Newsletter #186: What I Read This Week

Newsletter #186

Nov 20, 2025

Within the security news of the week were updates on some more DPRK stuff, an AI orchestrated espionage campaign, and going over different Security Engineer archetypes.

Meme of the week goes to

There’s a certain beauty to the craft that sometimes doesn’t quite feel the same with AI tools. IYKYK

Now, let’s get into it.

What I Read This Week

Disrupting the first reported AI-orchestrated cyber espionage campaign
- Anthropic reports detecting and responding to an AI ran espionage campaign, first of its kind
- Ended up being kind of a nothing burger when it comes to actionable takeaways. Won’t spend too much time on this one, as its been beaten to death over the past week
- For the full report, check it out here
D@S #69 - FanDuel’s All-Engineer SOC: From Phishing to IR with Custom Agents
Detection at Scale

D@S #69 - FanDuel's All-Engineer SOC: From Phishing to IR with Custom Agents
There’s a shift underway in the implementation of AI in security operations. Tyler Martin, Senior Director of Security Engineering at FanDuel, has been working at the edge of this transformation, building custom AI agents that have changed the scaling laws for his team. Instead of the traditional tier 1-2-3 analyst model, they develop and maintain agent…

Listen now
16 days ago · Jack Naglieri
- Always cool to hear how other teams are approaching some of the same problems we all are
Be KVM, Do Fraud
- Another post on signal for tracking DPRK fraudulent workers
- It goes over data points such as monitor display configs, refresh rates, and more
- Now, I wouldn’t count on KVM’s as a malicious indicator in isolation when looking for this fraudulent activity, but as overall signal
I Studied How Top 0.1% Engineering Teams Do Code Reviews
The System Design Newsletter
I Studied How Top 0.1% Engineering Teams Do Code Reviews
Keep pull requests SMALL, so they’re easy to understand and review. Plus, small pull requests create fewer problems later…
Read more
20 days ago · 72 likes · 3 comments · Neo Kim
- Neo Kim goes over 42 ways teams can have better code reviews
- #1 and #5 are big ones and points that I like to stick to, makes for a cleaner review process
The 5 Cybersecurity Engineer Archetypes
Cyberwox Unplugged
The 5 Cybersecurity Engineer Archetypes (and Why You Should Know Yours)
Every security engineer, regardless of experience level, eventually reaches a point where they pause and ask…
Read more
19 days ago · 5 likes · Day Johnson
- Day goes over 5 archetypes for a Security Engineer and how they approach and work through problems
- Translating how these can look like when it comes to domains in the field

Breach Related News

Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
- Their crimes included allowing IT workers located in NK to use their U.S. identities and hosting the company laptops
- Good news when more of these are locked up

DoorDash hit by new data breach in October exposing user information
- This impacts a mix of customers, Dashers, and Merchants
- The wording is kinda sus here
- Are “first and last name, phone number, email address and physical address” not sensitive information anymore?

Wrapping Up

This week, we caught up on the top stories in Cybersecurity.

P.S. I previously worked on a Cybersecurity Interview Guide to help in the uphill battle that is interviews.

It’s a collection of interview questions and scenarios that you could face, that I’ve annotated over the years and put together in one place.

This is available here

I will announce some updates to this project next week!

See you in the next one.

Danny's Newsletter

Discussion about this post

Ready for more?