Tim Starks
@timstarks.bsky.social
Senior reporter, CyberScoop, covering spyware, cyber policy and more. Russia-sanctioned. Former Washington Post, POLITICO, CQ Roll Call. @timstarks.02 on Signal. tim.starks@cyberscoop.com. Mastodon timstarks@infosec.exchange, X timstarks, Threads tstarks2.
Reposted by Tim Starks
"NSO Group, the Israeli company behind Pegasus spyware, says a group of investors led by Hollywood producer Robert Simonds has acquired a controlling stake in the firm, which has named a former Trump official to lead an effort to restore its battered reputation." www.wsj.com/tech/israeli...
Israeli Spyware Maker NSO Gets New Owners, Leadership and Seeks to Mend Reputation
Investors led by Hollywood producer Robert Simonds have taken a controlling stake in the company behind Pegasus, and former Trump official David Friedman has been named executive chairman.
www.wsj.com
November 10, 2025 at 2:08 PM
"NSO Group, the Israeli company behind Pegasus spyware, says a group of investors led by Hollywood producer Robert Simonds has acquired a controlling stake in the firm, which has named a former Trump official to lead an effort to restore its battered reputation." www.wsj.com/tech/israeli...
Reposted by Tim Starks
I know everyone is rightfully worked up over this govt funding bill but @timstarks.bsky.social and I found the cyber angle: if passed, CISA 2015 would go back into law until Jan 30 2026 cyberscoop.com/cisa-2015-sh...
Cyber information sharing law would get extension under shutdown deal bill
The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.
cyberscoop.com
November 10, 2025 at 2:11 PM
I know everyone is rightfully worked up over this govt funding bill but @timstarks.bsky.social and I found the cyber angle: if passed, CISA 2015 would go back into law until Jan 30 2026 cyberscoop.com/cisa-2015-sh...
Cyber information sharing law would get extension under shutdown deal bill cyberscoop.com/cisa-2015-sh...
Cyber information sharing law would get extension under shutdown deal bill
The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.
cyberscoop.com
November 10, 2025 at 1:31 PM
Cyber information sharing law would get extension under shutdown deal bill cyberscoop.com/cisa-2015-sh...
Reposted by Tim Starks
this is a big and extremely dangerous deal. pegasus has been a tool of repression around the world.
is this the pivot to attacking american journalists, lawyers, civil society activists?
is this the pivot to attacking american journalists, lawyers, civil society activists?
UPDATE: NSO just hired former Trump ambassador to Israel.
They're trying to push Pegasus spyware to 🇺🇸America.
Your rights and freedoms are in danger.
NSO Group is no friend to the US & has spent years undermining our security & values 1/
They're trying to push Pegasus spyware to 🇺🇸America.
Your rights and freedoms are in danger.
NSO Group is no friend to the US & has spent years undermining our security & values 1/
November 9, 2025 at 10:14 PM
this is a big and extremely dangerous deal. pegasus has been a tool of repression around the world.
is this the pivot to attacking american journalists, lawyers, civil society activists?
is this the pivot to attacking american journalists, lawyers, civil society activists?
Reposted by Tim Starks
Aleksei Olegovich Volkov served as an initial access broker and was involved in attacks on seven U.S. businesses from July 2021 through November 2022. via @mattkapko.com cyberscoop.com/russian-alek...
Russian national pleads guilty to breaking into networks for Yanluowang ransomware attacks
Aleksei Olegovich Volkov served as an initial access broker and was involved in attacks on seven U.S. businesses from July 2021 through November 2022.
cyberscoop.com
November 7, 2025 at 9:53 PM
Aleksei Olegovich Volkov served as an initial access broker and was involved in attacks on seven U.S. businesses from July 2021 through November 2022. via @mattkapko.com cyberscoop.com/russian-alek...
Reposted by Tim Starks
A digital privacy group says agencies are collecting too much data on Americans and using AI tools to make connections that may not be valid. via @derekbjohnson.bsky.social cyberscoop.com/government-d...
Report: Government data mining has gone too far – and AI will make it worse
A digital privacy group says agencies are collecting too much data on Americans and using AI tools to make connections that may not be valid.
cyberscoop.com
November 7, 2025 at 9:53 PM
A digital privacy group says agencies are collecting too much data on Americans and using AI tools to make connections that may not be valid. via @derekbjohnson.bsky.social cyberscoop.com/government-d...
Reposted by Tim Starks
About 70% of orgs still haven't patched those Cisco ASA vulns btw. If I was a ransomware group I'd invest in n-day (old) Cisco ASA AnyConnect vulns, as vast majority of orgs don't bother patching as they're too busy having a mass wank about quantum and AI risks.
cyberplace.social/@GossiTheDog...
cyberplace.social/@GossiTheDog...
November 6, 2025 at 11:35 PM
About 70% of orgs still haven't patched those Cisco ASA vulns btw. If I was a ransomware group I'd invest in n-day (old) Cisco ASA AnyConnect vulns, as vast majority of orgs don't bother patching as they're too busy having a mass wank about quantum and AI risks.
cyberplace.social/@GossiTheDog...
cyberplace.social/@GossiTheDog...
Reposted by Tim Starks
The Pentagon on Thursday rolled out the final version of the latest model for how the U.S. military will build its cyber forces over the next several years, an approach that is unlikely to quell growing calls for a separate service.
On @therecordmedia.bsky.social
therecord.media/revised-cybe...
On @therecordmedia.bsky.social
therecord.media/revised-cybe...
Don't call it Cyber Command 2.0: Master plan for digital forces will take years to implement
The latest model for improving U.S. Cyber Command is circulating at the Pentagon. Some of the initiatives will spill into the next decade — an approach that is sure to create friction on Capitol Hill ...
therecord.media
November 7, 2025 at 7:35 PM
The Pentagon on Thursday rolled out the final version of the latest model for how the U.S. military will build its cyber forces over the next several years, an approach that is unlikely to quell growing calls for a separate service.
On @therecordmedia.bsky.social
therecord.media/revised-cybe...
On @therecordmedia.bsky.social
therecord.media/revised-cybe...
New Landfall spyware apparently targeting Samsung phones in Middle East cyberscoop.com/landfall-spy...
New Landfall spyware apparently targeting Samsung phones in Middle East
A new commercial-grade spyware has apparently been targeting Samsung Galaxy phones in the Middle East, but it’s not clear who’s behind it, researchers said in a blog post Friday.
cyberscoop.com
November 7, 2025 at 8:03 PM
New Landfall spyware apparently targeting Samsung phones in Middle East cyberscoop.com/landfall-spy...
Reposted by Tim Starks
Suspected foreign hackers reportedly breached Congressional Budget Office, possibly exposing communications with lawmakers. via @timstarks.bsky.social cyberscoop.com/congressiona...
Agency that provides budget data to Congress hit with security incident
A spokesperson for the Congressional Budget Office (CBO) acknowledged the incident Thursday, with the attackers potentially accessing communications between lawmakers and researchers at the agency.
cyberscoop.com
November 6, 2025 at 10:32 PM
Suspected foreign hackers reportedly breached Congressional Budget Office, possibly exposing communications with lawmakers. via @timstarks.bsky.social cyberscoop.com/congressiona...
Reposted by Tim Starks
🚨 SCOOP: Congressional Budget Office believed to be hacked for foreign actor
Congressional Budget Office believed to be hacked by foreign actor
The Congressional Budget Office formulates economic projections for lawmakers, and every bill taken up in either chamber of Congress gets a CBO “score” of how much it would add to the national debt.
www.washingtonpost.com
November 6, 2025 at 9:42 PM
🚨 SCOOP: Congressional Budget Office believed to be hacked for foreign actor
Reposted by Tim Starks
This will be *interesting*: Tinder to begin accessing your camera roll for “insight” & training its AI models #privacy #AI techcrunch.com/2025/11/05/t...
Tinder to use AI to get to know users, tap into their Camera Roll photos | TechCrunch
Tinder is testing a feature called Chemistry that will get to know users through questions and, with permission, will access Camera Roll photos on their phones to learn more about their interests and ...
techcrunch.com
November 6, 2025 at 4:02 PM
This will be *interesting*: Tinder to begin accessing your camera roll for “insight” & training its AI models #privacy #AI techcrunch.com/2025/11/05/t...
Reposted by Tim Starks
Vital piece of investigative reporting from Sky. They've uncovered the X algorithm which feeds users extremist right wing material from the moment they join the site. It is a far-right radicalisation engine, by design.
news.sky.com/story/the-x-...
news.sky.com/story/the-x-...
Elon Musk is boosting the British right - and this shows how
Elon Musk is boosting the British right - and this shows how
news.sky.com
November 6, 2025 at 7:23 AM
Vital piece of investigative reporting from Sky. They've uncovered the X algorithm which feeds users extremist right wing material from the moment they join the site. It is a far-right radicalisation engine, by design.
news.sky.com/story/the-x-...
news.sky.com/story/the-x-...
Reposted by Tim Starks
Meta earns $3.5 billion every six months from showing Faceboon and Instagram users 15 billion “higher legal risk” scam ad impressions a day, internal documents state.
That haul vastly exceeds how much the company expects regulators
To fine it for running scam ads.
www.reuters.com/investigatio...
That haul vastly exceeds how much the company expects regulators
To fine it for running scam ads.
www.reuters.com/investigatio...
www.reuters.com
November 6, 2025 at 11:46 AM
Meta earns $3.5 billion every six months from showing Faceboon and Instagram users 15 billion “higher legal risk” scam ad impressions a day, internal documents state.
That haul vastly exceeds how much the company expects regulators
To fine it for running scam ads.
www.reuters.com/investigatio...
That haul vastly exceeds how much the company expects regulators
To fine it for running scam ads.
www.reuters.com/investigatio...
Reposted by Tim Starks
Cfius agreements with Chinese companies “do not protect national security,” said Matthew Pottinger, who now chairs the China program at the Foundation for Defense of Democracies. “It’s a fig leaf for capitulation.”
www.bloomberg.com/news/feature...
www.bloomberg.com/news/feature...
Saga of Chinese Trucking Firm Exposes US National Security Gaps
American officials thought they’d secured a deal with TuSimple to protect autonomous-driving technology. It didn’t work.
www.bloomberg.com
November 6, 2025 at 11:18 AM
Cfius agreements with Chinese companies “do not protect national security,” said Matthew Pottinger, who now chairs the China program at the Foundation for Defense of Democracies. “It’s a fig leaf for capitulation.”
www.bloomberg.com/news/feature...
www.bloomberg.com/news/feature...
Reposted by Tim Starks
DHS says it’s proceeding with planned layoffs at the Cybersecurity and Infrastructure Security Agency, despite a recent court order barring workforce reductions across parts of the federal government during the ongoing shutdown:
www.nextgov.com/people/2025/...
www.nextgov.com/people/2025/...
DHS says shutdown layoffs at CISA will proceed despite court injunction
The cybersecurity agency says it has complied with the court’s order because the firing of 54 people in its Stakeholder Engagement Division was planned beforehand and doesn’t affect unionized employee...
www.nextgov.com
November 5, 2025 at 7:48 PM
DHS says it’s proceeding with planned layoffs at the Cybersecurity and Infrastructure Security Agency, despite a recent court order barring workforce reductions across parts of the federal government during the ongoing shutdown:
www.nextgov.com/people/2025/...
www.nextgov.com/people/2025/...
Reposted by Tim Starks
CISA's filing in the shutdown layoffs lawsuit provides the first confirmed count of laid-off employees in the Stakeholder Engagement Division: storage.courtlistener.com/recap/gov.us... (h/t www.nextgov.com/people/2025/...)
CISA says employees are exempt from injunction b/c they're not in a union.
CISA says employees are exempt from injunction b/c they're not in a union.
November 5, 2025 at 8:12 PM
CISA's filing in the shutdown layoffs lawsuit provides the first confirmed count of laid-off employees in the Stakeholder Engagement Division: storage.courtlistener.com/recap/gov.us... (h/t www.nextgov.com/people/2025/...)
CISA says employees are exempt from injunction b/c they're not in a union.
CISA says employees are exempt from injunction b/c they're not in a union.
With each cloud outage, calls for government action grow louder by @derekbjohnson.bsky.social @mirandanazzaro.bsky.social cyberscoop.com/with-each-cl...
With each cloud outage, calls for government action grow louder
Public interest groups want the feds to investigate the systemic risk from market consolidation, while tech and security experts worry about single points of failure.
cyberscoop.com
November 5, 2025 at 9:43 PM
With each cloud outage, calls for government action grow louder by @derekbjohnson.bsky.social @mirandanazzaro.bsky.social cyberscoop.com/with-each-cl...
Reposted by Tim Starks
An IG audit found that the CFPB hasn’t maintained “an effective level of awareness of security vulnerabilities” following staff departures and diminished contractor support. via @mattbracken.bsky.social fedscoop.com/cfpb-cyberse...
CFPB’s cybersecurity program ‘not effective’ after staff cuts, watchdog says
An IG audit found that the CFPB hasn’t maintained “an effective level of awareness of security vulnerabilities” following staff departures and diminished contractor support.
fedscoop.com
November 5, 2025 at 3:20 PM
An IG audit found that the CFPB hasn’t maintained “an effective level of awareness of security vulnerabilities” following staff departures and diminished contractor support. via @mattbracken.bsky.social fedscoop.com/cfpb-cyberse...
Reposted by Tim Starks
I think Google did a good job at not falling into the cyberslop bucket with this report.
There's nothing in the report to suggest orgs need to deviate from foundational security programmes - everything worked as it should.
There's nothing in the report to suggest orgs need to deviate from foundational security programmes - everything worked as it should.
November 5, 2025 at 4:14 PM
I think Google did a good job at not falling into the cyberslop bucket with this report.
There's nothing in the report to suggest orgs need to deviate from foundational security programmes - everything worked as it should.
There's nothing in the report to suggest orgs need to deviate from foundational security programmes - everything worked as it should.
Reposted by Tim Starks
NEW: After all of that, a federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people. cyberscoop.com/court-reimpo...
Court reimposes original sentence for Capital One hacker
A federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than...
cyberscoop.com
November 5, 2025 at 8:45 PM
NEW: After all of that, a federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people. cyberscoop.com/court-reimpo...
In an exclusive, Rep. Raja Krishnamoorthi, D-Ill., told CyberScoop that policymakers must learn from past mistakes around 5G. @cyberscoop.bsky.social @derekbjohnson.bsky.social cyberscoop.com/exclusive-ch...
Congressional leaders want an executive branch strategy on China 6G, tech supply chain
In an exclusive, Rep. Raja Krishnamoorthi, D-Ill., told CyberScoop that policymakers must learn from past mistakes around 5G.
cyberscoop.com
November 5, 2025 at 8:18 PM
In an exclusive, Rep. Raja Krishnamoorthi, D-Ill., told CyberScoop that policymakers must learn from past mistakes around 5G. @cyberscoop.bsky.social @derekbjohnson.bsky.social cyberscoop.com/exclusive-ch...
Reposted by Tim Starks
In addition to affordability, New York City’s mayor-elect will be forced to reckon with the NYPD’s sweeping mass surveillance operations. www.wired.com/story/welcom...
Zohran Mamdani Just Inherited the NYPD Surveillance State
In addition to affordability, New York City’s mayor-elect will be forced to reckon with the NYPD’s sweeping mass surveillance operations.
www.wired.com
November 5, 2025 at 5:57 PM
In addition to affordability, New York City’s mayor-elect will be forced to reckon with the NYPD’s sweeping mass surveillance operations. www.wired.com/story/welcom...
Reposted by Tim Starks
Full text here: www.techpolicy.press/mayor-elect-...
Mayor-Elect Mamdani Can Build a Tech Agenda for New York and a Model for the Country | TechPolicy.Press
By resisting surveillance, extraction, and exploitation, Mamdani can show how technology truly serves the people, writes Rebecca Williams.
www.techpolicy.press
November 5, 2025 at 7:52 PM
Full text here: www.techpolicy.press/mayor-elect-...
A surgical robot and a rose for a story about a lawmaker letter. cyberscoop.com/house-gop-le...
House GOP leaders seek government probe, restrictions on Chinese-made tech
They cited past cyberattacks from Beijing as evidence of the threats posed by Chinese tech in areas like AI or energy generation.
cyberscoop.com
November 5, 2025 at 7:00 PM
A surgical robot and a rose for a story about a lawmaker letter. cyberscoop.com/house-gop-le...