Decipher
@deciphersec.bsky.social
Security without fear since 2018.
https://decipher.sc
https://www.youtube.com/@DecipherSec
https://www.buzzsprout.com/228511/supporters/new
https://decipher.sc
https://www.youtube.com/@DecipherSec
https://www.buzzsprout.com/228511/supporters/new
Pinned
Decipher
@deciphersec.bsky.social
· Dec 16
Deciphering Heat
YouTube video by Decipher
youtu.be
Yesterday was the 30th anniversary of the release of Michael Mann's HEAT, a hacker movie classic. (Shoutout Kelso.) We did an episode on HEAT last year with the great @meggardiner.bsky.social (co-author of HEAT 2) and our friend @cje.io.
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
The podcast IS the juice!
youtu.be/b2cfEXeWSn0?...
What advantages do defenders have and how can they emply them to stay ahead of adversaries? We chatted with Ryan Dewhurst of @labs.watchtowr.com.web.brid.gy to find out.
youtu.be/5WznmQpJnj4?...
youtu.be/5WznmQpJnj4?...
How to Stay Ahead of Attackers With watchTowr's Ryan Dewhurst
YouTube video by Decipher
youtu.be
February 12, 2026 at 2:57 PM
What advantages do defenders have and how can they emply them to stay ahead of adversaries? We chatted with Ryan Dewhurst of @labs.watchtowr.com.web.brid.gy to find out.
youtu.be/5WznmQpJnj4?...
youtu.be/5WznmQpJnj4?...
Brand new podcast episode is here to brighten up your Monday! We chatted with Ryan Dewhurst of @labs.watchtowr.com.web.brid.gy !
youtu.be/5WznmQpJnj4?...
youtu.be/5WznmQpJnj4?...
How to Stay Ahead of Attackers With watchTowr's Ryan Dewhurst
YouTube video by Decipher
youtu.be
February 9, 2026 at 4:28 PM
Brand new podcast episode is here to brighten up your Monday! We chatted with Ryan Dewhurst of @labs.watchtowr.com.web.brid.gy !
youtu.be/5WznmQpJnj4?...
youtu.be/5WznmQpJnj4?...
New @silentpush.bsky.social research on a novel variant of the SystemBC 🤖
decipher.sc/2026/02/04/n...
decipher.sc/2026/02/04/n...
New SystemBC Botnet Activity Targets Systems Worldwide - Decipher
The SystemBC botnet malware has become a critical component in the modern threat landscape, often preceding a full-scale ransomware deployment.
decipher.sc
February 5, 2026 at 2:31 PM
New @silentpush.bsky.social research on a novel variant of the SystemBC 🤖
decipher.sc/2026/02/04/n...
decipher.sc/2026/02/04/n...
Reposted by Decipher
Sometimes I post paywalled Post articles. Usually I post marketing ones, free with account creation unless you have one. Sometimes I post free archive versions, which you also can figure out how to find without me.
This week is not the time to shout at me for posting a version that pays reporters.
This week is not the time to shout at me for posting a version that pays reporters.
February 3, 2026 at 7:48 PM
Sometimes I post paywalled Post articles. Usually I post marketing ones, free with account creation unless you have one. Sometimes I post free archive versions, which you also can figure out how to find without me.
This week is not the time to shout at me for posting a version that pays reporters.
This week is not the time to shout at me for posting a version that pays reporters.
Some very interesting data analysis from our friends at @greynoise.io on the silent changes CISA makes to the KEV catalog regarding exploitation by ransomware gangs.
www.greynoise.io/blog/unmaski...
www.greynoise.io/blog/unmaski...
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates
In 2025, 59 KEV entries silently flipped to “known ransomware use.” GreyNoise uncovers the hidden flips, why they matter, and a new feed to track them.
www.greynoise.io
February 3, 2026 at 4:29 PM
Some very interesting data analysis from our friends at @greynoise.io on the silent changes CISA makes to the KEV catalog regarding exploitation by ransomware gangs.
www.greynoise.io/blog/unmaski...
www.greynoise.io/blog/unmaski...
Reposted by Decipher
With perfect pitch, Joe Engressia Jr, aka #Joybubbles, discovered that he could whistle specific tones into a phone handset and bend the analog network to his will
(If you’re noticing a similarity between Engressia and the character Whistler in Sneakers, that’s not a coincidence)
(If you’re noticing a similarity between Engressia and the character Whistler in Sneakers, that’s not a coincidence)
We don't write about movies often but when we do, we write about hacker movies, like JOYBUBBLES from @charmingstranger.com at @sundance.org
decipher.sc/2026/02/02/p...
decipher.sc/2026/02/02/p...
Phreaks and Geeks: Joybubbles and the Pre-History of Hacking - Decipher
The proto hacker whose innate ability, curiosity, and absolute joy in the act of discovery is conveyed so artfully in the new documentary Joybubbles.
decipher.sc
February 3, 2026 at 12:10 AM
With perfect pitch, Joe Engressia Jr, aka #Joybubbles, discovered that he could whistle specific tones into a phone handset and bend the analog network to his will
(If you’re noticing a similarity between Engressia and the character Whistler in Sneakers, that’s not a coincidence)
(If you’re noticing a similarity between Engressia and the character Whistler in Sneakers, that’s not a coincidence)
We don't write about movies often but when we do, we write about hacker movies, like JOYBUBBLES from @charmingstranger.com at @sundance.org
decipher.sc/2026/02/02/p...
decipher.sc/2026/02/02/p...
Phreaks and Geeks: Joybubbles and the Pre-History of Hacking - Decipher
The proto hacker whose innate ability, curiosity, and absolute joy in the act of discovery is conveyed so artfully in the new documentary Joybubbles.
decipher.sc
February 2, 2026 at 8:20 PM
We don't write about movies often but when we do, we write about hacker movies, like JOYBUBBLES from @charmingstranger.com at @sundance.org
decipher.sc/2026/02/02/p...
decipher.sc/2026/02/02/p...
Google Mandiant researchers said the campaign has successfully used voice phishing and credential harvesting sites to pilfer both single sign-on (SSO) credentials and multi-factor authentication (MFA) codes.
decipher.sc/2026/02/02/g...
decipher.sc/2026/02/02/g...
Google Mandiant: ShinyHunters Attacks Target SaaS Platforms Via SSO, MFA Abuse - Decipher
The series of incidents detailed by Mandiant researchers started in early to mid-January, and included a previously disclosed campaign involving Okta customers.
decipher.sc
February 2, 2026 at 7:10 PM
Google Mandiant researchers said the campaign has successfully used voice phishing and credential harvesting sites to pilfer both single sign-on (SSO) credentials and multi-factor authentication (MFA) codes.
decipher.sc/2026/02/02/g...
decipher.sc/2026/02/02/g...
Reposted by Decipher
🚨 New @deciphersec.bsky.social podcast is up!
🪲 New Fortinet SSO auth bypass exploitation
🪲 Attacks on old WinRAR flaw
🖥️ Google disrupts IPIDEA proxy network
📹 And shoutouts to some fave creators: @ryanaraine.bsky.social @johnhammond.bsky.social @mattjay.com
open.spotify.com/episode/5k9x...
🪲 New Fortinet SSO auth bypass exploitation
🪲 Attacks on old WinRAR flaw
🖥️ Google disrupts IPIDEA proxy network
📹 And shoutouts to some fave creators: @ryanaraine.bsky.social @johnhammond.bsky.social @mattjay.com
open.spotify.com/episode/5k9x...
Fortinet and WinRAR Exploitation, Google's IPIDEA Disruption, and Our Favorite Cybersecurity Creators
open.spotify.com
January 30, 2026 at 3:52 PM
🚨 New @deciphersec.bsky.social podcast is up!
🪲 New Fortinet SSO auth bypass exploitation
🪲 Attacks on old WinRAR flaw
🖥️ Google disrupts IPIDEA proxy network
📹 And shoutouts to some fave creators: @ryanaraine.bsky.social @johnhammond.bsky.social @mattjay.com
open.spotify.com/episode/5k9x...
🪲 New Fortinet SSO auth bypass exploitation
🪲 Attacks on old WinRAR flaw
🖥️ Google disrupts IPIDEA proxy network
📹 And shoutouts to some fave creators: @ryanaraine.bsky.social @johnhammond.bsky.social @mattjay.com
open.spotify.com/episode/5k9x...
Reposted by Decipher
Signal will never message you like this.
If you get a message like this, SOMEONE IS TRYING TO HACK YOUR SIGNAL.
DO NOT GIVE THEM THAT CODE.
If you get a message like this, SOMEONE IS TRYING TO HACK YOUR SIGNAL.
DO NOT GIVE THEM THAT CODE.
January 26, 2026 at 2:16 AM
Signal will never message you like this.
If you get a message like this, SOMEONE IS TRYING TO HACK YOUR SIGNAL.
DO NOT GIVE THEM THAT CODE.
If you get a message like this, SOMEONE IS TRYING TO HACK YOUR SIGNAL.
DO NOT GIVE THEM THAT CODE.
More Fortinet targeting.
decipher.sc/2026/01/28/f...
decipher.sc/2026/01/28/f...
Fortinet Warns of Critical Flaw After FortiCloud SSO Exploitation - Decipher
Fortinet is rolling out updates for CVE-2026-24858, with fixes for some versions available as of Tuesday, and others in releases that are upcoming at an unspecified date.
decipher.sc
January 28, 2026 at 8:27 PM
More Fortinet targeting.
decipher.sc/2026/01/28/f...
decipher.sc/2026/01/28/f...
Reposted by Decipher
Wow - Office security feature bypass patched OOB after active exploitation detected. Path now - CVE-2026-21509. At least the Preview Pane isn't an attack vector. msrc.microsoft.com/update-guide...
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
January 26, 2026 at 5:40 PM
Wow - Office security feature bypass patched OOB after active exploitation detected. Path now - CVE-2026-21509. At least the Preview Pane isn't an attack vector. msrc.microsoft.com/update-guide...
UPDATE: Fortinet has published some info on these attacks and the new path they're using.
decipher.sc/2026/01/22/f...
decipher.sc/2026/01/22/f...
Fortinet FortiGate Devices Targeted in New Campaign - Decipher
This activity shares some similarities with a campaign that researchers at Arctic Wolf identified in December. That campaign started soon after Fortinet disclosed two authentication bypass flaws (CVE-...
decipher.sc
January 22, 2026 at 9:12 PM
UPDATE: Fortinet has published some info on these attacks and the new path they're using.
decipher.sc/2026/01/22/f...
decipher.sc/2026/01/22/f...
The remote code execution flaw (CVE-2026-20045) exists in Cisco’s lineup of products for voice, video, and mobility services for endpoints and applications.
decipher.sc/2026/01/22/c...
decipher.sc/2026/01/22/c...
Cisco Fixes Unified Communications RCE Flaw Under Attack - Decipher
Threat actors are attempting to exploit the Cisco remote code execution flaw (CVE-2026-20045) in the wild, according to a new security advisory.
decipher.sc
January 22, 2026 at 4:51 PM
The remote code execution flaw (CVE-2026-20045) exists in Cisco’s lineup of products for voice, video, and mobility services for endpoints and applications.
decipher.sc/2026/01/22/c...
decipher.sc/2026/01/22/c...
This is how you start a security advisory: "If you are tired of modern age vulnerabilities, and remember the good
old times on bugtraq, I hope you will appreciate this one."
www.openwall.com/lists/oss-se...
old times on bugtraq, I hope you will appreciate this one."
www.openwall.com/lists/oss-se...
oss-security - GNU InetUtils Security Advisory: remote authentication by-pass in
telnetd
www.openwall.com
January 21, 2026 at 3:21 PM
This is how you start a security advisory: "If you are tired of modern age vulnerabilities, and remember the good
old times on bugtraq, I hope you will appreciate this one."
www.openwall.com/lists/oss-se...
old times on bugtraq, I hope you will appreciate this one."
www.openwall.com/lists/oss-se...
🚨 This week's podcast is up now! In this episode we break down:
✅ The RedVDS cybercrime platform takedown by
@security.microsoft.com
✅ New @talosintelligence.com research on UAT-8837 Chinese APT activity
✅ The very cool StackWarp bug by @rayiizzz.bsky.social and team
decipher.sc/podcasts/the...
✅ The RedVDS cybercrime platform takedown by
@security.microsoft.com
✅ New @talosintelligence.com research on UAT-8837 Chinese APT activity
✅ The very cool StackWarp bug by @rayiizzz.bsky.social and team
decipher.sc/podcasts/the...
The RedVDS Takedown, Yet Another Chinese APT Emerges, and the StackWarp AMD Bug
This week, we talk about how Microsoft disrupted a long-running, large-scale cybercrime-as-a-service platform called RedVDS that has been active since 2019 and was used in high-volume phishing and BEC...
decipher.sc
January 16, 2026 at 6:24 PM
🚨 This week's podcast is up now! In this episode we break down:
✅ The RedVDS cybercrime platform takedown by
@security.microsoft.com
✅ New @talosintelligence.com research on UAT-8837 Chinese APT activity
✅ The very cool StackWarp bug by @rayiizzz.bsky.social and team
decipher.sc/podcasts/the...
✅ The RedVDS cybercrime platform takedown by
@security.microsoft.com
✅ New @talosintelligence.com research on UAT-8837 Chinese APT activity
✅ The very cool StackWarp bug by @rayiizzz.bsky.social and team
decipher.sc/podcasts/the...