Check out the agenda for [un]prompted . It was incredible to see what folks submitted and I'm excited to see everyone in March

https://unpromptedcon.org/

Join me next week at the @SANSInstitute #CTISummit in Arlington, VA where I'll be presenting on an operation against the infostealer #Rhadamanthys from early in its development.

Register @ https://www.sans.org/u/1CtB

Come see me talk at the @SANSInstitute #CTISummit in Arlington, VA about the infostealer #Rhadamanthys during its early development.

https://www.sans.org/u/1CtB

Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847] #MongoBleed

From Censys scanning, we're seeing around 87,000 possibly vulnerable hosts

https://censys.com/advisory/cve-2025-14847

Some unusual #CobaltStrike activity we observed at Censys before the holiday. At the start of December, we saw a spike in CobaltStrike in AS138415 followed by a matching spike two days after on AS133199.

Report: https://censys.com/blog/recap-of-a-suspicious-surge-in-cobalt-strike

I'm speaking at the @SANSInstitute #CTISummit on an operation against #Rhadamanthys years before #OperationEndgame.

https://www.sans.org/u/1CtB

You may not know Dave Stern, but you should. The Pre-Ransomware Notification Initiative (PRNI) effort by CISA prevented an estimated $9 billion in damages by working with industry to notify companies of ransomware attacks before attackers lock systems.

It is disheartening to see Dave leave CISA, but this is an incredible legacy to leave behind and a model we should look to replicate in the future.

https://www.cybersecuritydive.com/news/cisa-ransomware-warning-program-key-employee-left/808589/

For anyone looking to optimize their news feeds, I've been using Miniflux (https://miniflux.app/) as an RSS reader for the past few years.

Recently I found it also works well for tracking newly released mechanical keyboards.