes several command injections, so we reproduced the SAML config name injection, and popped a reverse root shell 🎯 Full details here: attackerkb.com/topics/zClpI...
November 19, 2025 at 7:19 PM
We posted our AttackerKB @rapid7.com Analysis of the new EITW FortiWeb command injection vuln, CVE-2025-58034. The patch fixes several command injections, so we reproduced the SAML config name injection, and popped a reverse root shell 🎯 Full details here: attackerkb.com/topics/zClpI...
Good post-mortem from @cloudflare.social on their outage yesterday. TL;DR it wasn't a security incident.
blog.cloudflare.com/18-november-...
blog.cloudflare.com/18-november-...
Cloudflare outage on November 18, 2025
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.
blog.cloudflare.com
November 19, 2025 at 2:42 PM
Good post-mortem from @cloudflare.social on their outage yesterday. TL;DR it wasn't a security incident.
blog.cloudflare.com/18-november-...
blog.cloudflare.com/18-november-...