Łukasz Bromirski 

@mr0vka@infosec.exchange
107 Followers
260 Following
446 Posts
networking & security geek, CCIE #15929 R&S/SP, CCDE #2012::17 / opinions are my own, not of my employer / 42 / Director@Cisco Security, building NGFW hardware platforms
homepagehttps://lukasz.bromirski.net
Sure, this exoplanet we discovered may seem hostile to life, but our calculations suggest it's actually in the accretion disc's habitable zone.
https://xkcd.com/3103/
#FreeBSD 14.3 has been released (#386BSD / #BSD / #Unix) https://freebsd.org/
The FreeBSD Project

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.

The FreeBSD Project
Become an annual or monthly recurring donor today and receive a limited-edition EFF challenge coin as a (literal) token of our appreciation! https://eff.org/35rm
35 Years for Privacy, Free Speech, and a Brighter Future

Through July 10, new monthly or annual Sustaining Donors get an EFF35 Challenge Coin! With your help, EFF is here to stay.

Electronic Frontier Foundation

CISA has asked organizations to install firmware updates or restrict access to pan-tilt-zoom security cameras from four vendors

Firmware updates are only available for PTZOptics camera models.

ValueHD, multiCAM, and SMTAV have failed to reply to security researchers

https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10

Amid Sudan’s ongoing civil war, Bellingcat in partnership with Kenya’s Daily Nation was able to identify Kenyan-labelled ammunition crates in a suspected Rapid Support Forces (RSF) depot near the capital Khartoum. A 2005 UN arms embargo prohibits any country from supplying weapons to Darfur, Sudan, an area that has seen intense fighting since the outbreak of the civil war in 2023. Read more here:
https://www.bellingcat.com/news/2025/06/15/kenya-weapons-sudan-civil-war-conflict-khartoum-omdurman-munitions-ammunition/?utm_source=mastodon
Kenyan Weapons Linked to Sudan’s Civil War - bellingcat

Bellingcat and our partners at Kenya’s Daily Nation have identified Kenyan-labelled crates of ammunition inside an alleged RSF depot close to the recently recaptured Sudanese capital Khartoum. Although we couldn’t independently verify the contents of every crate identified, tins with ammunition matching the labels on the crates were found nearby among the captured weapons displayed […]

bellingcat

Interesting links of the week:

Strategy:

* https://www.security.gov.uk/policy-and-guidance/policy/cyber-incident-exercising/ - HMG standards on cyber exercises
* https://uktl.org.uk/ - UK telecoms lab opens
* https://openai.com/index/scaling-coordinated-vulnerability-disclosure/ - scaling disclosure
* https://www.gsma.com/solutions-and-impact/technologies/security/gsma_resources/fs-57-mobile-threat-intelligence-framework-motif-principles/ - the MoTIF framework for telecomms threats
* https://blogs.cisco.com/security/foundation-sec-8b-reasoning-worlds-first-security-reasoning-model - security reasoning with AI

Threats:

* https://www.europol.europa.eu/publication-events/main-reports/steal-deal-and-repeat-how-cybercriminals-trade-and-exploit-your-data - Europol's latest cyber crime threat assessment
* https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-june-2025/ - reported uses offensive AI

Detection:

* https://www.cisco.com/c/en/us/products/collateral/security/telco-siem-framework-wp.html - detecting telecomms threats
* https://blog.talosintelligence.com/compartmentalized-threat-modeling/ - bringing TM to traditional TI operations from @TalosSecurity

Exploitation:

* https://www.tenable.com/blog/abusing-client-side-extensions-cse-a-backdoor-into-your-ad-environment - abusing cient-side extensions
* https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/AI-Finance_Test-Criteria.html - test criteria for AI in FSI

Hardening:

* https://raesene.github.io/blog/2025/06/09/am-i-still-contained/ - am I still contained from @raesene
* https://www.joindns4.eu/for-public#resolver-options - protective DNS for EU
* https://www.rand.org/pubs/research_reports/RRA2849-1.html - hardening AI models against weighting manipulations

#security, #research

Government Cyber Security Policy: Cyber Incident Exercising

This policy supports Lead Government Departments (LGDs), their arm’s length bodies (ALBs) and other public organisations in their remit by providing clearer direction on cyber incident exercising.

UK Government Security - Beta

Hello, friends! I'm thrilled to announce that The Homelab Almanac, v3.0 has officially launched! There is a ton of new stuff in this version, including:

  • Proper DNS for the lab
  • Lab PKI
  • Automatic signed certificate retrieval
  • New secrets management
  • Proxmox clustering
  • Network storage
  • Cloud integration

And lots more. Now, with all this addition, plus the work to make it, I've had to increase the price to $29.99 USD. I know that's a lot. But for what THA is, I still think it's fair. But I'm also running a sale right now. Code OMGVERSIONTHREE gets you 50% off until the end of June.

And of course, if you've already purchased THA, you just got access to the new version. Thanks for being an early supporter!

I hope you love this new version of the book. I'm really happy with how it turned out.

And seriously: thank you to everyone who's supported @thetaggartinstitute over the years, and especially the folks who have purchased and enjoyed The Homelab Almanac. I had no idea what I was getting myself into writing this book, but it's been lovely to see folks build community around it.

https://taggart-tech.com/thav3/

Announcing The Homelab Almanac: Version 3.0

The best guide to homelabs just got a lot better—and bigger.

BSDCan 2025 all days

Policy and Research Staff Technologist

...