It is a lovely day in information security,

and you are a horrible goose.

We’re a week away from Hacker Summer Camp, and I’m curious: similar to the writer conversation of “plotters versus pantsers” are your shenanigans all lined up in advance, or are your Vegas shenanigans more opportunistic and inspired by the moment? Do you carefully clean and arrange your tools, pack and unpack and repack in advance? Or do you live off the land and a few strips of rusty aluminum stripped from a can of Surge in 1997 and tucked in your wallet ever since?

Unless of course you’re the type of person to avoid shenanigans. Apparently those people exist.

This year’s Hacker Summer Camp includes some steam to vent. We’re charging into the desert amidst a cloud of hot dust and exploited Sharepoint embers, a mass-breach of women’s data after they sought safer dating, a new technology seemingly bent on speedrunning all the lessons computing has learned the hard way, and that’s not even getting into this year’s complexities around domestic agency capabilities. Everything considered, it’s enough to turn to nihilistic partying to cope.

But what I expect to see more of, what I’ve seen from the various clusters assembling for BlackHat, DEF CON, and BSides Las Vegas, is community. It’s our strongest power and our greatest defense. It’s often said that the Internet perceives censorship as damage and routes around it; and there may be drama, there may be dark points, there may be jerks, but community can react to damage the same way. And in many cases, it is.

Find the others. Reach out. Make grand collaborative plans, scale them back, amplify them further. Make room for the quieter voices. And don’t forget to make time to play.

Next week, let’s come to play. 

Podcasts

Lawfare – The Double Black Box: Ashley Deeks on National Security AI – Excellent, thoughtful exploration of ‘the idea that the use of artificial intelligence in the national security space creates a “double black box.” The first box is the traditional secrecy surrounding national security activities, and the second, inner box is the inscrutable nature of AI systems themselves, whose decision-making processes can be opaque even to their creators.’ I picked up Deeks’ book immediately after listening to the podcast.

Srsly Risky Biz – Four key players drive Scattered Spider – Some interesting conclusions coming out lately. For instance, incident response investigators cross-referencing incidents attributed to SCATTERED SPIDER keep running across the same voices in voice-delivered social engineering attacks. Also, a few folks playing “Project Manager” roles. 

Articles

Okta – Okta observes v0 AI tool used to build phishing sites – Cheat-sheet style hint here: most Vercel-built sites have telltale DNS records CNAMEing back to vercel[.]com subdomains, and use vercel-dns[.]com nameservers. Maybe start building that into your detections and reassess once Vercel gets a handle on this. Looking at their nameservers for domains first seen July 28, I saw multiple career/application/hiring domains pretending to be from major corporations, several attempts at emulating the customer service platform of a major mobile provider, attempts to emulate adclick revenue and CRM platforms, and more. Just one day’s worth of new AI creations.

Proofpoint – NET RFQ: Request for Quote Scammers Casting Wide Net to Steal Real Goods | Proofpoint US – Good work by Proofpoint here amidst a fascinating scam leveraging “net-30” type financing to get goods or services, and then vanish. 

Resecurity – Cybercriminals Attack Seychelles – Offshore Banking as a Target – Well. That’s a shame.

The Record – Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work – Within a few days they started shifting their nameservers, and the primary ASN moved behind another Russia-aligned BGP safewall for its announcements. One of these days I need to dive deeper into technical observations after international sanctions; if you’ve got good examples, please reach out. 

knostic.ai – Exposing the Unseen: Mapping MCP Servers Across the Internet – Knostic (the startup brainchild of Gadi Evron and Sounil Yu) doing some great foundational fact-finding here around how organizations are deploying Anthropic’s Model Context Protocol. Unsurprisingly, the news isn’t good. 

Cisco Talos – Cybercriminal abuse of large language models – General but good roundup on some of the malicious uses seen in the wild. 

Lawfare – AI and Secure Code Generation – I don’t necessarily agree with everything, but Geer and Aitel know their stuff and make some very good points. 

Reuters – China-linked hackers target Taiwan’s chip industry with increasing attacks, researchers say 

DTI – Malware in DNS – This was a quick but clever piece by one of our researchers that struck far louder chords than we expected. 

FT – Disinformation warriors are ‘grooming’ chatbots – LLM-grooming is the new cache poisoning, pass it on.

Research Papers and Reports

Censys – 2025 Sate of the Internet Report 

WEIS – Examining Newly Registered Phishing Domains at Scale 

Tools and Resources

INTERPOL – INTERPOL launches our new external newsletter  

Quad9 – Globe of Wonder – The good folks at Quad9 DNS have open-sourced their visualization tool for mapping realtime events onto a view of the Earth.