It's the holiday edition! No I'm kidding it's the same stuff as usual. Sorry.
Apparently there is a chat app that is literally spyware developed by a nation state. This isn't a political blog, but the technical implications are deep. Here's a good writeup.
I'm all about supply chain issues, and this is a really good analysis of risks involved with package managers like npm.
Someone reverse engineered an RSA token, and is using it to bypass two factor in the wild.
That's the news folks. See you next decade.