For years we've been told that grand juries in the US are just a rubber stamp for prosecutors (i.e. that they will indict even pork-based comestibles). But increasingly what we're seeing is that grand juries are the last line of defense against an administration that is hellbent on perverting the justice system. From the NYT:

"Federal prosecutors in Washington sought and failed on Tuesday to secure an indictment against six Democratic lawmakers who posted a video this fall that enraged President Trump by reminding active-duty members of the military and intelligence community that they were obligated to refuse illegal orders, four people familiar with the matter said."

"It was remarkable that the U.S. attorney’s office in Washington — led by Jeanine Pirro, a longtime ally of Mr. Trump’s — authorized prosecutors to go into a grand jury and ask for an indictment of the six members of Congress, all of whom had served in the military or the nation’s spy agencies."

"But it was even more remarkable that a group of ordinary citizens sitting on the grand jury in Federal District Court in Washington forcefully rejected Mr. Trump’s bid to label their expression of dissent as a criminal act warranting prosecution."

https://www.nytimes.com/2026/02/10/us/politics/trump-democrats-illegal-orders-pirro.html

Curious what’s scraping my MIRE/C³ cluster?

See what attackers are probing for—and what happens when they try.

I’ve enabled live logging (last 50 lines visible). It should also help me stress-test the host if the traffic spikes…

https://mire.cc/live/

The #opencanary MongoDB "authentic" trap is now running, it allows an unauthenticated attacker to dumb data and leave a ransom note.

I've not tested the exfiltrate logic but let's just say canary tokens and synthetic marmite is provided.

https://toce.ch/unauthenticated-mongodb-honeypot/

MONGO WUZ HERE. ALL UR DATA R BELONG TO US. POOF! 😂

I think I created the next version in 27 minutes. I just need to test it, work got in the way....!! 💩

I added my own #MongoDB stack to #OpenCanary in 41 minutes!!

It seems attackers care less about #MongoBleed and more about deployments facing the Internet and having no authentication.... 🤷‍♂️

https://toce.ch/opencanary-mongodb-honeypot/

#AllUIRDataRBelongUs

@cloudflare I have a wonderful concept that would fit into the Cloudflare portfolio - is there someone that I could speak to about it?

The probes and attacks on the MIRE/C³ cluster fall into many categories with some seeing large volumes of connection attempts and some with few connections (all connections being willingly served with MIRE content, of course).

See for yourself what attackers are trying to steal. On the MIRE/C³ cluster, they are "successful."

⏲️ :blobfacepalm:

https://mire.cc/types-of-attacks/

The MIRE/C³ cluster statistics have been reset as the algorithm has been tweaked in the past week and the logging improved.

It's only cheap hits up to now but let's see the repeat visitors and those hauling archives from the cluster.

MIRE/C³: Misdirection causing Cost and Confusion

https://mire.cc/statistics/

Christmas time is for giving. I give you The Mire - a gift for defenders and coal for the attackers.

A wall is a binary challenge—it either stands or it falls. But The Mire is a process of digital attrition. For two weeks, our server operated as a high-viscosity trap, transforming the attackers' own speed and automation into their greatest liability. In the world of "Hacker Treacle," the faster you try to move, the deeper you sink.

https://mire.cc/333-hours-of-mire/

#happychristmas everybody. I hope the hackers take the time off too.

The Mire is a defensive security system that shifts the economics of attack. Clients that ignore server directives are treated as hostile and met with cost and confusion—wasting time, compute, and analysis while serving convincingly real noise. #infosec #defensivesecurity

https://mire.cc/welcome-to-the-mire/

Has the enshittification of social engineering arrived? I got this in one of my spam folders this morning....

Hello,

My name is Mavis L. Wanczyk, and I'm a jackpot winner in this fictional scenario.
In this sample letter, your email was randomly selected for a donation of USD $3,500,000.
Your sample Donation Code is: MV-75821.
Please reply with this code in this fictional context so the selection can be confirmed.

Warm regards,
Mavis L. Wanczyk

If you have German-speaking friends, share this with them. It's German #sextortion from a "Chinese software developer".

Pay nothing to wallet bc1qyzeme0uwpfg283zvx7km0q7xe869pf6c6qa83r

How they will tremble until they read my breakdown.... 😂

https://ciso.li/german-sextortion-email-scam-explained/

#Shinterface - Nespresso style.

If I no speaky French, how do I get to an English interface?

https://shinterface.com/je-ne-parle-pas-nespresso/

#NordVPN for CHF19 at Digitec:
https://www.digitec.ch/en/s1/product/nordvpn-basis-1-user-10-devicesusers-12-months-software-53646063

Digital code so it does not matter where you are....

Happy #BlackFriday 👍

Since I get waves of semi-legitimate email (i.e. not spam but people thinking MY email address is THEIRS), I dug deeper and discovered that my Gmail address is in various breach databases BECAUSE OF THOSE PEOPLE.

Why don't companies actively verify email addresses? Ah, because it might cause attrition in the signup process.

:headbanger:

https://ciso.li/the-curious-case-of-my-email-address/

@codecat I just checked my XML logic, "null" is indeed "null" - because:

Testing for weak handling:
Some systems don’t validate usernames or passwords well. Attackers try "null" or "NULL" to see if the system treats it as a special value (like a null pointer or empty field), which can sometimes bypass authentication.

Brute-force automation defaults:
Automated tools often cycle through lists of common usernames. "null" is in some default attack lists because historically it has been accepted by misconfigured applications.

Database injections:
"null" can sometimes be used to try SQL injection or NoSQL injection attacks if the backend misinterprets string "null" as a literal null value.

Generic filler for unknown usernames:
Attackers may not know the target username, and "null" is a quick placeholder in automated scripts.

@codecat "null" reads better than a blank, people stuff everything into a login interface.....

@catsalad today it is, yes.
Amazing that the username has 8 chars, dontchathink? 😉

I massively revamped my #opencanary dashboards showing the last 24 hours of attack attack attack.

What's possibly most interesting is that there is a great fluctuation in the hourly volumes.....steered automation at play?

@GossiTheDog just last week they were ultrahappy about the 28Tbps attacks they fended off.

Let me guess, someone borked DNS? 😂