Exciting news for open source + vuln nerds alike: runZero now speaks Nuclei!

We 🩵 open source and are beyond excited to announce that we have added initial support for ProjectDiscovery’s open source Nuclei scanner — kicking off with safe, targeted checks for default and weak web credentials across IT, OT, IoT, and cloud environments.

Check out today's post from @todb to see how we:

✅ Curated ~180 safe, non-disruptive templates
✅ Only run checks when services are positively fingerprinted
✅ Keep scans fast, polite, and precise — even in fragile ICS environments

This is just the beginning. More protocols, smarter checks, and community collaboration ahead!

👉 Check it out: https://www.runzero.com/blog/integrating-nuclei/

Remarkable investigation into Telegram by IStories (in Russian):
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/

English version by OCCRP:
http://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle

tl;dr:

👉 Telegram uses a single company with ties to the Russian FSB as their sole infrastructure provider, globally.

👉 Combined with a cleartext device identifier Telegram's protocol requires to be prepended to all encrypted messages, this allows for global surveillance of Telegram users.

I am quoted in this story.

#Telegram #InfoSec #Privacy

For TechCrunch, I wrote about Thinkst Canary, a bootstrapped maker of honeypots (for catching hackers), which this month marks its 10th anniversary. The company now brings in $20 million in ARR without VC funding or an outbound sales team.

Refreshing at a time when cyber is dominated by VC dollars.

https://techcrunch.com/2025/05/29/a-decade-in-bootstrapped-thinkst-canary-reaches-20m-in-arr-without-vc-funding/