Tim Starks
@timstarks.bsky.social
Senior reporter, CyberScoop, covering spyware, cyber policy and more. Russia-sanctioned. Former Washington Post, POLITICO, CQ Roll Call. @timstarks.02 on Signal. tim.starks@cyberscoop.com. Mastodon timstarks@infosec.exchange, X timstarks, Threads tstarks2.
Reposted by Tim Starks
Amazon is the latest company to roll out AI bug bounty program, giving external researchers the ability to test their models for vulnerabilities. 👀 🪲
Full scoop from @cyberscoop.bsky.social 's @derekbjohnson.bsky.social 📰 ➡️ cyberscoop.com/amazon-bug-b...
Full scoop from @cyberscoop.bsky.social 's @derekbjohnson.bsky.social 📰 ➡️ cyberscoop.com/amazon-bug-b...
November 12, 2025 at 3:22 PM
Amazon is the latest company to roll out AI bug bounty program, giving external researchers the ability to test their models for vulnerabilities. 👀 🪲
Full scoop from @cyberscoop.bsky.social 's @derekbjohnson.bsky.social 📰 ➡️ cyberscoop.com/amazon-bug-b...
Full scoop from @cyberscoop.bsky.social 's @derekbjohnson.bsky.social 📰 ➡️ cyberscoop.com/amazon-bug-b...
Reposted by Tim Starks
NEW: @timstarks.bsky.social looks at President Trump’s dismissive remarks on cyber threats, and how they contrast sharply with his administration’s official calls for action, specifically China cyberscoop.com/trump-cyber-...
While White House demands deterrence, Trump shrugs
U.S. cyber officials have pushed for strong action against foreign hacking, while President Trump has downplayed threats, creating mixed signals on cyber defense policy.
cyberscoop.com
November 12, 2025 at 7:53 PM
NEW: @timstarks.bsky.social looks at President Trump’s dismissive remarks on cyber threats, and how they contrast sharply with his administration’s official calls for action, specifically China cyberscoop.com/trump-cyber-...
Reposted by Tim Starks
Public Citizen’s letter urges OpenAI to temporarily take Sora 2 offline and work with outside experts to prevent the spread of harmful deepfakes. via @derekbjohnson.bsky.social cyberscoop.com/sora-2-deepf...
Advocacy group calls on OpenAI to address Sora 2’s deepfake risks
Public Citizen’s letter urges OpenAI to temporarily take Sora 2 offline and work with outside experts to prevent the spread of harmful deepfakes.
cyberscoop.com
November 12, 2025 at 8:58 PM
Public Citizen’s letter urges OpenAI to temporarily take Sora 2 offline and work with outside experts to prevent the spread of harmful deepfakes. via @derekbjohnson.bsky.social cyberscoop.com/sora-2-deepf...
Reposted by Tim Starks
The suspected Chinese schemers behind it enable those constant fake E-Z Pass and U.S. Postal Service smishing messages. via @timstarks.bsky.social cyberscoop.com/google-files...
Google files lawsuit against Lighthouse ‘phishing for dummies’ text scammers
Google on Wednesday filed a lawsuit against pesky text message scammers in an attempt to disrupt a “phishing for dummies” operation the company accuses of victimizing more than 1 million people.
cyberscoop.com
November 12, 2025 at 8:59 PM
The suspected Chinese schemers behind it enable those constant fake E-Z Pass and U.S. Postal Service smishing messages. via @timstarks.bsky.social cyberscoop.com/google-files...
Reposted by Tim Starks
Forty House and Senate members tell Democratic governors they may not be aware of how much they’re sharing with ICE and other immigration agencies. via @derekbjohnson.bsky.social cyberscoop.com/congressiona...
Congressional Dems press governors to block feds from accessing state DMV data
Forty Democratic members of the House and Senate issued a joint letter Wednesday to 19 states led by Democratic governors, urging them to block Immigrations and Customs Enforcement and other federal a...
cyberscoop.com
November 12, 2025 at 9:26 PM
Forty House and Senate members tell Democratic governors they may not be aware of how much they’re sharing with ICE and other immigration agencies. via @derekbjohnson.bsky.social cyberscoop.com/congressiona...
Reposted by Tim Starks
Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns. via @gregotto.bsky.social cyberscoop.com/operation-en...
Operation Endgame targets malware networks in global crackdown
Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns.
cyberscoop.com
November 13, 2025 at 3:56 PM
Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns. via @gregotto.bsky.social cyberscoop.com/operation-en...
Reposted by Tim Starks
The newspaper said a “bad actor” contacted the company in late September, prompting an investigation that nearly a month later confirmed the extent of compromise. via @mattkapko.com cyberscoop.com/washington-p...
Washington Post confirms data on nearly 10,000 people stolen from its Oracle environment
The newspaper said a “bad actor” contacted the company in late September, prompting an investigation that nearly a month later confirmed the extent of compromise.
cyberscoop.com
November 13, 2025 at 5:38 PM
The newspaper said a “bad actor” contacted the company in late September, prompting an investigation that nearly a month later confirmed the extent of compromise. via @mattkapko.com cyberscoop.com/washington-p...
Reposted by Tim Starks
The Senate's approved funding package to re-open the government contains a silver lining for state & local cybersecurity professionals. 👀
It continues a cyber grant program and the 2015 Cybersecurity Information Sharing Act. 🔒
@colinwood.me 📰➡️ statescoop.com/state-local-...
It continues a cyber grant program and the 2015 Cybersecurity Information Sharing Act. 🔒
@colinwood.me 📰➡️ statescoop.com/state-local-...
November 12, 2025 at 6:56 PM
The Senate's approved funding package to re-open the government contains a silver lining for state & local cybersecurity professionals. 👀
It continues a cyber grant program and the 2015 Cybersecurity Information Sharing Act. 🔒
@colinwood.me 📰➡️ statescoop.com/state-local-...
It continues a cyber grant program and the 2015 Cybersecurity Information Sharing Act. 🔒
@colinwood.me 📰➡️ statescoop.com/state-local-...
Reposted by Tim Starks
After more than four years of development and multiple delays, the British government on Wednesday introduced its landmark Cyber Security and Resilience Bill to Parliament, threatening large fines for companies that fail to protect themselves from cyberattacks.
Here's what you need to know ⤵️
Here's what you need to know ⤵️
British government unveils long-awaited landmark cybersecurity bill
After years of delays, the British government introduced its landmark Cyber Security and Resilience Bill to Parliament, threatening large fines for companies that fail to protect themselves from cyber...
therecord.media
November 12, 2025 at 6:39 PM
After more than four years of development and multiple delays, the British government on Wednesday introduced its landmark Cyber Security and Resilience Bill to Parliament, threatening large fines for companies that fail to protect themselves from cyberattacks.
Here's what you need to know ⤵️
Here's what you need to know ⤵️
I took a look at how Trump officials' comments on cyber deterrence contrast with the man himself, and what it means or reflects for the global scene. cyberscoop.com/trump-cyber-...
While White House demands deterrence, Trump shrugs
U.S. cyber officials have pushed for strong action against foreign hacking, while President Trump has downplayed threats, creating mixed signals on cyber defense policy.
cyberscoop.com
November 12, 2025 at 7:51 PM
I took a look at how Trump officials' comments on cyber deterrence contrast with the man himself, and what it means or reflects for the global scene. cyberscoop.com/trump-cyber-...
Reposted by Tim Starks
Secure by design is shifting from vision to standard. Progress: >50% of apps now pass OWASP Top 10 checks (up from <33% in 2020), exploitable flaws dropped from 3.6% to 2.6%. But 70% of apps still have major flaws. Success means making security part of every build. www.forbes.com/councils/for...
Advancing Secure By Design From Ambition To Industry Standard
Real victory will come when secure by design isn’t a special initiative but the standard starting point for every project.
www.forbes.com
November 12, 2025 at 1:14 PM
Secure by design is shifting from vision to standard. Progress: >50% of apps now pass OWASP Top 10 checks (up from <33% in 2020), exploitable flaws dropped from 3.6% to 2.6%. But 70% of apps still have major flaws. Success means making security part of every build. www.forbes.com/councils/for...
Reposted by Tim Starks
This is good news! I don’t think people realize how easy it is to get started in delivering malware.
Rhadamanthys was $299 a month, so for less than a car payment for most people you could potentially collect hundreds of thousands of emails/credit card numbers/wallets a month.
Rhadamanthys was $299 a month, so for less than a car payment for most people you could potentially collect hundreds of thousands of emails/credit card numbers/wallets a month.
Rhadamanthys infostealer disrupted as cybercriminals lose server access
The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers.
www.bleepingcomputer.com
November 12, 2025 at 1:38 PM
This is good news! I don’t think people realize how easy it is to get started in delivering malware.
Rhadamanthys was $299 a month, so for less than a car payment for most people you could potentially collect hundreds of thousands of emails/credit card numbers/wallets a month.
Rhadamanthys was $299 a month, so for less than a car payment for most people you could potentially collect hundreds of thousands of emails/credit card numbers/wallets a month.
Reposted by Tim Starks
NEW: Google is taking legal action against Chinese cybercriminals responsible for sending out millions of scam text messages—including those parcel delivery scams.
Google hopes the lawsuit will help to disrupt the scammers' sprawling infrastructure
Google hopes the lawsuit will help to disrupt the scammers' sprawling infrastructure
This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation
Google is suing 25 people it alleges are behind a “relentless” scam text operation that uses a phishing-as-a-service platform called Lighthouse.
www.wired.com
November 12, 2025 at 10:36 AM
NEW: Google is taking legal action against Chinese cybercriminals responsible for sending out millions of scam text messages—including those parcel delivery scams.
Google hopes the lawsuit will help to disrupt the scammers' sprawling infrastructure
Google hopes the lawsuit will help to disrupt the scammers' sprawling infrastructure
Reposted by Tim Starks
Exclusive: Democratic-led states are inadvertently sharing drivers' data with ICE, officials say @raphae.li www.reuters.com/world/democr...
www.reuters.com
November 12, 2025 at 1:59 PM
Exclusive: Democratic-led states are inadvertently sharing drivers' data with ICE, officials say @raphae.li www.reuters.com/world/democr...
Pentagon begins enforcing CMMC compliance, but readiness gaps remain by @mikaylaeasley.bsky.social defensescoop.com/2025/11/10/c...
Pentagon begins enforcing CMMC compliance, but readiness gaps remain
An amendment to the DFARS went into effect Nov. 10, officially mandating that all Defense Department solicitations and contracts include requirements for Cybersecurity Maturity Model Certification 2.0...
defensescoop.com
November 11, 2025 at 6:31 PM
Pentagon begins enforcing CMMC compliance, but readiness gaps remain by @mikaylaeasley.bsky.social defensescoop.com/2025/11/10/c...
Reposted by Tim Starks
The spyware that is now in ICE's hands has been (by another government) against journalists and activists in Italy, as well as a top CEO, and a political consultant. Matteo Renzi, Italy's former prime minister, calls it the Italian Watergate. Now it's landed here: www.theguardian.com/technology/2...
Tech giants vow to defend users in US as spyware companies make inroads with Trump administration
Apple and WhatsApp say they will keep warning users if their phones are targeted by governments using hacking software against them
www.theguardian.com
November 10, 2025 at 6:22 PM
The spyware that is now in ICE's hands has been (by another government) against journalists and activists in Italy, as well as a top CEO, and a political consultant. Matteo Renzi, Italy's former prime minister, calls it the Italian Watergate. Now it's landed here: www.theguardian.com/technology/2...
Reposted by Tim Starks
EXCLUSIVE: DOGE whistleblower and former SSA Chief Data Officer Chuck Borges is running for office.
In his first interview since announcing his campaign for Maryland State Senate, he describes being sidelined at SSA + why government needs more technologists.
www.wired.com/story/doge-w...
In his first interview since announcing his campaign for Maryland State Senate, he describes being sidelined at SSA + why government needs more technologists.
www.wired.com/story/doge-w...
This DOGE Whistleblower Is Running for Office
WIRED spoke with Chuck Borges, the former SSA data chief turned DOGE whistleblower, who is running to represent southern Maryland in the state’s senate.
www.wired.com
November 11, 2025 at 4:14 PM
EXCLUSIVE: DOGE whistleblower and former SSA Chief Data Officer Chuck Borges is running for office.
In his first interview since announcing his campaign for Maryland State Senate, he describes being sidelined at SSA + why government needs more technologists.
www.wired.com/story/doge-w...
In his first interview since announcing his campaign for Maryland State Senate, he describes being sidelined at SSA + why government needs more technologists.
www.wired.com/story/doge-w...
What’s left to worry (and not worry) about in the F5 breach aftermath by @mattkapko.com @cyberscoop.bsky.social cyberscoop.com/f5-vulnerabi...
What’s left to worry (and not worry) about in the F5 breach aftermath
Researchers say the nation-state attacker could cause more serious problems with the BIG-IP source code it nabbed during the attack on F5’s systems.
cyberscoop.com
November 11, 2025 at 2:41 PM
What’s left to worry (and not worry) about in the F5 breach aftermath by @mattkapko.com @cyberscoop.bsky.social cyberscoop.com/f5-vulnerabi...
Reposted by Tim Starks
so if i’m reading this correctly, the North Koreans are wiping the phones of young defectors not to conceal evidence of compromise — because nothing draws attention to a compromise like a a wipe — but to just demoralize and terrorize.
North Korean hackers from the KONNI activity cluster are abusing Google's Find Hub tool to track their targets' GPS positions and trigger remote factory resets of Android devices.
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
North Korean hackers from the KONNI activity cluster are abusing Google's Find Hub tool to track their targets' GPS positions and trigger remote factory resets of Android devices.
www.bleepingcomputer.com
November 11, 2025 at 1:12 AM
so if i’m reading this correctly, the North Koreans are wiping the phones of young defectors not to conceal evidence of compromise — because nothing draws attention to a compromise like a a wipe — but to just demoralize and terrorize.
Reposted by Tim Starks
Tbh It would be really embarrassing to have a whole infamous spy agency and then be defeated in military operations by a reporter. Zero offense or Bellingcat.
Russian state media are today alleging that a Bellingcat reporter was involved in an attempt to hijack a Russian fighter plane.
We would like to make clear that Bellingcat had absolutely no involvement in the alleged activities and the accusations towards us are entirely false.
We would like to make clear that Bellingcat had absolutely no involvement in the alleged activities and the accusations towards us are entirely false.
November 11, 2025 at 2:12 PM
Tbh It would be really embarrassing to have a whole infamous spy agency and then be defeated in military operations by a reporter. Zero offense or Bellingcat.
Reposted by Tim Starks
And how about when they seize reporters’ phone records without telling us?
www.nytimes.com/2025/11/10/u...
www.nytimes.com/2025/11/10/u...
Spending Bill Would Pave Way for Senators to Sue Over Phone Searches
www.nytimes.com
November 11, 2025 at 2:08 AM
And how about when they seize reporters’ phone records without telling us?
www.nytimes.com/2025/11/10/u...
www.nytimes.com/2025/11/10/u...
Reposted by Tim Starks
"NSO Group, the Israeli company behind Pegasus spyware, says a group of investors led by Hollywood producer Robert Simonds has acquired a controlling stake in the firm, which has named a former Trump official to lead an effort to restore its battered reputation." www.wsj.com/tech/israeli...
Israeli Spyware Maker NSO Gets New Owners, Leadership and Seeks to Mend Reputation
Investors led by Hollywood producer Robert Simonds have taken a controlling stake in the company behind Pegasus, and former Trump official David Friedman has been named executive chairman.
www.wsj.com
November 10, 2025 at 2:08 PM
"NSO Group, the Israeli company behind Pegasus spyware, says a group of investors led by Hollywood producer Robert Simonds has acquired a controlling stake in the firm, which has named a former Trump official to lead an effort to restore its battered reputation." www.wsj.com/tech/israeli...
Reposted by Tim Starks
I know everyone is rightfully worked up over this govt funding bill but @timstarks.bsky.social and I found the cyber angle: if passed, CISA 2015 would go back into law until Jan 30 2026 cyberscoop.com/cisa-2015-sh...
Cyber information sharing law would get extension under shutdown deal bill
The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.
cyberscoop.com
November 10, 2025 at 2:11 PM
I know everyone is rightfully worked up over this govt funding bill but @timstarks.bsky.social and I found the cyber angle: if passed, CISA 2015 would go back into law until Jan 30 2026 cyberscoop.com/cisa-2015-sh...
Cyber information sharing law would get extension under shutdown deal bill cyberscoop.com/cisa-2015-sh...
Cyber information sharing law would get extension under shutdown deal bill
The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.
cyberscoop.com
November 10, 2025 at 1:31 PM
Cyber information sharing law would get extension under shutdown deal bill cyberscoop.com/cisa-2015-sh...
Reposted by Tim Starks
this is a big and extremely dangerous deal. pegasus has been a tool of repression around the world.
is this the pivot to attacking american journalists, lawyers, civil society activists?
is this the pivot to attacking american journalists, lawyers, civil society activists?
UPDATE: NSO just hired former Trump ambassador to Israel.
They're trying to push Pegasus spyware to 🇺🇸America.
Your rights and freedoms are in danger.
NSO Group is no friend to the US & has spent years undermining our security & values 1/
They're trying to push Pegasus spyware to 🇺🇸America.
Your rights and freedoms are in danger.
NSO Group is no friend to the US & has spent years undermining our security & values 1/
November 9, 2025 at 10:14 PM
this is a big and extremely dangerous deal. pegasus has been a tool of repression around the world.
is this the pivot to attacking american journalists, lawyers, civil society activists?
is this the pivot to attacking american journalists, lawyers, civil society activists?