Recently we completed a security audit of Thunderbird Send, our upcoming end-to-end encrypted large file sharing service, with the help of the @ostifofficial and 7ASecurity. Read our summary of the report's findings, and learn how we've acted on these recommendations to be more secure and worthy of the trust our user community places in us.

#Thunderbird #OpenSource #InfoSec

blog.thunderbird.net/2025/12/t…

Thunderbird Send Security Audit with OSTIF and 7ASecurity - The Thunderbird Blog

As we get ready for the Thunderbird Pro launch, we want every service we offer to be secure and worthy of the trust our community places in us.

^{Natalie Ivanova (The Thunderbird Blog)}

There are definitely accounts here that post #AISlop images. Many of the ones i see are using them along with the #infosec hashtag which i follow.

While it's certainly better than many other places, there are people who for some reason or another will post links to articles, blogs or whatever and instead of allowing the link preview to generate, will add some AI image.

Usually these are very small accounts here doing it, but i've muted a few large ones doing it as well.

Taking a Curated Look at Black Friday Sales For 2025

A small curated list of Black Friday sales by independent creators or small businesses covering areas of technology, gaming and miscellaneous deals.

adamsdesk.com/posts/black-frid…

#blog #BlackFriday #tech #InfoSec #security #100DaysToOffload @Tutanota @b0rk

In case you had not yet seen this elsewhere.

#gmail #ai #privacy #infosec

New research out from @DomainTools Investigations today!

We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.

Always fascinating to me how different the threat actor groups can be both domestically and regionally. In APT35's case, much more militarily regimented, versus hybrid "state startup waterfall" or "criminal-state merge blend" setups.

#infosec #cybersecurity #threatintel

dti.domaintools.com/threat-int…

Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations | DTI

Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.

^{DomainTools Investigations | DTI}

Strange how in a country with so many tech experts they couldn't find women speakers.

Recently I attended #Kawaiicon2025 a #Cybersecurity / #InfoSec conference in Aotearoa New Zealnd, a country with just over 5Million people living here. They found an assortment credible and interesting speakers who were men or women or nonbinary (NB). Same with panels. And organisers which helps. The participating audience was still more Men than Women or NB but anyone attending would have found peers.
kawaiicon.org/talks/

A fully sponsored Girl Geek Dinner pre-con welcoming event was also held.
kawaiicon.org/con-events/#girl…

Calling out manels (all male panels) is brave work and it's helpful when men do the "Do Better" call.

Hallway con - Kawaiicon 2025

Kawaiicon is more than just the main talk track over the two days. We know a lot of people come to the con to see each other, hangout, and cause some hacker mischief. That is why we have a hallway con.

^{Kawaiicon 2025}

Chrome now wants to store and autofill your driver’s license and other ID info.

From a cybersecurity perspective, that is a hard no from me. Info-stealer malware already targets browser autofill, and you cannot rotate a driver’s license number like a password. Putting high value IDs in the most targeted consumer app on the planet is a bad trade for a little convenience.

I wrote up why this feature is such a risky idea and what I recommend instead:

🔗 kylereddoch.me/blog/chromes-ne…

#Infosec #Privacy #Chrome #Cybersecurity

Chrome’s New Driver’s License Autofill Is a Terrible Idea

Chrome can now store and autofill driver’s licenses, passports, and vehicle IDs. From a cybersecurity and privacy standpoint, putting government ID numbers into the world’s most-targeted browser is a bad trade, no matter how convenient it feels.

^{Kyle Reddoch}

No thank you.

Sorry, I won’t even use #FaceID or that #fingerprint shite, #tech knows far too much about me as it is.

#iPhone users can now add #US #passport info to their #digital wallets

#InfoSec #privacy #BigTech #surveillance #law
apnews.com/article/apple-iphon…

Prompt Injection in AI Browsers - Schneier on Security

schneier.com/blog/archives/202…

> This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentials or user interaction are required...

#LLM #agenticai #infosec #AIBrowser #perplexityai