YIKES: NSO floats Pegasus spyware use in a "time of domestic crisis" in 🇺🇸America. I believe they won't stop lobbying until they get Pegasus into USA. To hack Americans.

POV: you can't sleep because your bed can't talk to AWS. Design thinking that inserts brittle dependence into our lives while extracting fees for life. Don't be these guys.

GOOD MORNING. Today's massive outages nicely illustrate which of your favorite internet things are secretly Amazon-dependent. Specifically on US-EAST-1 Region, which woke up with Main Character Syndrome. Result? Massive outages. Sure, Amazon has regions. But US-EAST-1 is the legacy/default for a pile of services...and other Global Amazon services also depended on it. So when there was trouble...it was quickly everywhere. Hyperscalers rule *almost* everything around us. And this is absolutely bad news for all sorts of resiliency. Amazon sez: root cause = DNS resolution with DynamoDB... which a ton depends on. They say they are mostly mitigated & have a pile of backlog to clear. But this is a great moment to think about just how many eggs that matter are in one basket... https://health.aws.amazon.com/health/status

NEW: 🇰🇵DPRK hackers have begun hiding malware on blockchain. Result, decentralized, immutable malware from a government crypto theft operation. It only cost $1.37 USD in gas fees per malware change (e.g. to update the command & control server) Blockchains as malware dead drops are a fascinating, predictable evolution for nation state attackers. And Blockchain explorers are a natural target. Nearly impossible to remove. Experimentation with putting malware on blockchains is in infancy. Ultimately there will be some efforts to try and implement social engineering protection around this, but combined with things like agentic AI & vibe coding by low-information people...whew boy this gold seam is going to be productive for a long time. Still, where here they used social engineering, I expect attackers to also experiment with directly loading zero click exploits onto blockchains targeting things like blockchain explorers & other systems that process blockchains... especially if they are sometimes hosted on the same systems & networks that handle transactions / have wallets. REPORT: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding

NEW: coalition sues Trump administration to stop viewpoint surveillance. Buttressed by a survey that found widespread viewpoint self-censorship among union members aware of the program. The survey results aren't surprising and it will be interesting to see them replicated among other populations. Unions are core plaintiffs in the suit and the basic claims are that not only does viewpoint surveillance chill freedom of speech, but it constitute unconstitutional coercion. This will be an interesting suit to watch. https://www.eff.org/press/releases/labor-unions-eff-sue-trump-administration-stop-surveillance-free-speech-online