Cybersecurity Reading List - Week of 2025-04-21

The ground softens, the skies pour fourth; and now is the time to begin planting our flowers.

We put our CVEs in; we take our CVEs out. We put our CVEs in and shake them all about! The funding is at risk, the funding is dead, the funding is back on track for a year! Watching the forced changes to the national cybersecurity ecosystem happening is extremely concerning, and yet: seeing some of that same ecosystem recognize and route around the damage to plant and nurture new paths forward is exactly what we need.

ChatGPT is now a pinpoint GeoGuessr for $20/mo. 4chan, having not updated its infrastructure since the Obama administration, has reached an inevitable conclusion. NSO Group is trying to make new inroads into mainstream contracts. And seasoned security practitioners who have stood for truth and against disinformation are being directly targeted for harassment. 

We’re going to need a lot more coffee. But also, flowers. Let’s get to brewing, planting, and planning.

Recommended Cybersecurity Podcasts

Cisco Talos - Talos Takes - Year in Review special part 1: vulnerabilities, email threats, and adversary tooling, and Year in Review special part 2: The biggest ransomware trends

Must-Read Cybersecurity Articles and Blog Posts

SpyCloud - Exposed Credentials & Ransomware Operations: Using LLMs to Digest 200K Messages from the Black Basta Chats - Whoever added credential defense advice to the cybercrime gang at the bottom of this post deserves a raise. 

Reuters - Cybersecurity industry falls silent as Trump turns ire on SentinelOne 

Metacurity - CISA pulls MITRE's CVE program back from the brink of death at the 11th hour - Lots of CVE talk this week, naturally. We’ve now got private and ad-hoc informal buddings of new collaborations. The community obviously sees a need for it, if not necessarily in the current form. 

CybersecurityNews - CVE Foundation Launched To Ensure Long-term Vulnerability Tracking - Happened prior to the above, but looks like a smart path to follow. Also see the informal CVE-related Discord server in the “Tools” section. 

NextGov - User with Russian IP address tried to log into NLRB systems following DOGE access, whistleblower says - Minutes after account creation, auth requests from Russia with the correct username and password began. Whistleblower provided technical data to Congress and I’m very, very interested in seeing it. Also, a great lesson in creating and preserving defensive geoblocks.

404 Media - 4chan Is Down Following What Looks to Be a Major Hack Spurred By Meme War - This looks Real Bad. IP info especially. Also looks like 4chan infra hasn’t been updated in more than a decade.

Politico - Pentagon’s ‘SWAT team of nerds’ resigns en masse - “Under pressure from the Elon Musk-led Department of Government Efficiency, nearly all the staff of the Defense Digital Service — the Pentagon’s fast-track tech development arm — are resigning over the coming month, according to the director and three other current members of the office granted anonymity to discuss their job status freely, as well as internal emails.”

Infoblox - Disrupting Fast Flux With Protective DNS - Everything old is new again. I thought Fast Flux was done and dusted, turns out it was but is also the new hotness. Not a huge fan of this retro vibe.

MIT Technology Review - US office that counters foreign disinformation is being eliminated 

Zoom - Incident Report - Including this one mostly for shock value. The April 16 Zoom outage was traced back to miscommunication between MarkMonitor and Godaddy, causing Godaddy to issue a domain shutdown for Zoom’s primary operational domain.

Latest Cybersecurity Research Papers, Reports, and Books

arXiv - LLMs are unreliable for cyber threat intelligence - I didn’t see any publication footnotes so I assume it’s a preprint article, but worth reading to scope some of the limitations.

Tools and Other Resources

Discord - Extended Vulnerability Community - pop-up Discord server with a bunch of vulnerability folks who assembled under the looming Mitre CVE defunding, before the extension.