#security-culture — Public Fediverse posts on home.social

Bryan King @[email protected] · 2026-06-09 · 11:30 UTC

The Silent Breach and the Persistence of Unauthorized Access

938 words, 5 minutes read time.

Once the session token is successfully exfiltrated, the nature of the intrusion shifts from external deception to internal subversion. The attacker does not need to crack passwords or trigger further security alerts, as they are now effectively operating with the digital identity of a trusted employee. Analyzing these incidents, I see that the primary goal is often the establishment of persistence within the target environment, which is achieved through the modification of inbox rules or the creation of clandestine mailbox delegates. By silently forwarding incoming emails to an external address or creating hidden folders for sensitive correspondence, the adversary can monitor ongoing business deals, intercept financial instructions, and identify high-value targets for subsequent business email compromise attacks. This stage of the operation is characterized by extreme patience, as the threat actor avoids loud, disruptive actions in favor of a low-and-slow approach that can remain undetected for months. The tragedy is that the victim often remains entirely unaware of the breach, believing they are still securely authenticated while their environment is being methodically picked apart from the inside.

Challenging the Failure of Traditional Defensive Postures

When considering why these attacks continue to succeed with such alarming frequency, it becomes evident that the industry’s reliance on legacy defensive postures is a failing strategy. Many organizations still treat email security as a static barrier, implementing blacklists and rudimentary heuristic scans that are easily circumvented by adversaries who control their own infrastructure and rotating IP addresses. Furthermore, the human-centric nature of these scams renders technical controls inherently insufficient unless they are paired with a cultural shift toward skeptical verification. It is not enough to deploy an automated solution if the culture within a firm encourages speed over accuracy and ignores the red flags of irregular communication patterns. Consequently, the defense against these campaigns must evolve into a proactive, threat-hunting discipline that monitors for anomalous login locations, unexpected session durations, and unauthorized changes to account configurations. Without this layer of vigilant oversight, the technical barriers essentially act as a screen door, providing the illusion of protection while failing to stop the actual threat.

Implementing Rigorous Verification Protocols in a High-Stakes Environment

The path forward requires a departure from the convenience-first mindset that dominates modern digital work environments. Organizations must adopt hardware-backed authentication methods, such as FIDO2-compliant security keys, which are resistant to the proxy-based interception tactics that currently plague mobile-based push notifications and SMS codes. Additionally, the adoption of strict device posture checks ensures that an attacker cannot simply use a stolen session token from an unauthorized machine or an unrecognized geographic region. Beyond the hardware, there must be a fundamental hardening of organizational processes, such as implementing mandatory out-of-band verification for any request involving financial transfers or the sharing of sensitive credentials. It is a harsh reality that trust is the primary vulnerability in any system, and the most secure posture is one that treats every incoming request as potentially malicious until proven otherwise through independent channels. While this might introduce friction into the workflow, that friction is the necessary price of security in an age where the cost of a single successful breach is often the survival of the entity itself.

Call to Action

The time for passive observation has passed, as the threats currently infiltrating our inboxes are not waiting for an invitation to compromise your organization. You must decide whether to continue relying on outdated defensive protocols that offer only the illusion of safety or to begin the hard work of hardening your infrastructure against the reality of modern adversarial tactics. I urge you to conduct an immediate audit of your current authentication stack and evaluate the necessity of migrating to hardware-backed security keys, as this is the single most effective step you can take to neutralize the threat of proxy-based session hijacking. Furthermore, initiate a comprehensive review of your internal communication policies to ensure that your team is empowered to question anomalies rather than blindly following the path of least resistance. Security is not a product you purchase, but a discipline you practice, and the responsibility to bridge the gap between your existing defenses and the current threat reality rests entirely with you. Do not wait for a compromised session to force your hand, because by the time the impact of a breach is visible, the damage is already absolute.

SUPPORTSUBSCRIBECONTACT ME

D. Bryan King

Sources

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

#accountTakeover #adversaryInTheMiddle #AiTM #ATO #authenticationProtocols #BEC #businessEmailCompromise #corporatePhishing #corporateSecurity #credentialHarvesting #cyberResilience #cyberThreatIntelligence #cyberWarfare #cybersecurity #cybersecurityBestPractices #dataBreachPrevention #digitalFraud #digitalIdentity #emailScams #emailSecurity #emailThreats #enterpriseSecurity #FIDO2 #hardwareSecurity #identityTheftProtection #incidentResponse #informationSecurity #infosec #maliciousInfrastructure #MFABypass #multiFactorAuthentication #networkDefense #onlineSafety #passwordless #phishingAttacks #phishingAwareness #phishingKits #phishingResistantAuthentication #riskManagement #secureAuthentication #securityAudit #securityCulture #securityHardening #securityKeys #sessionTokenTheft #socialEngineering #threatDetection #threatLandscape #zeroTrust

#accounttakeover #adversaryinthemiddle #aitm #ato #authenticationprotocols #bec

joene 🏴 @[email protected] · 2026-05-21 · 12:55 UTC

*Fuck your online arrestee forms*

"In the past few years there have been a lot of actions, mainly occupations and blockades, where online arrestee forms (also called RST forms) have been spread around. I think this is a bad development and here I'm going to tell you why.

As a child growing up on the internet in the early 2000s I was taught not to share personal information with strangers on the internet. I still think this is good advice.

Why is this a problem?

Arrestee forms are typically used when people expect to get into a situation where they can be arrested or be exposed to police violence. The forms typically request personally identifiable information and contact information for someone close to you to be filled out. You should not share this information with strangers on the internet.

It increases your workload and responsibility

For the people doing arrestee support it potentially creates a lot of extra administration and organisational work. It also creates a lot of responsibility because suddenly you're in charge of processing people's personal information and destroying it at the right time. You have a better use of your time and energy, use it effectively. …"

https://indymedia.nl/node/56663

#arresteeForms #RSTforms #OpSec #SecurityCulture #activism

#arresteeforms #rstforms #opsec #securityculture #activism

joene 🏴 @[email protected] · 2026-05-21 · 12:55 UTC

*Fuck your online arrestee forms*

"In the past few years there have been a lot of actions, mainly occupations and blockades, where online arrestee forms (also called RST forms) have been spread around. I think this is a bad development and here I'm going to tell you why.

As a child growing up on the internet in the early 2000s I was taught not to share personal information with strangers on the internet. I still think this is good advice.

Why is this a problem?

Arrestee forms are typically used when people expect to get into a situation where they can be arrested or be exposed to police violence. The forms typically request personally identifiable information and contact information for someone close to you to be filled out. You should not share this information with strangers on the internet.

It increases your workload and responsibility

For the people doing arrestee support it potentially creates a lot of extra administration and organisational work. It also creates a lot of responsibility because suddenly you're in charge of processing people's personal information and destroying it at the right time. You have a better use of your time and energy, use it effectively. …"

https://indymedia.nl/node/56663

#arresteeForms #RSTforms #OpSec #SecurityCulture #activism

#arresteeforms #rstforms #opsec #securityculture #activism

joene 🏴 @[email protected] · 2026-05-21 · 12:51 UTC

*Leaked personal details during an XR action in The Hague - take action!*

"As some of you know, last Tuesday (May 19th 2026) a link was shared during for action by XR in The Hague. This link was an online AG-form (also known as an arrestee form). Unfortunately through this link everyone could read information that people had written in the forms before. This means: if you filled in an online AG form it's possible that your personal information and your contact person's information has been read by others. …"

https://indymedia.nl/node/56679

*Gelekte persoonlijke gegevens tijdens actie van XR in Den Haag – Onderneem actie!*

"Zoals sommigen van jullie weten, is tijdens een actie afgelopen dinsdag (19 mei 2026) een link verspreid voor deelname aan een actie van XR in Den Haag. Die link was naar een online AG-briefje (ook wel arrestee form genoemd). Via de link kon iedereen echter alle informatie lezen die mensen hadden ingevuld. Dat betekent dat als jij zo’n online AG-formulier hebt ingevuld, het mogelijk is dat jouw persoonlijke gegevens en die van jouw contactpersoon gelezen is door anderen. …"

https://indymedia.nl/node/56679

#XR #ExtinctionRebellion #securityCulture #opSec #AG #RSTform

#xr #extinctionrebellion #securityculture #opsec #ag #rstform

joene 🏴 @[email protected] · 2026-05-21 · 12:51 UTC

*Leaked personal details during an XR action in The Hague - take action!*

"As some of you know, last Tuesday (May 19th 2026) a link was shared during for action by XR in The Hague. This link was an online AG-form (also known as an arrestee form). Unfortunately through this link everyone could read information that people had written in the forms before. This means: if you filled in an online AG form it's possible that your personal information and your contact person's information has been read by others. …"

https://indymedia.nl/node/56679

*Gelekte persoonlijke gegevens tijdens actie van XR in Den Haag – Onderneem actie!*

"Zoals sommigen van jullie weten, is tijdens een actie afgelopen dinsdag (19 mei 2026) een link verspreid voor deelname aan een actie van XR in Den Haag. Die link was naar een online AG-briefje (ook wel arrestee form genoemd). Via de link kon iedereen echter alle informatie lezen die mensen hadden ingevuld. Dat betekent dat als jij zo’n online AG-formulier hebt ingevuld, het mogelijk is dat jouw persoonlijke gegevens en die van jouw contactpersoon gelezen is door anderen. …"

https://indymedia.nl/node/56679

#XR #ExtinctionRebellion #securityCulture #opSec #AG #RSTform

#xr #extinctionrebellion #securityculture #opsec #ag #rstform

Phenarax-ui @[email protected] · 2026-05-14 · 14:17 UTC

Impact vs Intent
Just because a pattern looks suspicious
doesn't mean someone meant it that way.
People under stress act weird.
People under threat act inconsistent.
People under pressure make mistakes.
People in danger look "guilty."
Before you assign intent, separate the two signals:
— Impact (what happened)
— Intent (why it happened)
Treat them as different questions.
Because sometimes the person acting "off"
isn't the threat —
they're the one under threat.
#purpleteam #SecurityCulture

#purpleteam #securityculture

Anti Commerciële Actie Beweging (A.C.A.B.) @[email protected] · 2026-04-17 · 08:13 UTC

No to Big Tech 🖕
Delete je Whatsapp. Het is SEXY!

#anticommercieleactiebeweging #bigtech #signal #fediverse #acab #techwerkers #securityculture

#anticommercieleactiebeweging #bigtech #signal #fediverse #acab #techwerkers

Anti Commerciële Actie Beweging (A.C.A.B.) @[email protected] · 2026-04-17 · 08:13 UTC

No to Big Tech 🖕
Delete je Whatsapp. Het is SEXY!

#anticommercieleactiebeweging #bigtech #signal #fediverse #acab #techwerkers #securityculture

#anticommercieleactiebeweging #bigtech #signal #fediverse #acab #techwerkers

Xtreix @[email protected] · 2026-03-07 · 16:42 UTC

@kkarhan @GrapheneOS @tails_live @torproject @signalapp

"GrapheneOS chose their requirements and they can happily design their own platform instead."

There's no need to reinvent the wheel. AOSP is a secure, open-source platform that has been around for almost 20 years. I don't want to debate rumors that Google wants to make AOSP proprietary because there is no evidence to support this, especially since it would not benefit them in any way.

"I just think that their stubbornness"

It's not stubborness and I explained why.

"They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates

It's probably the first time I've seen “Tails” and “Normie” in the same sentence, It's not that Tails is difficult to use, but I'm really not sure that many “normies” use it or even know it exists. The user experience on GrapheneOS is almost identical to Pixel OS, the standard operating system for Google Pixel devices, so using GrapheneOS is likely to seem much simpler and familiar to normies, as they will already be used to it.

"Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #AndroidROM

GrapheneOS is not a ROM, Pixel OS is not a ROM, and LineageOS is not a ROM either, theses operating systems are not ROMs.

"Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #comsec

Indeed, and what GrapheneOS does about security is completely appropriate, including informing people and giving them good advice.

"Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…"

Signal did not fail, and mentioning Encrochat, ANON, and honeypots in the same sentence is irrelevant. These things have absolutely nothing in common with Signal, you seem to be believing made-up stories.

#anom #operationironside #operationtrojanshield #tails #userfriendly #normies

Xtreix @[email protected] · 2026-03-07 · 16:42 UTC

@kkarhan @GrapheneOS @tails_live @torproject @signalapp

"GrapheneOS chose their requirements and they can happily design their own platform instead."

There's no need to reinvent the wheel. AOSP is a secure, open-source platform that has been around for almost 20 years. I don't want to debate rumors that Google wants to make AOSP proprietary because there is no evidence to support this, especially since it would not benefit them in any way.

"I just think that their stubbornness"

It's not stubborness and I explained why.

"They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates

It's probably the first time I've seen “Tails” and “Normie” in the same sentence, It's not that Tails is difficult to use, but I'm really not sure that many “normies” use it or even know it exists. The user experience on GrapheneOS is almost identical to Pixel OS, the standard operating system for Google Pixel devices, so using GrapheneOS is likely to seem much simpler and familiar to normies, as they will already be used to it.

"Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #AndroidROM

GrapheneOS is not a ROM, Pixel OS is not a ROM, and LineageOS is not a ROM either, theses operating systems are not ROMs.

"Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #comsec

Indeed, and what GrapheneOS does about security is completely appropriate, including informing people and giving them good advice.

"Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…"

Signal did not fail, and mentioning Encrochat, ANON, and honeypots in the same sentence is irrelevant. These things have absolutely nothing in common with Signal, you seem to be believing made-up stories.

#anom #operationironside #operationtrojanshield #tails #userfriendly #normies

Jim Guckin @[email protected] · 2026-03-05 · 16:47 UTC

I feel non-security executives say “security is everyone’s responsibility” they often ends up meaning “security’s problem.”
#SecurityCulture #Leadership #HonestSecurity

#securityculture #leadership #honestsecurity

Jim Guckin @[email protected] · 2026-03-05 · 16:47 UTC

I feel non-security executives say “security is everyone’s responsibility” they often ends up meaning “security’s problem.”
#SecurityCulture #Leadership #HonestSecurity

#securityculture #leadership #honestsecurity

Andy @[email protected] · 2026-01-08 · 09:33 UTC

Cybersicherheit scheitert selten an fehlender Technik –
sondern daran, dass Sicherheit nicht Teil der Unternehmenskultur ist.

Wer Regeln nur „abhakt“, bekommt Compliance.
Wer Sicherheit vorlebt, bekommt Resilienz.

https://www.kes-informationssicherheit.de/artikel/warum-cybersicherheit-ohne-unternehmenskultur-scheitert/?utm_source=Maileon&utm_medium=email&utm_campaign=kes+NL+1-2026+-+08.01.2026+KW+2&utm_content=https%3A%2F%2Fwww.kes-informationssicherheit.de%2Fartikel%2Fwarum-cybersicherheit-ohne-unternehmenskultur-scheitert%2F

#CyberSecurity #SecurityCulture #ITSecurity #Awareness #Resilienz

#cybersecurity #securityculture #itsecurity #awareness #resilienz

CyberCanon @[email protected] · 2025-12-08 · 13:36 UTC

"𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙞𝙨 𝙖 𝙥𝙧𝙤𝙘𝙚𝙨𝙨, 𝙣𝙤𝙩 𝙖 𝙥𝙧𝙤𝙙𝙪𝙘𝙩."

This simple, but powerful quote is from cybersecurity legend 𝗕𝗿𝘂𝗰𝗲 𝗦𝗰𝗵𝗻𝗲𝗶𝗲𝗿.

Bruce is the author of not 1, not 2, but 3 books in our Hall of Fame.

Check out our reviews, and please consider using our affiliate links below if you'd like to purchase and help support the Canon. 🙏

𝗦𝗲𝗰𝗿𝗲𝘁𝘀 𝗮𝗻𝗱 𝗟𝗶𝗲𝘀:
📝 https://cybercanon.org/secrets-and-lies-digital-security-in-a-networked-world/
🛍️ https://amzn.to/3JUlxu3

𝗗𝗮𝘁𝗮 𝗮𝗻𝗱 𝗚𝗼𝗹𝗶𝗮𝘁𝗵:
📝 https://cybercanon.org/data-and-goliath-the-hidden-battles-to-collect-your-data-and-control-your-world/
🛍️ https://amzn.to/4oDoDSb

𝗖𝗹𝗶𝗰𝗸 𝗛𝗲𝗿𝗲 𝘁𝗼 𝗞𝗶𝗹𝗹 𝗘𝘃𝗲𝗿𝘆𝗯𝗼𝗱𝘆:
📝 https://cybercanon.org/click-here-to-kill-everybody-security-and-survival-in-a-hyper-connected-world/
🛍️ https://amzn.to/47YtxSU

#CybersecurityBooks #SecurityCulture #SecurityAwareness #CyberCanonHallofFame

#cybersecuritybooks #securityculture #securityawareness #cybercanonhalloffame

CyberCanon @[email protected] · 2025-12-08 · 13:36 UTC

"𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙞𝙨 𝙖 𝙥𝙧𝙤𝙘𝙚𝙨𝙨, 𝙣𝙤𝙩 𝙖 𝙥𝙧𝙤𝙙𝙪𝙘𝙩."

This simple, but powerful quote is from cybersecurity legend 𝗕𝗿𝘂𝗰𝗲 𝗦𝗰𝗵𝗻𝗲𝗶𝗲𝗿.

Bruce is the author of not 1, not 2, but 3 books in our Hall of Fame.

Check out our reviews, and please consider using our affiliate links below if you'd like to purchase and help support the Canon. 🙏

𝗦𝗲𝗰𝗿𝗲𝘁𝘀 𝗮𝗻𝗱 𝗟𝗶𝗲𝘀:
📝 https://cybercanon.org/secrets-and-lies-digital-security-in-a-networked-world/
🛍️ https://amzn.to/3JUlxu3

𝗗𝗮𝘁𝗮 𝗮𝗻𝗱 𝗚𝗼𝗹𝗶𝗮𝘁𝗵:
📝 https://cybercanon.org/data-and-goliath-the-hidden-battles-to-collect-your-data-and-control-your-world/
🛍️ https://amzn.to/4oDoDSb

𝗖𝗹𝗶𝗰𝗸 𝗛𝗲𝗿𝗲 𝘁𝗼 𝗞𝗶𝗹𝗹 𝗘𝘃𝗲𝗿𝘆𝗯𝗼𝗱𝘆:
📝 https://cybercanon.org/click-here-to-kill-everybody-security-and-survival-in-a-hyper-connected-world/
🛍️ https://amzn.to/47YtxSU

#CybersecurityBooks #SecurityCulture #SecurityAwareness #CyberCanonHallofFame

#cybersecuritybooks #securityculture #securityawareness #cybercanonhalloffame

QuietStatix @[email protected] · 2025-11-17 · 20:52 UTC

Just because a pattern looks suspicious doesn’t mean someone meant it that way.

People under stress act weird.
People under threat act inconsistent.
People under pressure make mistakes.
People in danger look “guilty.”

Before you assign intent, separate the two signals:

– **Impact** (what happened)
– **Intent** (why it happened)

Treat them as different questions.

Because sometimes the person acting “off” isn’t the threat…
they’re the one under threat.
#purpleteam #SecurityCulture #QS

#purpleteam #securityculture #qs

The Final Straw Radio Podcast | A weekly Anarchist Radio Show & Podcast [Unofficial] @[email protected] · 2025-11-02 · 15:31 UTC

Southerners Against Surveillance Systems and Infrastructure (with Ed)

https://web.brid.gy/r/https://thefinalstrawradio.noblogs.org/post/2025/11/02/southerners-against-surveillance-systems-infrastructure-with-ed/

#police #repression #securityculture #surveillance #technology #ussouth

The Final Straw Radio Podcast | A weekly Anarchist Radio Show & Podcast [Unofficial] @[email protected] · 2025-11-02 · 15:31 UTC

Southerners Against Surveillance Systems and Infrastructure (with Ed)

https://web.brid.gy/r/https://thefinalstrawradio.noblogs.org/post/2025/11/02/southerners-against-surveillance-systems-infrastructure-with-ed/

#police #repression #securityculture #surveillance #technology #ussouth

CyberCanon @[email protected] · 2025-10-30 · 14:31 UTC

If your mission this October is to elevate awareness, not just compliance, here is a book worth putting in your team’s hands...

𝙄𝙛 𝙄𝙩’𝙨 𝙎𝙢𝙖𝙧𝙩, 𝙄𝙩’𝙨 𝙑𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙡𝙚 by @mikko became a candidate for our Hall of Fame by weaving technical insight with human stories, showing how every connected thing holds risk.

👉 https://tinyurl.com/y9ne2uzk

Why this matters during #CybersecurityAwarenessMonth:
1. In a hyperconnected world, vulnerability is the shadow companion of innovation.
2. Technology alone cannot defend. The human factor is equally critical.
3. Stories fuel understanding. A cautionary tale sticks longer than dry technical specs.

#CyberCanonHoFCandidate #SecurityCulture #CybersecurityBooks

#cybersecurityawarenessmonth #cybercanonhofcandidate #securityculture #cybersecuritybooks

CyberCanon @[email protected] · 2025-10-30 · 14:31 UTC

If your mission this October is to elevate awareness, not just compliance, here is a book worth putting in your team’s hands...

𝙄𝙛 𝙄𝙩’𝙨 𝙎𝙢𝙖𝙧𝙩, 𝙄𝙩’𝙨 𝙑𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙡𝙚 by @mikko became a candidate for our Hall of Fame by weaving technical insight with human stories, showing how every connected thing holds risk.

👉 https://tinyurl.com/y9ne2uzk

Why this matters during #CybersecurityAwarenessMonth:
1. In a hyperconnected world, vulnerability is the shadow companion of innovation.
2. Technology alone cannot defend. The human factor is equally critical.
3. Stories fuel understanding. A cautionary tale sticks longer than dry technical specs.

#CyberCanonHoFCandidate #SecurityCulture #CybersecurityBooks

#cybersecurityawarenessmonth #cybercanonhofcandidate #securityculture #cybersecuritybooks

CyberCanon @[email protected] · 2025-10-23 · 18:53 UTC

This #CybersecurityAwarenessMonth, remember security awareness isn’t about information. It’s about 𝘵𝘳𝘢𝘯𝘴𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯. 🐛->🦋

At CyberCanon, we celebrate books that go beyond technical defense to 𝙩𝙧𝙖𝙣𝙨𝙛𝙤𝙧𝙢 our understanding of security.

Perry Carpenter’s 𝙏𝙧𝙖𝙣𝙨𝙛𝙤𝙧𝙢𝙖𝙩𝙞𝙤𝙣𝙖𝙡 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝘼𝙬𝙖𝙧𝙚𝙣𝙚𝙨𝙨 reframes awareness as a human challenge, not a compliance task 👉https://tinyurl.com/u6kr7dzz

Read about this Hall of Famer and more CyberCanon-approved books that shape the culture of security.

#CyberCanonHoF #CybersecurityBooks #SecurityAwareness #SecurityCulture

#cybersecurityawarenessmonth #cybercanonhof #cybersecuritybooks #securityawareness #securityculture

CyberCanon @[email protected] · 2025-10-23 · 18:53 UTC

This #CybersecurityAwarenessMonth, remember security awareness isn’t about information. It’s about 𝘵𝘳𝘢𝘯𝘴𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯. 🐛->🦋

At CyberCanon, we celebrate books that go beyond technical defense to 𝙩𝙧𝙖𝙣𝙨𝙛𝙤𝙧𝙢 our understanding of security.

Perry Carpenter’s 𝙏𝙧𝙖𝙣𝙨𝙛𝙤𝙧𝙢𝙖𝙩𝙞𝙤𝙣𝙖𝙡 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝘼𝙬𝙖𝙧𝙚𝙣𝙚𝙨𝙨 reframes awareness as a human challenge, not a compliance task 👉https://tinyurl.com/u6kr7dzz

Read about this Hall of Famer and more CyberCanon-approved books that shape the culture of security.

#CyberCanonHoF #CybersecurityBooks #SecurityAwareness #SecurityCulture

#cybersecurityawarenessmonth #cybercanonhof #cybersecuritybooks #securityawareness #securityculture

Zindre Vasraniva @[email protected] · 2025-09-27 · 19:35 UTC

#MutualDefense #Solidarity #NoKings #Antifa #Anarchist #Socialist
#CommunityDefense #ICEProtests #Portland #KristiNoem #Trump #Authoritarianism
#Resist #Disrupt #DirectAction #DefundThePolice #JuryNullification
#SecurityCulture #SnatchSquads

What's happening right now with the request from Kristi Noem according to Donald Trump to use full force on protesters demonstrating in front of ICE facilities only goes to show how very real the state's insatiable need for blood is.

The state drops its need for war, like a dead mouse on every country's doorstep, even our own, in order to satiate this thirst. This is America, this is what our country has always been. As disgusting as what's happening now is, it is not new.

We sit weeks, days, hours, if not moments away from watching our allies being slaughtered in our own towns by the very forces "intended" to keep them safe from horrors like this. This is not a drill and it is not hyperbole. The rhetoric has been tested, the laws are being preemptively written to criminalize dissent, and the paramilitary forces are being ideologically vetted for their willingness to pull the trigger on their fellow citizens. The call for "full force" is a deliberate and calculated signal, a green light for the kind of violence we have seen deployed against Black and brown communities for generations to now be officially sanctioned against anyone who stands in the way of the state's agenda.

This moment demands that we look directly at the machinery of repression and understand its components. It is the police in tactical gear, but it is also the legislators writing the "anti-riot" laws that equate to crushing resistance with claims of terrorism. It is the governor calling for violence, but it is also the media apparatus that will frame any resistance as unprovoked aggression. It is the orange goblin king baying for blood, but it is also the silent complicity of a political class that has already conceded to fascism for a taste of power. They are not hiding their intentions anymore. They are telling us, in plain language, that they view our assemblies, our solidarity, our cries for justice as existential threats to be crushed without mercy.

This is why our old models of resistance are insufficient. Marching with permits, appealing to the conscience of politicians who have none, relying on the very systems designed to pacify us these are luxuries from a bygone era that is crumbling before our eyes. The state has declared its hand. It does not seek to manage us it seeks to eliminate us. The labels they use, like "domestic terrorist," are not descriptions they are death warrants. They are intended to isolate, to criminalize, and to justify the coming violence in the eyes of a populace conditioned to fear the word "terrorist" more than they fear the death of their neighbors.

Therefore, our only logical and moral response must be the rapid, deliberate, and organized construction of networks of mutual defense. This is not a call for reckless violence it is a call for profound, community based solidarity. It is a recognition that when the state vows to use full force, our survival depends on our ability to have each other's backs without question or hesitation. Anarchists, socialists, abolitionists, community organizers, medics, legal observers, and every person who sees the nightmare on the horizon must now begin the serious work of forming pacts of protection.

These pacts are not abstract. They are built on concrete actions. They mean establishing clear and secure communication channels now, before the phones are shut down or the networks are monitored. They mean training together in de-escalation, first aid, and legal rights, so that when a protest is kettled or raided, we have medics who can treat gunshot wounds and legal teams who can track the arrested. They mean creating rapid response networks that can alert entire cities when a demonstration is under attack, mobilizing observers and support at a moment's notice. They mean setting up community defense patrols that can monitor police movements and protect vulnerable neighborhoods from targeted incursions.

Crucially, this extends to material support. It means building community bail funds that are robust and readily accessible, so no one sits in a cage because they cannot pay for their freedom. It means creating safe houses and escape routes for those who are targeted for arrest or worse. It means sharing resources, from food and water to protective gear, ensuring that no one is left exposed because of poverty. This is the practical meaning of solidarity it is the commitment to ensure that the risks we take are shared and the burdens we carry are collective.

The goal of this mutual defense is not to win a street battle with the police. The goal is to make their intended violence as difficult, costly, and visible as possible. The goal is to ensure that when they move against one of us, they find a hundred of us, standing together, documenting, resisting, and refusing to be scattered. It is to transform their easy targets into unbreakable formations of community resilience. We must make their bloodlust so public, so messy, and so morally repugnant that it shatters the illusion of their authority.

History has shown us that the state's appetite for violence is only checked when it meets organized, unyielding resistance. They rely on our fear, our isolation, our disorganization. Our task is to weaponize our solidarity. Let the calls for "full force" from the Kristi Noems and Donald Trumps of the world serve as our final wake up call. The time for vague solidarity is over. The time for specific, actionable, and sworn pacts of mutual defense is now. Find your people. Make your plans. Swear your oaths. Let them know that if they come for one, they come for us all, and we will not make it easy for them. Our communities are not their hunting grounds. We will become ungovernable not through chaos, but through an ironclad commitment to protecting one another from the storm they are so desperate to unleash.

#mutualdefense #solidarity #nokings #antifa #anarchist #socialist

zindrelle @[email protected] · 2025-09-27 · 19:35 UTC