New court documents shed light on what a 25-year-old DOGE worker named Marko Elez did inside Treasury payment systems, including which systems he accessed, security measures Treasury IT staff took to limit his access and activity, and whether he really did have the ability to change source code on production systems as previously reported. The new documents, signed affidavits filed in court by career executives at the Treasury department not political appointees, suggest that the situation inside the Treasury department is more nuanced than previously reported. Here's my story. If you find the piece valuable, please consider becoming a paid subscriber to my Zero Day publication, which is reader supported.

ZERO DAY

Court Documents Shed New Light on DOGE Access and Activity at Treasury Department

New court documents shed light on what a 25-year-old DOGE worker named Marko Elez did inside Treasury Department payment systems, including what Tr...

Have tips? Story ideas? Something you think I should know about? Reach me on Signal at KimZ.42 I cover cybersecurity and national security, writing about: nation-state hacking, espionage, cyber warfare, cybercrime, and policy. I don't write about companies - unless they've done something wrong.

In a first-ever report from the intelligence community, the US government has revealed that it disclosed 39 zero day vulnerabilities to vendors/public to be patched rather than keep them for NSA/CIA/FBI to exploit in hacking operations. The report, however, doesn't say how many zero days the gov discovered in 2023 that it kept to exploit. And ten of the 39 it did disclose that year, it had already kept secret for an unknown number of years to exploit before deciding to disclose them in 2023. Here's my story:

ZERO DAY

U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report

What the government didn't reveal is how many zero days it discovered in 2023 that it kept to exploit rather than disclose. Whatever that number, i...

Last month as drones over NY/NJ made headlines, a radiation-monitoring site reported spikes in radiation in NY, seemingly supporting a theory that the drones were tracking a dirty bomb on the loose there. Only the spikes were fake. I wrote about how the fake info got reported and how it spread on social media

ZERO DAY

Anatomy of a Nuclear Scare

How fake radiation readings in New York and New Jersey, coupled with a mysterious drone swarm, fueled a nuclear scare and became a harbinger for th...