My favorite IT help desk people

- documents steps for others
- remembers that a rare situation has happened before and it's able to look up what was done last time if it's the same thing
- able to handle a new situation BY READING THE INSTRUCTIONS

worth their freaking weight in gold.

SF awards eligibility 2026:

My novel "A Conventional Boy" is eligible for the Hugo and other awards for the year 2025.

"The Laundry Files" is NOT eligible for the best series Hugo award at present (even after "The Regicide Report" it falls about 65K words short of accumulating enough new material—maybe it will at some future time, but efinitely not before 2028).

Meta thinks now is a great time to launch facial recognition surveillance tech in their creepy glasses because EFF will be too distracted by fascism to notice.

We noticed.

https://www.eff.org/deeplinks/2026/02/seven-billion-reasons-facebook-abandon-its-face-recognition-plans

TA584 is one of the most prominent #cybercriminal threat actors tracked by Proofpoint threat researchers. In a new blog, the team shared a detailed analysis of the threat actor, its campaigns, attack chains, targeting, payloads, and shared defensive recommendations.

Blog: https://www.proofpoint.com/us/blog/threat-insight/cant-stop-wont-stop-ta584-innovates-initial-access

Our researchers have tracked #TA584 since 2020. In 2025, they observed shifts to TA584’s tactics, techniques and procedures (TTPs). Notably, it expanded global targeting; adopted ClickFix social engineering; and delivered new malware, Tsundere Bot.

⚠️ Such activity shows that static detections alone are not reliable against constantly evolving threat actors.

Explore the blog for more details along with protection tips, Emerging Threats Rules and IOCs.

Did you catch the latest livestream of Intercepted, the new #webinar series hosted by our threat research team? 👀 If you missed it, view the on-demand recording here: https://www.proofpoint.com/uk/resources/webinars/intercepted-january-2026

This session covered 𝙖 𝙡𝙤𝙩, including how threat actors are using #AI and how #cybercriminals are abusing legitimate services and techniques, such as device code phishing.

Mark your calendars and plan to join Selena and Sarah for the next livestream on February 25. https://www.proofpoint.com/us/resources/webinars/intercepted

🔍 Until then, explore the campaign below, which used the same sender and similar lure copy as seen in a large wave of emails that delivered LockBit Black in April 2024 (https://www.proofpoint.com/us/blog/threat-insight/security-brief-millions-messages-distribute-lockbit-black-ransomware).

• This campaign was observed in early January 2026.

• Messages contained compressed LNK files, which, if executed, will download and run what is expected to be Mamona Ransomware associated with GLOBAL GROUP.

• Observed samples encrypted files, renaming the encrypted files with one of two appended extensions: .Reco or .gzeqi.

• The attached screenshots show the email lure and ransom note.

It’s unusual to see #ransomware delivered as a first-stage payload in emails these days, so the campaign was notable.

Hear more about recent campaigns like this, TTPs, and what’s top of mind for our researchers live on February 25.