Kevin Beaumont
@doublepulsar.com
cybersecurity weather man. scanning the horizons for cloudy cyber. Expert at nothing except computer rubbish. Anti-ransomware since 2015.
patch ye MongoDB, there's an exploit for a vuln which has been in the product for over a decade that allows the remote, unauth read of any memory - which includes plaintext creds.
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
Merry Christmas Day! Have a MongoDB security incident.
Somebody from Elastic Security decided to post an exploit for CVE-2025–14847 on Christmas Day.
doublepulsar.com
December 26, 2025 at 10:57 PM
patch ye MongoDB, there's an exploit for a vuln which has been in the product for over a decade that allows the remote, unauth read of any memory - which includes plaintext creds.
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
Merry Christmas!
Watch a 92 year old grandmother win a Tekken tournament around the 2 hour 27 minute mark. She’s such a boss she isn’t even looking at the screen half the time.
www.youtube.com/live/5cj0XFW...
Watch a 92 year old grandmother win a Tekken tournament around the 2 hour 27 minute mark. She’s such a boss she isn’t even looking at the screen half the time.
www.youtube.com/live/5cj0XFW...
December 25, 2025 at 10:29 AM
Merry Christmas!
Watch a 92 year old grandmother win a Tekken tournament around the 2 hour 27 minute mark. She’s such a boss she isn’t even looking at the screen half the time.
www.youtube.com/live/5cj0XFW...
Watch a 92 year old grandmother win a Tekken tournament around the 2 hour 27 minute mark. She’s such a boss she isn’t even looking at the screen half the time.
www.youtube.com/live/5cj0XFW...
Reposted by Kevin Beaumont
Reposted by Kevin Beaumont
Second anniversary of our Apple TV’s spectacular attempt to understand me asking for “Hercule Poirot’s Christmas”
December 23, 2025 at 7:25 PM
Second anniversary of our Apple TV’s spectacular attempt to understand me asking for “Hercule Poirot’s Christmas”
I have a thread on the La Poste thing. NoName have also joined in now.
La Poste aren’t set up to deal with layer 7 DDoS so expect continued outages, they’re basically an easy target.
cyberplace.social/@GossiTheDog...
La Poste aren’t set up to deal with layer 7 DDoS so expect continued outages, they’re basically an easy target.
cyberplace.social/@GossiTheDog...
Kevin Beaumont (@GossiTheDog@cyberplace.social)
Attached: 3 images
If anybody is wondering about La Poste 'cyberattack', they appear to be getting targeted by craptavists.
They've been getting a mix of packeted, and layer 7 HTTP floods.
They'v...
cyberplace.social
December 24, 2025 at 12:17 PM
I have a thread on the La Poste thing. NoName have also joined in now.
La Poste aren’t set up to deal with layer 7 DDoS so expect continued outages, they’re basically an easy target.
cyberplace.social/@GossiTheDog...
La Poste aren’t set up to deal with layer 7 DDoS so expect continued outages, they’re basically an easy target.
cyberplace.social/@GossiTheDog...
Reposted by Kevin Beaumont
If you didn't know, you can hide all games that have disclosed using AI in their store descriptions. Link: https://steamdb.info/sales/?min_discount=80&min_rating=0&min_reviews=5000&tagid=-1368160
Steam Winter Sale 2025 · US
Steam Winter Sale 2025 has started, filling Valve’s digital shop with thousands of deals. Filter and find the best sale deals! Steam Winter Sale 2025 will run until 5 January 2026.
Filters: ≥ 80% discount, ≥ 5,000 reviews, Not AI Content Disclosed
steamdb.info
December 24, 2025 at 9:05 AM
If you didn't know, you can hide all games that have disclosed using AI in their store descriptions. Link: https://steamdb.info/sales/?min_discount=80&min_rating=0&min_reviews=5000&tagid=-1368160
Microsoft’s corporate culture of how people climb the ladder combined with their lack of management and oversight of generative AI initiatives is going to continue to be a car crash for customers.
It is a situation designed for toxic outcomes (but not for staff).
It is a situation designed for toxic outcomes (but not for staff).
December 23, 2025 at 9:31 PM
Microsoft’s corporate culture of how people climb the ladder combined with their lack of management and oversight of generative AI initiatives is going to continue to be a car crash for customers.
It is a situation designed for toxic outcomes (but not for staff).
It is a situation designed for toxic outcomes (but not for staff).
Reposted by Kevin Beaumont
Another example of attackers abusing npm as infrastructure. Our threat research team found a spearphishing campaign that published 27 malicious packages to host browser-run phishing pages.
cc: @campuscodi.risky.biz @cisoseries.bsky.social @zackwhittaker.com
cc: @campuscodi.risky.biz @cisoseries.bsky.social @zackwhittaker.com
🚨 New research: A spearphishing campaign published 27 malicious npm packages that host browser-run lures mimicking document portals and Microsoft sign-in to steal credentials. This operation targets manufacturing and healthcare orgs in the U.S. and allied countries.
socket.dev/blog/spearph...
socket.dev/blog/spearph...
Spearphishing Campaign Abuses npm Registry to Target U.S. an...
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, ta...
socket.dev
December 23, 2025 at 8:32 PM
Another example of attackers abusing npm as infrastructure. Our threat research team found a spearphishing campaign that published 27 malicious packages to host browser-run phishing pages.
cc: @campuscodi.risky.biz @cisoseries.bsky.social @zackwhittaker.com
cc: @campuscodi.risky.biz @cisoseries.bsky.social @zackwhittaker.com
For anybody covering the Epstein emails, you might want to look at Jes Staley and "A". Example.
December 23, 2025 at 3:48 PM
For anybody covering the Epstein emails, you might want to look at Jes Staley and "A". Example.
That CBS 60 minutes episode that got pulled is available for streaming via a VPN provider using a Canadian IP address - the international broadcaster didn't pull it. watch.globaltv.com/series/2893d...
Home | Global TV App | Watch Shows, Movies and Live TV
The Global TV App is home to some of the most watched Canadian channels. Watch full episodes, Live TV and Global News.
watch.globaltv.com
December 22, 2025 at 10:16 PM
That CBS 60 minutes episode that got pulled is available for streaming via a VPN provider using a Canadian IP address - the international broadcaster didn't pull it. watch.globaltv.com/series/2893d...
Reposted by Kevin Beaumont
If you pay attention to any large industry long enough and follow it to its logical conclusion you eventually end up sounding like a communist even if you started off testing CPU case fans. youtu.be/cUrJVdF2me0?...
December 22, 2025 at 5:58 PM
If you pay attention to any large industry long enough and follow it to its logical conclusion you eventually end up sounding like a communist even if you started off testing CPU case fans. youtu.be/cUrJVdF2me0?...
sometimes I accidentally press the Copilot button this laptop and Copilot appears like a jump scare
December 22, 2025 at 6:26 PM
sometimes I accidentally press the Copilot button this laptop and Copilot appears like a jump scare
This is some rookie cybersecurity stuff. "These cameras zoom in on passersby, sometimes so close we could read a random person's phone screen."
This is 404 Media's @jasonkoebler.bsky.social waving at himself through a Flock camera; one of 60 we learned was left exposed to the open internet. Not only could anyone with a link livestream it, but some admin portals were open with no login credentials required.
www.404media.co/flock-expose...
www.404media.co/flock-expose...
December 22, 2025 at 5:40 PM
This is some rookie cybersecurity stuff. "These cameras zoom in on passersby, sometimes so close we could read a random person's phone screen."
The Office spin off, CISA, is going to get renewed for a second season.
I was chasing this story but @jsaks.bsky.social beat me to it: CISA has retaliated against career employees after the agency's acting director failed a polygraph test. Another embarrassing crisis at the struggling agency. www.politico.com/news/2025/12...
December 22, 2025 at 3:55 PM
The Office spin off, CISA, is going to get renewed for a second season.
Merry Christmas to PayPal, who own Honey, who are fighting a legal battle to try to stop you viewing this video.
youtu.be/wwB3FmbcC88
youtu.be/wwB3FmbcC88
Honey Targeted Minors & Exploited Small Businesses
YouTube video by MegaLag
youtu.be
December 22, 2025 at 10:12 AM
Merry Christmas to PayPal, who own Honey, who are fighting a legal battle to try to stop you viewing this video.
youtu.be/wwB3FmbcC88
youtu.be/wwB3FmbcC88
The best way I can describe adopting a dog is you get a career in being an Uber driver and Uber Eats driver for a dog, where instead of using an app, they order via whines and big eyes.
December 20, 2025 at 9:17 PM
The best way I can describe adopting a dog is you get a career in being an Uber driver and Uber Eats driver for a dog, where instead of using an app, they order via whines and big eyes.
Reposted by Kevin Beaumont
Reposted by Kevin Beaumont
"Ryan Clifford Goldberg, a former incident response supervisor at Sygnia Consulting Ltd., and Kevin Tyler Martin, who was a ransomware negotiator for DigitalMint, pleaded guilty to one count each of conspiracy to interfere with commerce by extortion."
www.bloomberg.com/news/article...
www.bloomberg.com/news/article...
Ex-Cybersecurity Staff Plead Guilty for Moonlighting as Hackers
Two former employees of cybersecurity companies pleaded guilty on Thursday to federal crimes for launching their own ransomware attacks in a plot to extort millions of dollars from victims around the ...
www.bloomberg.com
December 19, 2025 at 12:08 PM
"Ryan Clifford Goldberg, a former incident response supervisor at Sygnia Consulting Ltd., and Kevin Tyler Martin, who was a ransomware negotiator for DigitalMint, pleaded guilty to one count each of conspiracy to interfere with commerce by extortion."
www.bloomberg.com/news/article...
www.bloomberg.com/news/article...
Reposted by Kevin Beaumont
The US TikTok sale has been signed. The company will be controlled by a joint venture including Oracle, Silver Lake, Andreessen Horowitz, Abu Dhabi-based MGX. Adding a UAE company really makes it clear that this was never about national security concerns.
www.axios.com/2025/12/18/t...
www.axios.com/2025/12/18/t...
Scoop: TikTok signs deal for sale of U.S. unit after yearslong saga
The deal would end a yearslong saga to force TikTok's Chinese parent ByteDance to sell the company's U.S. operation.
www.axios.com
December 18, 2025 at 11:35 PM
The US TikTok sale has been signed. The company will be controlled by a joint venture including Oracle, Silver Lake, Andreessen Horowitz, Abu Dhabi-based MGX. Adding a UAE company really makes it clear that this was never about national security concerns.
www.axios.com/2025/12/18/t...
www.axios.com/2025/12/18/t...
I am never going to stop lolling at all these GenAI projects which get rolled out.. and then the actual customers are like ‘okay, how do I tell it to fuck off?’
LG tells us that it will let users delete the Microsoft Copilot shortcut it installed on newer TVs recently. Reddit users spotted Copilot getting installed on their TVs last week, with no option to uninstall. That’s changing soon www.theverge.com/news/847685/...
LG forced a Copilot web app onto its TVs but will let you delete it
Microsoft No-pilot.
www.theverge.com
December 18, 2025 at 10:23 PM
I am never going to stop lolling at all these GenAI projects which get rolled out.. and then the actual customers are like ‘okay, how do I tell it to fuck off?’
Reposted by Kevin Beaumont
I think a lot of the discussion around AI isn't specific enough or informed enough, and that's why this piece from @edmondtran.bsky.social is so useful and important. These are actual concept artists spelling out in clear, unambiguous terms why Gen-AI is not only unhelpful, it's a nuisance.
We spoke to a dozen professional concept artists who are currently or have previously worked in game development about whether generative AI image tools have made their jobs any easier.
Zero said it did. Most said it made things harder.
thisweekinvideogames.com/feature/conc...
Zero said it did. Most said it made things harder.
thisweekinvideogames.com/feature/conc...
Concept Artists Say Generative AI References Only Make Their Jobs Harder
“The ‘early ideation stages’, when worlds are being fleshed out by writers and artists, are literally crucial to the development of a game’s vision,” said one artist.
thisweekinvideogames.com
December 18, 2025 at 9:22 PM
I think a lot of the discussion around AI isn't specific enough or informed enough, and that's why this piece from @edmondtran.bsky.social is so useful and important. These are actual concept artists spelling out in clear, unambiguous terms why Gen-AI is not only unhelpful, it's a nuisance.
Damn, Dan Bongino hasn’t transferred me the $13m he promised me yet!
December 18, 2025 at 12:16 AM
Damn, Dan Bongino hasn’t transferred me the $13m he promised me yet!