Taking a Curated Look at Black Friday Sales For 2025

A small curated list of Black Friday sales by independent creators or small businesses covering areas of technology, gaming and miscellaneous deals.

adamsdesk.com/posts/black-frid…

#blog #BlackFriday #tech #InfoSec #security #100DaysToOffload @Tutanota @b0rk

In case you had not yet seen this elsewhere.

#gmail #ai #privacy #infosec

New research out from @DomainTools Investigations today!

We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.

Always fascinating to me how different the threat actor groups can be both domestically and regionally. In APT35's case, much more militarily regimented, versus hybrid "state startup waterfall" or "criminal-state merge blend" setups.

#infosec #cybersecurity #threatintel

dti.domaintools.com/threat-int…

Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations | DTI

Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.

^{DomainTools Investigations | DTI}

Strange how in a country with so many tech experts they couldn't find women speakers.

Recently I attended #Kawaiicon2025 a #Cybersecurity / #InfoSec conference in Aotearoa New Zealnd, a country with just over 5Million people living here. They found an assortment credible and interesting speakers who were men or women or nonbinary (NB). Same with panels. And organisers which helps. The participating audience was still more Men than Women or NB but anyone attending would have found peers.
kawaiicon.org/talks/

A fully sponsored Girl Geek Dinner pre-con welcoming event was also held.
kawaiicon.org/con-events/#girl…

Calling out manels (all male panels) is brave work and it's helpful when men do the "Do Better" call.

Hallway con - Kawaiicon 2025

Kawaiicon is more than just the main talk track over the two days. We know a lot of people come to the con to see each other, hangout, and cause some hacker mischief. That is why we have a hallway con.

^{Kawaiicon 2025}

Chrome now wants to store and autofill your driver’s license and other ID info.

From a cybersecurity perspective, that is a hard no from me. Info-stealer malware already targets browser autofill, and you cannot rotate a driver’s license number like a password. Putting high value IDs in the most targeted consumer app on the planet is a bad trade for a little convenience.

I wrote up why this feature is such a risky idea and what I recommend instead:

🔗 kylereddoch.me/blog/chromes-ne…

#Infosec #Privacy #Chrome #Cybersecurity

Chrome’s New Driver’s License Autofill Is a Terrible Idea

Chrome can now store and autofill driver’s licenses, passports, and vehicle IDs. From a cybersecurity and privacy standpoint, putting government ID numbers into the world’s most-targeted browser is a bad trade, no matter how convenient it feels.

^{Kyle Reddoch}

No thank you.

Sorry, I won’t even use #FaceID or that #fingerprint shite, #tech knows far too much about me as it is.

#iPhone users can now add #US #passport info to their #digital wallets

#InfoSec #privacy #BigTech #surveillance #law
apnews.com/article/apple-iphon…

Prompt Injection in AI Browsers - Schneier on Security

schneier.com/blog/archives/202…

> This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentials or user interaction are required...

#LLM #agenticai #infosec #AIBrowser #perplexityai