Nathaniel Mott

README senior editor Nathaniel Mott has been covering security since 2011, with bylines in PCMag, The Guardian and too many other publications to list here.

Changelog: Law enforcement disrupts (and trolls) LockBit
Welcome to Changelog for 2/22/2024, published by Synack! README senior editor Nathaniel Mott here with the week’s juiciest security news.
Changelog: Volt Typhoon threat is the real deal
Welcome to Changelog for 2/15/2024, published by Synack! README senior editor Nathaniel Mott here from the once-again-frozen backwoods of upstate New York with your week in cyber.
Changelog: All eyes on China (and toothbrushes)
Welcome to Changelog for 2/8/2024, published by Synack! README senior editor Nathaniel Mott here on a sunny January day with the week’s leading security news.
Changelog: U.S. cyber leaders warn of China threat
Welcome to Changelog for 2/1/2024, published by Synack! README senior editor Nathaniel Mott here with yet another cold… and, of course, the hottest cybersecurity news of the week.
Changelog: Midnight Blizzard rolls over Microsoft and HPE
Welcome to Changelog for 1/25/2024, published by Synack! README senior editor Nathaniel Mott here with meteorological whiplash to bring you the top infosec news.
Changelog: Russian hackers pick up new tricks
Welcome to Changelog for 1/18/2024, published by Synack! README senior editor Nathaniel Mott here with the week’s top security news.
Changelog: Ivanti discloses the biggest zero-days of the year so far
Welcome to Changelog for 1/11/2024, published by Synack! README senior editor Nathaniel Mott here emerging from the first big storm of the year to bring you the latest security news.
Changelog: A bleak start to the new year
Welcome to Changelog for 1/4/2024, published by Synack! README senior editor Nathaniel Mott here with the first installment of the year.
Changelog: A look back at 2023 and ahead to 2024
Welcome to Changelog for 12/21/2023, published by Synack! README senior editor Nathaniel Mott here with a special installment looking back at the year that was.
Commit 12_19_2023: FBI bamboozles BlackCat
Welcome to Commit 12_19_2023! README senior editor Nathaniel Mott here with the final installment of the year.
Commit 12_18_2023: Predatory Sparrow dives again
Welcome to the penultimate Commit of 2023! README senior editor Nathaniel Mott here with the security news of the moment.
Changelog: Russia doubles down on Ukrainian telecom attacks
Welcome to Changelog for 12/14/2023, published by Synack! README senior editor Nathaniel Mott here to bring you the latest cybersecurity news in the penultimate installment of the year.
Commit 12_12_2023: Patch Tuesday mends a few scratches
Welcome to Commit 12_12_2023! README senior editor Nathaniel Mott here with the day’s leading security news.
Commit 12_11_2023: A lot of hackin’ going on
Welcome to Commit 12_11_2023! README senior editor Nathaniel Mott here with the world’s longest cold and some hot-hot security news.
Changelog: Spying via push notifications
Welcome to Changelog for 12/7/2023, published by Synack! README senior editor Nathaniel Mott here under the watchful eye of an elf on a shelf with the week’s security news.
Commit 12_05_2023: DNA, water and… spam?
Welcome to Commit 12_05_2023! README senior editor Nathaniel Mott here with some of the day’s leading security news.
Commit 12_04_2023: U.K. nuclear site hacked (or not)
Welcome to Commit 12_04_2023! README senior editor Nathaniel Mott here with a cup of cheer… or, no, actually it’s the leading cybersecurity news.
Changelog: There is no silver lining
Welcome to Changelog for 11/30/2023, published by Synack! README senior editor Nathaniel Mott here amongst the candy canes and mistletoe with the week’s leading stories.
Commit 11_28_2023: The ransomware hydra
Welcome to Commit 11_28_2023! README senior editor Nathaniel Mott here with a bit of good news about ransomware and a lot of bad news about ransomware.
Commit 11_27_2023: Bringing 'secure by design' to AI
Welcome to Commit 11_27_2023! README senior editor Nathaniel Mott back from the Thanksgiving break with the leading cybersecurity news of the last few days.
Changelog: How secure is America’s critical infrastructure?
Welcome to Changelog for 11/16/2023, published by Synack! README senior editor Nathaniel Mott here with the week's security news.
Commit 11_14_2023: Different TTPs for different times
Welcome to Commit 11_14_2023! README senior editor Nathaniel Mott here with the leading security news of the week so far.
Commit 11_13_2023: Trouble in the land down under
Welcome to Commit 11_13_2023! README senior editor Nathaniel Mott here after the long weekend with some of the hottest cybersecurity news.
Changelog: Another cyber-enabled power outage
Welcome to Changelog for 11/9/23, published by Synack! README senior editor Nathaniel Mott here with the week's leading security news.
Commit 11_8_2023: Surprise! Ransomware gangs are exploiting that Confluence vuln
Welcome to Commit 11_7_2023! README senior editor Nathaniel Mott here with a bit of a cold… and the hottest cybersecurity news.
Commit 11_6_2023: Were you expecting good news this month?
Welcome to Commit 11_6_2023! README senior editor Nathaniel Mott here on this chilly November day with the top infosec news.
Changelog: Security teams caught between a rock and a hard place
Welcome to Changelog for 11/2/23, published by Synack! README senior editor Nathaniel Mott here after the first upstate New York snow of the season with the week’s top infosec news.
Commit 10_31_2023: SolarWinds in the SEC’s hot seat
Welcome to Commit 10_31_2023! README senior editor Nathaniel Mott here on the spookiest day of the year with the top cybersecurity news.
Commit 10_30_2023: Malware and mysteries
Welcome to Commit 10_30_2023! README senior editor Nathaniel Mott here the day before Halloween with your infosec news.
Changelog: How to lose $2 billion
Welcome to Changelog for 10/26/23, published by Synack! README senior editor Nathaniel Mott here with the week's top infosec news.
Commit 10_24_2023: Stuff we Okta know
Welcome to Commit 10_24_2023! README senior editor Nathaniel Mott here with your twice-weekly serving of steaming-hot cybersecurity news.
Commit 10_23_2023: Living in strange times
Welcome to Commit 10_23_2023! README senior editor Nathaniel Mott here on the first non-rainy day in what feels like an epoch to bring you the hottest infosec news.
Changelog: End times for Ragnar Locker and Trigona?
Welcome to Changelog for 10/19/23, published by Synack! README senior editor Nathaniel Mott here with the week's top infosec news.
Commit 10_17_2023: The scourge of untrustworthy browser updates
Welcome to Commit 10_17_2023! README senior editor Nathaniel Mott here with the top infosec news.
Commit 10_16_2023: Sandworm goes after Ukrainian telcos
Welcome to Commit 10_16_2023! README senior editor Nathaniel Mott here with the top cybersecurity news.
Changelog: The “C” in SEC stands for “cyber”
Welcome to Changelog for 10/12/23, published by Synack! README senior editor Nathaniel Mott here with the week's top cyber news.
Commit 10_10_2023: Predator targets journalists, politicians
Welcome to Commit 10_10_2023!
Changelog: AI will improve security—right after it stops making it worse
Welcome to Changelog for 10/5/23, published by Synack! This week: the Microsoft Digital Defense Report, a potential return of Qakbot and more.
Commit 10_03_2023: Ransomware as far as the eye can see
Welcome to Commit 10_03_2023! README senior editor Nathaniel Mott here with the latest cybersecurity news, starting with a spree of ransomware attacks.
Commit 10_02_2023: Are we cyber-aware yet?
Welcome to Commit 10_02_2023! README senior editor Nathaniel Mott here a day into Cybersecurity Awareness Month with the latest infosec news.
Changelog: Deja vu on the edge
Welcome to Changelog for 9/28/23, published by Synack!
Commit 09_26_2023: U.S. surveillance relies on private allies
Welcome to Commit 09_26_2023, featuring reports on the public-private partnerships that enable U.S. surveillance, a max-severity vulnerability and more.
Commit 09_25_2023: Schrödinger's Scattered Spider
Welcome to Commit 09_25_2023, with coverage of the group that hacked MGM resorts, a new iOS spyware exploit chain and more.
Changelog: Signal makes a quantum leap
Welcome to Changelog for 9/21/23, published by Synack! README senior editor Nathaniel Mott here with Signal's plans for quantum computing and other infosec news.
Commit 09_19_2023: ShroudedSnooper, ShadowDragon
Hello! Welcome to Commit 09_19_2023. README senior editor Nathaniel Mott here with the latest infosec news, starting with ShroudedSnooper and ShadowDragon.
Commit 09_18_2023: Hello, world!
Hello! Welcome to Commit, a companion to Changelog intended to help you stay on top of infosec news in between installments of our weekly newsletter.
Changelog: MGM outages mark new chapter of ransomware chaos
Welcome to Changelog for 9/14/23. README senior editor Nathaniel Mott here with the latest on MGM Resorts, a Chrome zero-day and the week's top infosec news.
Changelog: Microsoft breaks down the Storm-0558 hack
README senior editor Nathaniel Mott here to tell you that no, you don’t have to check your calendar, it’s not Sunday. We’ve moved Changelog to Thursday so we can bring you the latest cybersecurity news without disturbing your weekend.
Changelog: Another busy week for Beijing cyberthreats
Welcome to Changelog for 8/27/23, published by Synack! README senior editor Nathaniel Mott here with a quick housekeeping note: This will be the last installment of the newsletter for August.
Changelog: The calm before many AI storms
Welcome to Changelog for 8/13/23! Nathaniel Mott here with the latest updates on AI-augmented influence operations, Microsoft's ongoing scrutiny and more.
U.S. cyber board’s Lapsus$ postmortem, CPU vulns and remembering Vim’s creator
U.S. cyber board’s Lapsus$ postmortem, CPU vulns and remembering Vim’s creator
Back-to-back Ivanti vulns, Microsoft woes and robocaller schadenfreude
Welcome to Changelog for 8/6/23, published by Synack! Nathaniel Mott here with the week’s security news. Yes, README will be covering Black Hat and DEF CON later this week, so stay tuned for highlights from Hacker Summer Camp.
Disruptive Chinese malware, Storm-0558 fallout and SEC cyber rules
Welcome to Changelog for 7/30/23, published by Synack! Nathaniel Mott here, still parsing the New York Times’ blockbuster report Saturday citing intelligence that China “has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world.”
Google cuts the cord, Microsoft takes a security pay cut and the U.S. slaps spyware firms
Welcome to Changelog for 7/23/23, published by Synack! Nathaniel Mott here, braving ongoing thunderstorms throughout upstate New York to bring you the week’s most noteworthy goings-on in cybersecurity.
China’s U.S. agency hacking spree, zero-days galore and USB malware
Welcome to Changelog for 7/16/23, published by Synack! Nathaniel Mott here, signing in from upstate New York. README was onsite at the Intelligence and National Security Summit in National Harbor, Md., where editor-in-chief Blake Sobczak picked up the conference highlights from the two-day annual conference.
TrueBot rises, a major port gets ransomwared and EVs’ cyber problem
Welcome to Changelog for 7/9/23, published by Synack! Nathaniel Mott here, hoping we can all finally catch a break from the big East Coast heat wave last week.
The SEC goes after SolarWinds, LockBit extorts TSMC and a high school password fail
Welcome to Changelog for 7/2/23, published by Synack! Nathaniel Mott here, ready to jinx everyone’s Fourth of July by bringing up the “K” word (Kaseya!).
Apple patches zero-days, MOVEit Transfer vuln leaks and the FBI gets cute
Welcome to Changelog for 6/25/23, published by Synack! Nathaniel Mott here after our Juneteenth break with the latest security news.
MOVEit users extorted, Barracuda bitten and GoAnywhere woes not going anywhere
Nathaniel Mott here, emerging from the smoke of Ottawa’s wildfires with the week’s security news. A quick programming note: We will not be publishing next week as we honor the Juneteenth holiday.
A new iOS zero-click exploit, MOVEit sees mass exploitation and ransomware keeps on coming
Welcome to Changelog for 6/4/23, published by Synack! Nathaniel Mott here from the sweltering heat of upstate New York with the week’s security news.
Ransomware that cares, TLD concerns and the “Sangria Tempest” cyberthreat
Welcome to Changelog for 5/21/23, published by Synack! Nathaniel Mott here with a recap of what happened in cyber this week. Programming note: Changelog will not publish next week as we observe Memorial Day in the U.S.
Snake’s takedown, irksome commercial surveillance and a federal data breach
Welcome to Changelog for 5/14/23, published by Synack—and Happy Mother’s Day! Nathaniel Mott here with the week’s security news.
Ransomware struggles, a SolarWinds retrospective and a safety win for location trackers
Welcome to Changelog for 5/7/23, published by Synack! Nathaniel Mott here with the latest security news and… pickleball? Let’s talk about it.
PaperCut vulnerabilities, DDoS amplification and jerks leaking info about schoolkids
Welcome to Changelog for 4/30/23, published by Synack! Nathaniel Mott here with the latest security news and the utmost sympathy for everyone heading home from RSA 2023 with new swag, business cards and bone-deep weariness.
RSAC 2023, supply chain problems and a broken ransomware record
Welcome to Changelog for 4/23/23, published by Synack! Nathaniel Mott here, writing in the calm before the RSA 2023 storm—but more on that in a moment.
Israeli spyware revealed, a doozy of a Patch Tuesday and ransomware fallout
Welcome to Changelog for 4/16/23, published by Synack! Nathaniel Mott here, back with a look at some of the biggest cybersecurity news of the week.
Russia’s ‘Vulkan Files,’ a 3CX supply chain attack and White House action on spyware
Welcome to Changelog for 4/2/23, published by Synack! Nathaniel Mott here, back with a look at some of the biggest cybersecurity news of the week.
Honeypots for Dota cheats, Dole ransomware and Russia’s waning influence ops
Welcome to Changelog for 2/26/23, published by Synack! Nate Mott here, signing on from upstate New York—which is currently getting less snow than Los Angeles—with the latest and greatest in the week’s cyber news.
Stalkerware worries, a WebKit zero-day and Chris Inglis’s departure
Welcome to Changelog for 2/19/23, published by Synack! Nate Mott here, writing from the cold-once-again boonies of upstate New York with this week’s cyber news:
AI-powered phishing: Chatbot hazard or hot air?
ChatGPT’s launch last November has captivated the security industry, as the artificially intelligent chatbot’s detailed responses seem ripe for abuse by scammers and cybercriminals. What’s the real threat?
Trickbot sanctions, hypervisor woes and ransomware by any other name
Welcome to Changelog for 2/12/23, published by Synack! The weather’s been nice here in upstate New York, but that hasn’t warmed my heart quite as much as international efforts to make life a little bit harder for some cybercriminals.
Passing the buck in cybersecurity, unleashing managed Chromebooks and ransomware attacks on schools
Welcome to Changelog for 2/5/23, published by Synack! Nate Mott here feeling old—more on that later—but keen to wrap up the week’s cybersecurity news:
Hive disrupted, Google’s ad problems and new wiper malware in Ukraine
Welcome to Changelog for 1/29/23, published by Synack! Nate Mott here and ready to recap the week in cybersecurity.
Top takeaways from ShmooCon: Less moose, more cyberthreats
ShmooCon 2023 has come and gone. Now it’s time to consider what the most laid-back infosec conference of the year — boasting the quirky tagline, “Less Moose Than Ever” — can tell us about the security industry heading into 2023.
ShmooCon highlights, T-Mobile’s API security woes and the government’s unfinished cyber business
Welcome to Changelog for 1/22/23, published by Synack! Hello from ShmooCon 2023! Nate Mott here, delivering you a special edition from the celebrated hacker conference in Washington, D.C., which ends today. We’ll get right to it:
Disappearing SBOMs, a bevy of zero-days and the Father Christmas Worm
Welcome to Changelog for 12/18/22, published by Synack! Nate here, delivering your last edition of the year.
China is scanning U.S. political targets. Who should care?
A recent FBI warning to Republican and Democratic party leaders about suspicious scanning by Chinese hackers left some researchers scratching their heads.
OpenSSL vulnerabilities are closer to heartburn than Heartbleed
The “S” in HTTPS stands for “secure,” but a newly disclosed pair of software flaws in one of the most popular open-source cryptographic libraries shows that assurance can come with a caveat.
4 takeaways from Apple’s security blitz
Apple has recently introduced a standalone security research site, significant changes to its bug bounty program and a bevy of security-related updates with iOS 16.
U.S. braces for China to eclipse Russian cyberthreat
“Russia is the hurricane, and China is climate change,” a top U.S. cybersecurity official said Tuesday, underscoring White House warnings about the long-term cyberespionage threat posed by Beijing.
How to pitch README
We’re looking for new writers eager to contribute to the security conversation!
Uber hack jolts outlook for MFA, cybersecurity regulations
A teenager believed to be associated with the Lapsus$ cybercriminal group hacked Uber last week, putting wind in the sails of U.S. efforts to enact stricter cybersecurity rules.
Hacking in tongues: Malware authors shake up their programming languages
Malware creators are relying on relatively uncommon programming languages such as Rust, Go, and Swift — and not just because they’re sick of writing code in C. Defenders have been forced to keep up.
‘Once-in-a-generation’ Log4j vulnerability could linger for a decade — cyber safety board
In its first-ever report for the Department of Homeland Security, a group of top government and industry cyber experts said the Log4j vulnerability triggered “one of the most intensive cybersecurity community responses in history” last December — and it’s far from over.
Deep-rooted firmware cyberthreats put defenders in a bind
Recent cyberthreats targeting firmware technology have underscored how tricky it is to weed out malware that can start wreaking havoc before infected computers even boot up.
How far can ‘good-faith’ hacking go? Experts question new DOJ guidance
The U.S. Justice Department last week softened its stance on prosecuting hackers under a decades-old law. Will the updates thaw DOJ’s relations with hacking communities famed for testing limits?
Lapsus$ breaks windows instead of picking locks, and that terrifies cybersecurity experts
T-Mobile is the latest high-profile target of the Lapsus$ cybercriminal group, whose bar-brawl tactics have stoked tech industry fears of copycat attacks
What do hackers risk by joining the ‘IT Army of Ukraine’?
A government-backed push in Ukraine to get grassroots support for hacking Russia is raising legal and ethical questions.
“Meant to be devastating.” Wiper malware rattles Ukraine as Russia presses invasion
HermeticWiper, much like the WhisperGate malware discovered in Ukrainian networks last month, deletes the Master Boot Record that allows the Windows operating system to load.
Crying wolf over QR codes? Coinbase’s Super Bowl ad sparks infosec debate
A Super Bowl ad last week from cryptocurrency platform Coinbase featured a bouncing QR code that ruffled feathers in the cybersecurity community. Some experts say the risks of scanning it may have been overblown.
Big Tech is mandating MFA. Hackers have workarounds
Multi-factor authentication offers users far more protection than a password alone. But experts warn it’s no panacea against hackers.
The internet is hooked on packages. Hackers have noticed
Cyberattacks targeting the “packages” that underpin global software programs have rattled the open-source community and exposed gaps in developers’ supply chain security practices.