Tim Starks
@timstarks.bsky.social
Senior reporter, CyberScoop, covering spyware, cyber policy and more. Russia-sanctioned. Former Washington Post, POLITICO, CQ Roll Call. @timstarks.02 on Signal. tim.starks@cyberscoop.com. Mastodon timstarks@infosec.exchange, X timstarks, Threads tstarks2.
Reposted by Tim Starks
The MEGA Act and SAVE Act would dramatically transform U.S. election laws in a quest to curb election fraud. Audits and experts say improprieties are extremely rare. via @derekbjohnson.bsky.social cyberscoop.com/republicans-...
GOP Congress moves to shape election law in Trump’s image
The MEGA Act and SAVE Act would dramatically transform U.S. election laws in a quest to curb election fraud. Audits and experts say improprieties are extremely rare.
cyberscoop.com
February 11, 2026 at 5:34 PM
The MEGA Act and SAVE Act would dramatically transform U.S. election laws in a quest to curb election fraud. Audits and experts say improprieties are extremely rare. via @derekbjohnson.bsky.social cyberscoop.com/republicans-...
This is an interesting project.
Very excited about this new @knightcolumbia.org project, both because it gives us the chance to look beyond the current democratic crisis and because so many super people have already agreed to participate. knightcolumbia.org/content/new-...
New Knight Institute Initiative to Focus on “Reconstructing Free Expression” After Trump
knightcolumbia.org
February 11, 2026 at 7:02 PM
This is an interesting project.
Reposted by Tim Starks
The Cybersecurity and Infrastructure Security Agency said the attack highlighted threats from vulnerable edge devices to operational technology and industrial control systems. via @timstarks.bsky.social cyberscoop.com/cisa-warning...
After major Poland energy grid cyberattack, CISA issues warning to U.S. audience
A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and ...
cyberscoop.com
February 10, 2026 at 4:59 PM
The Cybersecurity and Infrastructure Security Agency said the attack highlighted threats from vulnerable edge devices to operational technology and industrial control systems. via @timstarks.bsky.social cyberscoop.com/cisa-warning...
Reposted by Tim Starks
China appears to be using a secret training platform to rehearse cyberattacks against the critical infrastructure of its closest neighbors, according to a cache of leaked technical documents reviewed by Recorded Future News.
Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure
Internal files describe a training platform as part of a large integrated system designed to allow attackers to practice hacking replicas of “the real network environments” of China’s “main operationa...
therecord.media
February 9, 2026 at 5:13 PM
China appears to be using a secret training platform to rehearse cyberattacks against the critical infrastructure of its closest neighbors, according to a cache of leaked technical documents reviewed by Recorded Future News.
Reposted by Tim Starks
NEW: A hacktivist scraped than half a million payment records from a stalkerware and consumer surveillance tech maker, exposing customers' email addresses and partial card numbers.
The hackvisit told us they did it because they think these companies are "creepy."
The hackvisit told us they did it because they think these companies are "creepy."
Exclusive: Hacktivist scrapes over 500,000 stalkerware customers' payment records
More than half-a-million people who bought access to phone surveillance and social media snooping apps had their email address and partial payment card numbers published online.
techcrunch.com
February 9, 2026 at 4:29 PM
NEW: A hacktivist scraped than half a million payment records from a stalkerware and consumer surveillance tech maker, exposing customers' email addresses and partial card numbers.
The hackvisit told us they did it because they think these companies are "creepy."
The hackvisit told us they did it because they think these companies are "creepy."
Not seeing any responses to “most racist thing this White House has done” along the lines of “should there be so many you have to rank them, senator who supports the president?”
February 6, 2026 at 10:54 PM
Not seeing any responses to “most racist thing this White House has done” along the lines of “should there be so many you have to rank them, senator who supports the president?”
Reposted by Tim Starks
He was also talking about Blackhat back in 2009.
bsky.app/profile/bsky...
bsky.app/profile/bsky...
Interesting that Epstein refers to potentially going to the Black Hat convention here in conversation with Boris Nikolic in 2009, the earliest reference to a hacker or infosec con I have found so far.
www.justice.gov/epstein/file...
www.justice.gov/epstein/file...
![To:
Nikolic, Borisl
From:
Sent:
Jeffrey Epstein
Mon 12/14/2009 6:45:23 PM
Subject: Re:
and you should think about who at davos as in interest.. security, military.
On Mon, Dec 14, 2009 at 1:40 PM, Nikolic, Boris 4
Black hate convention in Las Vegas in June oir July?
They should be great people to break codes,
wrote:
From: Jeffrey Epstein [mailto:jeevacation@gmail.com]
Sent: Mon 12/14/2009 12:57 PM
To: Nikolic, Boris Subject:
I went through the list,, no one stands out that i don't already know...
---however I think we should find great hackers, at the black hat convention and see if we can get them to help with bio/
The information contained in this communication is confidential, may be attorney-client privileged, may constitute inside information, and is intended only for the use of the addressee. It is the property of Jeffrey Epstein
Unauthorized use, disclosure or copying of this communication or any part thereof is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by return e-mail or by e-mail to jeevacation@gmail.com, and destroy this communication and all copies thereof, including all attachments.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:2nhudqe7uplgqvnt72p2vxnb/bafkreierz5uvusbjhbsf27f7le4ih5pl7q6jr5h37bjfu3a5arpj55o6wm@jpeg)
February 6, 2026 at 4:52 PM
He was also talking about Blackhat back in 2009.
bsky.app/profile/bsky...
bsky.app/profile/bsky...
Epstein/hackers overlap, again www.reddit.com/r/Defcon/com...
From the Defcon community on Reddit: Jeffery Epstein went to DEFCON 26. Been Monitoring Since DEFCON 21
Explore this post and more from the Defcon community
www.reddit.com
February 6, 2026 at 4:13 PM
Epstein/hackers overlap, again www.reddit.com/r/Defcon/com...
Reposted by Tim Starks
The Winter Olympics opening ceremony takes place today, with the world’s eyes on the athletes. Behind the scenes, cyber experts from Italy, the US and other nations are watching closely to ensure hacking efforts don’t spoil the show. My new piece: www.politico.com/news/2026/02...
‘Irresistible stage’: Olympic authorities on high alert for cyberattacks as winter games kick off
Officials have already stopped attempted Russian-linked cyberattacks on Italian embassies and Olympic-related venues.
www.politico.com
February 6, 2026 at 2:32 PM
The Winter Olympics opening ceremony takes place today, with the world’s eyes on the athletes. Behind the scenes, cyber experts from Italy, the US and other nations are watching closely to ensure hacking efforts don’t spoil the show. My new piece: www.politico.com/news/2026/02...
Updated this one after a chat with CISA's Nick Andersen.
A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exploits in recent years. via @timstarks.bsky.social cyberscoop.com/cisa-bod-dir...
CISA tells agencies to stop using unsupported edge devices
CISA has told federal agencies to inventory and replace unsupported edge devices like firewalls and routers, reducing exposure to unpatched vulnerabilities.
cyberscoop.com
February 5, 2026 at 7:24 PM
Updated this one after a chat with CISA's Nick Andersen.
Reposted by Tim Starks
A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exploits in recent years. via @timstarks.bsky.social cyberscoop.com/cisa-bod-dir...
CISA tells agencies to stop using unsupported edge devices
CISA has told federal agencies to inventory and replace unsupported edge devices like firewalls and routers, reducing exposure to unpatched vulnerabilities.
cyberscoop.com
February 5, 2026 at 6:32 PM
A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exploits in recent years. via @timstarks.bsky.social cyberscoop.com/cisa-bod-dir...
Reposted by Tim Starks
New: How ICE’s top contractor, one of America’s biggest private prison operators, monetizes virtually everything ICE does including bounties on immigrants, rapidly expanding detention centers, and intensive surveillance. www.bloomberg.com/news/article...
ICE Bounty Hunting Push Aided by Geo Group’s Surveillance Work
A private prison operator that’s profited by detaining immigrants in the US is rapidly shifting to offer surveillance tools, capitalizing on the government’s deportation push by selling human-tracking...
www.bloomberg.com
February 4, 2026 at 1:20 PM
New: How ICE’s top contractor, one of America’s biggest private prison operators, monetizes virtually everything ICE does including bounties on immigrants, rapidly expanding detention centers, and intensive surveillance. www.bloomberg.com/news/article...
Reposted by Tim Starks
Secretaries of State are scrambling to replace cybersecurity services once provided by CISA and other federal agencies.
via @derekbjohnson.bsky.social cyberscoop.com/cisa-electio...
via @derekbjohnson.bsky.social cyberscoop.com/cisa-electio...
As feds pull back, states look inward for election security support
Secretaries of State are scrambling to replace cybersecurity services once provided by CISA and other federal agencies.
cyberscoop.com
February 3, 2026 at 1:18 AM
Secretaries of State are scrambling to replace cybersecurity services once provided by CISA and other federal agencies.
via @derekbjohnson.bsky.social cyberscoop.com/cisa-electio...
via @derekbjohnson.bsky.social cyberscoop.com/cisa-electio...
Reposted by Tim Starks
Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC via @timstarks.bsky.social cyberscoop.com/whats-next-f...
What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing
Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC.
cyberscoop.com
February 3, 2026 at 9:37 PM
Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC via @timstarks.bsky.social cyberscoop.com/whats-next-f...
Reposted by Tim Starks
Cut the regulatory burden, boost information sharing, and get Congress moving: that’s the pitch as the White House readies a new cyber strategy. via @timstarks.bsky.social cyberscoop.com/sean-cairncr...
Sean Cairncross' cybersecurity agenda: less regulation, more cooperation
National Cyber Director Sean Cairncross called on industry to help reduce the cybersecurity regulatory burden and push Congress to renew the Cybersecurity Information Sharing Act.
cyberscoop.com
February 3, 2026 at 6:01 PM
Cut the regulatory burden, boost information sharing, and get Congress moving: that’s the pitch as the White House readies a new cyber strategy. via @timstarks.bsky.social cyberscoop.com/sean-cairncr...
Reposted by Tim Starks
The Black press is traditionally audacious in its truth-telling, but independent Black media cannot go it alone.
"Fort and Lemon being Black journalists in and of itself raises questions about the solidarity they can expect from the media writ large as they fight their charges."
"Fort and Lemon being Black journalists in and of itself raises questions about the solidarity they can expect from the media writ large as they fight their charges."
Opinion | Before her arrest, journalist Georgia Fort gave me dire warnings about the press
The Minnesota journalists’s arrest reflects the Trump administration’s assault on the free press — and her warnings to me ring true today.
www.ms.now
February 2, 2026 at 8:47 PM
The Black press is traditionally audacious in its truth-telling, but independent Black media cannot go it alone.
"Fort and Lemon being Black journalists in and of itself raises questions about the solidarity they can expect from the media writ large as they fight their charges."
"Fort and Lemon being Black journalists in and of itself raises questions about the solidarity they can expect from the media writ large as they fight their charges."
there's always a cyber angle
NEW: Epstein was told in a 2014 email to hire Hector "Sabu" Monsegur, the LulzSec hacker turned FBI informant.
Here's what Monsegur said when I asked him whether he'd ever been contacted by Epstein or his associates.
san.com/cc/jeffrey-e...
Here's what Monsegur said when I asked him whether he'd ever been contacted by Epstein or his associates.
san.com/cc/jeffrey-e...
Jeffrey Epstein wanted to hire ‘top hacker.’ What was he looking for?
Emails released by the DOJ from the inbox of Jeffrey Epstein show the sex offender’s interest in hiring hackers.
san.com
February 2, 2026 at 8:53 PM
there's always a cyber angle
Reposted by Tim Starks
NEW: @mattkapko.com spoke with researchers at Rapid7 (which released IoCs!!!!) about the notepad++ attack cyberscoop.com/china-espion...
China-based espionage group compromised Notepad++ for six months
The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers.
cyberscoop.com
February 2, 2026 at 8:50 PM
NEW: @mattkapko.com spoke with researchers at Rapid7 (which released IoCs!!!!) about the notepad++ attack cyberscoop.com/china-espion...
The world is trying to log off U.S. tech restofworld.org/2026/big-tec...
The world is trying to log off U.S. tech
Some global users are turning to services like Proton Mail and UpScrolled instead.
restofworld.org
February 2, 2026 at 4:59 PM
The world is trying to log off U.S. tech restofworld.org/2026/big-tec...
Reposted by Tim Starks
‘It’s really sad’: US TikTok users rethink app over concerns about privacy and censorship www.theguardian.com/technology/2...
‘It’s really sad’: US TikTok users rethink app over concerns about privacy and censorship
Some users are stepping away from the app after it made a deal to create a US entity and updated terms and conditions
www.theguardian.com
February 2, 2026 at 12:36 PM
‘It’s really sad’: US TikTok users rethink app over concerns about privacy and censorship www.theguardian.com/technology/2...
Reposted by Tim Starks
NEWS: A whistleblower complaint filed 8 months ago alleges wrongdoing about Tulsi Gabbard but has been stalled within her own agency from reaching Congress. The complaint is extremely classified, may involve "executive privilege" and is currently locked in a safe, sources say.
February 2, 2026 at 12:22 PM
NEWS: A whistleblower complaint filed 8 months ago alleges wrongdoing about Tulsi Gabbard but has been stalled within her own agency from reaching Congress. The complaint is extremely classified, may involve "executive privilege" and is currently locked in a safe, sources say.
Reposted by Tim Starks
NEW at this.weekinsecurity.com: Over 100 security researchers and journalists responded to a survey about legal and criminal threats they have faced for doing their jobs.
A key finding is that while legal and criminal threats are common, most researchers and journalists stood their ground.
More:
A key finding is that while legal and criminal threats are common, most researchers and journalists stood their ground.
More:
New survey reveals how security researchers and journalists experience legal and criminal threats
Over 100 security researchers and journalists answered our survey and told us how they experienced threats for doing their work. Here are some of the top takeaways.
this.weekinsecurity.com
February 2, 2026 at 12:39 PM
NEW at this.weekinsecurity.com: Over 100 security researchers and journalists responded to a survey about legal and criminal threats they have faced for doing their jobs.
A key finding is that while legal and criminal threats are common, most researchers and journalists stood their ground.
More:
A key finding is that while legal and criminal threats are common, most researchers and journalists stood their ground.
More:
Reposted by Tim Starks
UK and French govts say they "didn't invite" NSO to participate in Pall Mall after spyware maker trumpets its participation in annual "transparency report." French officials note "extremely serious" allegations involving Pegasus in France
therecord.media/spyware-make...
therecord.media/spyware-make...
Spyware maker is hijacking diplomatic efforts to limit commercial hacking, civil society warns
Spyware maker NSO Group trumpeted the company’s participation in the Pall Mall Process, which drew criticism from civil society leaders and government officials who called out human rights abuses.
therecord.media
February 2, 2026 at 2:25 PM
UK and French govts say they "didn't invite" NSO to participate in Pall Mall after spyware maker trumpets its participation in annual "transparency report." French officials note "extremely serious" allegations involving Pegasus in France
therecord.media/spyware-make...
therecord.media/spyware-make...
Reposted by Tim Starks
Why do your organizing over Signal? So that you don't do your organizing on an app that hasn't been tested or reviewed, run by a guy who doesn't tell his users about data breaches and security problems.
www.ibtimes.co.uk/stopice-hack...
www.ibtimes.co.uk/stopice-hack...
StopICE Data Breach Sent Names And Locations of 100,000 Users to The US Government
StopICE, the anti-ICE activist platform, suffered a major security breach exposing names, logins, phone numbers and GPS locations of over 100,000 users to US federal agencies.
www.ibtimes.co.uk
February 2, 2026 at 4:10 AM
Why do your organizing over Signal? So that you don't do your organizing on an app that hasn't been tested or reviewed, run by a guy who doesn't tell his users about data breaches and security problems.
www.ibtimes.co.uk/stopice-hack...
www.ibtimes.co.uk/stopice-hack...
Reposted by Tim Starks
This isn’t about convicting Don Lemon. It’s unlikely that will happen. It’s about intimidating journalists & making them censure themselves out of fear of consequences. It’s about eroding the free press because the administration can’t afford the criticism.
This just in: "Don Lemon was taken into custody by federal agents last night in Los Angeles, where he was covering the Grammy awards," Lemon's attorney Abbe Lowell says.
January 30, 2026 at 2:44 PM
This isn’t about convicting Don Lemon. It’s unlikely that will happen. It’s about intimidating journalists & making them censure themselves out of fear of consequences. It’s about eroding the free press because the administration can’t afford the criticism.