As a person who has followed Iranian cyberespionage operations for more than a decade, this story is crazypants and you should read it:

https://www.theatlantic.com/magazine/2026/01/mohammad-tajik-iran-cyber-intelligence/684954/?gift=kPTlqn0J1iP9IBZcsdI5IUTLJcsVKq12m0EyVlSYJBQ&utm_source=copy-link&utm_medium=social&utm_campaign=share

my workplace is hiring! if this sounds like it could fit you (or someone you know), please shoot your shot or pass it on!

key points:
- network engineer
- beginning to mid level
- US citizen or legal res
- shouldn’t hate women or diversity (this one’s mainly for twitter)
- you’d have to work with me. a lot

link: https://blueorigin.wd5.myworkdayjobs.com/BlueOrigin/job/Seattle-WA/Avionics-Network-Integration-Engineer-III---New-Glenn_R53158

Best quote I've seen all day so far, from an Ars piece by @dangoodin on skepticism around OpenAI's breathless claim that a Chinese hacking group used Claude code to automate 90 percent of their attack:

“I continue to refuse to believe that attackers are somehow able to get these models to jump through hoops that nobody else can,” Dan Tentler, executive founder of Phobos Group and a researcher with expertise in complex security breaches, told Ars. “Why do the models give these attackers what they want 90% of the time but the rest of us have to deal with ass-kissing, stonewalling, and acid trips?”

https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

NEW: Peter Williams, the former head of Western zero-day and spyware maker Trenchant, pleaded guilty to selling eight exploits to a Russian broker that resells to the Russian government.

The DOJ said Williams was promised millions of dollars in exchange for "national-security focused software."

https://techcrunch.com/2025/10/29/former-l3harris-trenchant-boss-pleads-guilty-to-selling-zero-day-exploits-to-russian-broker/

There’s a bunch of new Netscaler vulns being exploited as zero days. Patches just out now.

Preauth RCE being used to drop webshells to backdoor orgs. CVE-2025-7775 is the main problem.

Orgs will need to do IR afterwards as technical details emerge of backdoor.

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424

There is a new short domain name for #PuTTY!

https://putty.software/

At present, this is just a "landing page": a nice short name to remember, which will redirect you to the full PuTTY website at the same longer URL where it's always been.

But unlike putty.org or other third-party landing pages, this one is run by us, the actual PuTTY team, and it doesn't have a weird separate agenda of its own.

I intend to move the main PuTTY site over to that domain in the future, and leave just a redirector at the old location. But first I want to get the word out, so that people know which site to trust.

If anyone is still linking to putty.org, here's a place to link to instead. Please spread the word!

People who’ve been to war say don’t go to war.

https://www.nytimes.com/2025/07/28/world/asia/japan-veterans-world-war-ii.html?unlocked_article_code=1.Z08.368G.Bdbm4asDvEVc&smid=nytcore-ios-share&referringSource=articleShare