2025 - Week 48 & 49

There is a lot going on these days, so here are my notes for both weeks 48 & 49.

What happened in the world#

• The situation is still horrible in Palestine, Amnesty International said that Israel is still committing genocide in Gaza, this Forensic Architecture visualization shows the current situation with the new yellow line in the middle of the Gaza Strip. In the meantime, Israeli soldiers killed two Palestinians after they surrendered (be careful, the video shown on social media and most articles is hard to watch).
• Amnesty International has published two important reports on anti-union abuse in the garment industry.
• The situation continues to get worse in Tunisia, with the arrest of opposition figure in a widening crackdown.

Technology - for good and for bad#

• Reporters Without Borders was targeted by the Russian state-sponsored group Calisto in a phishing campaign.
• A new series of publications about the Predator spyware provided more details on the infection techniques, corporate structure and identified potential customers in Bostwana, Pakistan and Philippines, see the articles from Amnesty International, Haaretz, Google and Recorded Future.
• Apple and Google sent a new round of cyber threat notifications to users around the world.
• X added a new feature showing locations of accounts without details on how this location is estimated. Quickly, this has exposed unexpected locations for major US political accounts but it is also a danger for people whose safety depends on their anonymity.
• An interesting open letter by many cybersecurity professionals on outdated digital security advices (such as changing passwords regularly). While I like the idea and the debate, I feel some advices lacked nuances on threat scenarios and privacy questions.
• The European Commission fined X 120 million euros for a deceptive blue check verification system and Elon Musk decided to ban the EC X account from making ads.
• An interesting history of Paulina Borsook, who published a book in 2000 called Cyberselfish that criticized already the Silicon Valley and its libertarianism.
• As new age verification laws are passed in many US states, some activists are trying to push back against it.
• A court filing shows that Meta halted internal research suggesting that Facebook was leading to depression and anxiety.
• Another dystopian story: a US company has been training an AI model on prison phone calls in order to identify planned crimes.
• Many AI workers are raising the alarms about the risk of AI models while more than a 100 Amazon workers signed an open letter about AI risks, especially on climate change (the letter is available here).
• An article showing that 13 new countries accepted to open their market to Starlink while Elon Musk was part of the Trump administration and 13 more since.
• The New York Times is suing Perplexity for copyright infringement.

Digital investigations:#

• Some news in the certificate transparency world, with a new platform called CertKit allowing to search in CT logs (I added to my list available here), and a new promising python library to monitor CT logs by the Polish CERT.
• A useful tool to help build Google Dorks: FilePhish
• My OSINT training recently published a really useful list of bookmarklets for Social Media websites (it definitely deserve a blog post to look into this in depth).
• As mentioned above, many people started to use X new location feature to understand who was behind some big X accounts.
• OONI made an interesting presentation on their work to measure ECH deployment at IETF 124.
• A command-line tool to download IPA files from the Play Store.
• Maltego transforms to query the platform pappers.fr (that contains data on French companies) made by Reflets.

What I did#

• I attended the November Indicator workshop that mostly addressed their recent guide to hunting for documents and files in open buckets, servers, and directories.
• I used the Black Friday discounts to get access to the Let’s Defend learning platform. I like these learning platforms that run VMs in the browser for exercises, but I am a bit afraid finding too much beginner-level content.
• I attended the yearly general assembly of OpenFacto.
• I attended workshops on researching corporations and how to write concisely.

Running giraffe by Tambako The Jaguar (CC BY-ND)

Reading & listening#

• I continued listening to the great Lawpod series on preserving evidences with the episode 4 with the Reckoning Project and episode 5 with Amnesty International.
• I am listening to the podcast series on WWII by The Rest Is History and it is really good.
• A fascinating article on sperm whale clicks to communicate and how dangerous it can be.
• Interesting reflections by Alexis on AI and development.
• I found this recent xkcd very touching.
• A good article on the need to have alt text in images.
• The fascinating story of Marge and Jerry Selbee who made 3.5 millions by playing a lottery with a mathematical flaw.

This week in music#

I discovered the great Turkish pianist Büşra Kayıkçı in Arte concert: