Nathaniel Mott
README senior editor Nathaniel Mott has been covering security since 2011, with bylines in PCMag, The Guardian and too many other publications to list here.
Welcome to Commit 09_26_2023, featuring reports on the public-private partnerships that enable U.S. surveillance, a max-severity vulnerability and more.
Welcome to Commit 09_25_2023, with coverage of the group that hacked MGM resorts, a new iOS spyware exploit chain and more.
Welcome to Changelog for 9/21/23, published by Synack! README senior editor Nathaniel Mott here with Signal's plans for quantum computing and other infosec news.
Hello! Welcome to Commit 09_19_2023. README senior editor Nathaniel Mott here with the latest infosec news, starting with ShroudedSnooper and ShadowDragon.
Hello! Welcome to Commit, a companion to Changelog intended to help you stay on top of infosec news in between installments of our weekly newsletter.
Welcome to Changelog for 9/14/23. README senior editor Nathaniel Mott here with the latest on MGM Resorts, a Chrome zero-day and the week's top infosec news.
README senior editor Nathaniel Mott here to tell you that no, you don’t have to check your calendar, it’s not Sunday. We’ve moved Changelog to Thursday so we can bring you the latest cybersecurity news without disturbing your weekend.
Welcome to Changelog for 8/27/23, published by Synack! README senior editor Nathaniel Mott here with a quick housekeeping note: This will be the last installment of the newsletter for August.
Welcome to Changelog for 8/13/23! Nathaniel Mott here with the latest updates on AI-augmented influence operations, Microsoft's ongoing scrutiny and more.
U.S. cyber board’s Lapsus$ postmortem, CPU vulns and remembering Vim’s creator
Welcome to Changelog for 8/6/23, published by Synack! Nathaniel Mott here with the week’s security news. Yes, README will be covering Black Hat and DEF CON later this week, so stay tuned for highlights from Hacker Summer Camp.
Welcome to Changelog for 7/30/23, published by Synack! Nathaniel Mott here, still parsing the New York Times’ blockbuster report Saturday citing intelligence that China “has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world.”
Welcome to Changelog for 7/23/23, published by Synack! Nathaniel Mott here, braving ongoing thunderstorms throughout upstate New York to bring you the week’s most noteworthy goings-on in cybersecurity.
Welcome to Changelog for 7/16/23, published by Synack! Nathaniel Mott here, signing in from upstate New York. README was onsite at the Intelligence and National Security Summit in National Harbor, Md., where editor-in-chief Blake Sobczak picked up the conference highlights from the two-day annual conference.
Welcome to Changelog for 7/9/23, published by Synack! Nathaniel Mott here, hoping we can all finally catch a break from the big East Coast heat wave last week.
Welcome to Changelog for 7/2/23, published by Synack! Nathaniel Mott here, ready to jinx everyone’s Fourth of July by bringing up the “K” word (Kaseya!).
Welcome to Changelog for 6/25/23, published by Synack! Nathaniel Mott here after our Juneteenth break with the latest security news.
Nathaniel Mott here, emerging from the smoke of Ottawa’s wildfires with the week’s security news. A quick programming note: We will not be publishing next week as we honor the Juneteenth holiday.
Welcome to Changelog for 6/4/23, published by Synack! Nathaniel Mott here from the sweltering heat of upstate New York with the week’s security news.
Welcome to Changelog for 5/21/23, published by Synack! Nathaniel Mott here with a recap of what happened in cyber this week. Programming note: Changelog will not publish next week as we observe Memorial Day in the U.S.
Welcome to Changelog for 5/14/23, published by Synack—and Happy Mother’s Day! Nathaniel Mott here with the week’s security news.
Welcome to Changelog for 5/7/23, published by Synack! Nathaniel Mott here with the latest security news and… pickleball? Let’s talk about it.
Welcome to Changelog for 4/30/23, published by Synack! Nathaniel Mott here with the latest security news and the utmost sympathy for everyone heading home from RSA 2023 with new swag, business cards and bone-deep weariness.
Welcome to Changelog for 4/23/23, published by Synack! Nathaniel Mott here, writing in the calm before the RSA 2023 storm—but more on that in a moment.
Welcome to Changelog for 4/16/23, published by Synack! Nathaniel Mott here, back with a look at some of the biggest cybersecurity news of the week.
Welcome to Changelog for 4/2/23, published by Synack! Nathaniel Mott here, back with a look at some of the biggest cybersecurity news of the week.
Welcome to Changelog for 2/26/23, published by Synack! Nate Mott here, signing on from upstate New York—which is currently getting less snow than Los Angeles—with the latest and greatest in the week’s cyber news.
Welcome to Changelog for 2/19/23, published by Synack! Nate Mott here, writing from the cold-once-again boonies of upstate New York with this week’s cyber news:
ChatGPT’s launch last November has captivated the security industry, as the artificially intelligent chatbot’s detailed responses seem ripe for abuse by scammers and cybercriminals. What’s the real threat?
Welcome to Changelog for 2/12/23, published by Synack! The weather’s been nice here in upstate New York, but that hasn’t warmed my heart quite as much as international efforts to make life a little bit harder for some cybercriminals.
Welcome to Changelog for 2/5/23, published by Synack! Nate Mott here feeling old—more on that later—but keen to wrap up the week’s cybersecurity news:
Welcome to Changelog for 1/29/23, published by Synack! Nate Mott here and ready to recap the week in cybersecurity.
ShmooCon 2023 has come and gone. Now it’s time to consider what the most laid-back infosec conference of the year — boasting the quirky tagline, “Less Moose Than Ever” — can tell us about the security industry heading into 2023.
Welcome to Changelog for 1/22/23, published by Synack! Hello from ShmooCon 2023! Nate Mott here, delivering you a special edition from the celebrated hacker conference in Washington, D.C., which ends today. We’ll get right to it:
Welcome to Changelog for 12/18/22, published by Synack! Nate here, delivering your last edition of the year.
A recent FBI warning to Republican and Democratic party leaders about suspicious scanning by Chinese hackers left some researchers scratching their heads.
The “S” in HTTPS stands for “secure,” but a newly disclosed pair of software flaws in one of the most popular open-source cryptographic libraries shows that assurance can come with a caveat.
Apple has recently introduced a standalone security research site, significant changes to its bug bounty program and a bevy of security-related updates with iOS 16.
“Russia is the hurricane, and China is climate change,” a top U.S. cybersecurity official said Tuesday, underscoring White House warnings about the long-term cyberespionage threat posed by Beijing.
A teenager believed to be associated with the Lapsus$ cybercriminal group hacked Uber last week, putting wind in the sails of U.S. efforts to enact stricter cybersecurity rules.
Malware creators are relying on relatively uncommon programming languages such as Rust, Go, and Swift — and not just because they’re sick of writing code in C. Defenders have been forced to keep up.
In its first-ever report for the Department of Homeland Security, a group of top government and industry cyber experts said the Log4j vulnerability triggered “one of the most intensive cybersecurity community responses in history” last December — and it’s far from over.
Recent cyberthreats targeting firmware technology have underscored how tricky it is to weed out malware that can start wreaking havoc before infected computers even boot up.
The U.S. Justice Department last week softened its stance on prosecuting hackers under a decades-old law. Will the updates thaw DOJ’s relations with hacking communities famed for testing limits?
T-Mobile is the latest high-profile target of the Lapsus$ cybercriminal group, whose bar-brawl tactics have stoked tech industry fears of copycat attacks
A government-backed push in Ukraine to get grassroots support for hacking Russia is raising legal and ethical questions.
HermeticWiper, much like the WhisperGate malware discovered in Ukrainian networks last month, deletes the Master Boot Record that allows the Windows operating system to load.
A Super Bowl ad last week from cryptocurrency platform Coinbase featured a bouncing QR code that ruffled feathers in the cybersecurity community. Some experts say the risks of scanning it may have been overblown.
Multi-factor authentication offers users far more protection than a password alone. But experts warn it’s no panacea against hackers.
Cyberattacks targeting the “packages” that underpin global software programs have rattled the open-source community and exposed gaps in developers’ supply chain security practices.