There is some dark amusement about an MDM and general enterprise management and security systems being used as the attack vector. Ivanti in particular has proven itself to be swiss cheese as of late, and would be bankrupt if people cared about security rather than it being a compliance/insurance checkbox that truly _nobody_ cares about in practice.

Semi-related: with the recent much-touted cybersecurity improvements of AI models (as well as the general recent increase in tensions and conflicts worldwide) I wonder just how much the pace of attacks will increase, and whether it’ll prove to be a benefit or a disadvantage over time. Government sponsored teams were already combing through every random weekend project and library that somehow ended in node or became moderately popular, but soon any dick and tom will be able to do it at scale for a few bucks. On the other hand, what’s being exploited tends to get patched in time - but this can take quite a while, especially when the target is some random side project on github last updated 4 years ago.

My gut feeling is that there will be a lot more exploitation everywhere, and not much upside for the end consumer (who didn’t care about state level actors anyway). Probably a good idea to firewall aggressively and minimize the surface area that can be attacked in the first place. The era of running any random vscode extension and trust-me-bro chrome extension is likely at an end. I’m also looking forward to being pwned by wifi enabled will-never-be-updated smart appliances that seem to multiply by the year.