AI: Cybersecurity’s Double‑Edged Sword Demands New Strategies
AI in cybersecurity is your new frenemy. It supercharges attacks via rogue AI and blind spots, yet also defends at machine speed, spotting patterns and automating responses. Success requires adapting classic security. https://t.co/9XdfJYGyDr
Cloud Phones Become New Threat to Banking App Users
Cloud phones are the latest tool to be used against banking app users and the security community should take notice. https://t.co/temWl9DMlh
Don't Rely on Hope for Firmware Security
This is how many view firmware updates. Wishing for the best is not the best security strategy... https://t.co/MnyAcBQT6u
AI Now Contains Cyberattacks in Seconds, Humans as Exception Handlers
27 seconds. That's the fastest observed cyberattack breakout time. Average: 29 minutes. CrowdStrike + IBM just integrated their AIs for machine-speed containment. Human analysts are no longer the first responder. They're the exception handler. https://t.co/47q7R5dt3q
Coruna iPhone Exploit Kit Tied to Operation Triangulation
News about an iPhone exploit kit called Coruna has generated a lot of buzz. Boris Larin (@oct0xor) of the GReAT team digs into the kit and explores the attack chain. And yes, there are clear links to Operation Triangulation. Details:...
Boost Student Data Security Awareness on World Backup Day
🔦 Shine a light on student data security awareness this #WorldBackupDay next week 💽 Tune into this episode & learn how to enhance student data security 🔓Unlock powerful strategies for a secure future today https://t.co/SkQFRzN8q8 @roxi_thompson
SOC 2: Theater, Yet Reveals AI Companies’ Third‑Party Stack
SOC 2 is largely useless theater, much like SOX compliance, but it’s quite useful for identifying the third-party providers a website relies on. DeployGraph: What infrastructure does every AI company run on? https://www.deploygraph.com/
Stay Incognito: Hide Your Chats From AI Profiling
Every chat you have with your favorite AI is fuel for its analysis of you and the profile that it's building of your interests. Instead, here's how to go incognito or private in ChatGPT, Gemini, Claude, and Copilot: https://t.co/YHaJYbOh9E #ai...
Built‑in Cyber Defense Keeps Public Safety Communications Uninterrupted
In public safety, cyber security can’t be an add-on. It needs to be designed into the network. @T_Priority on T-Mobile’s 5G network isolates threat traffic at the network layer, so priority communications stay secure. Resilience should be built in, not bolted on....
Public Allocator Flaw Cost Morpho $5K Hack
"At the time of the hack, the damage in Morpho was $5k. But the 'public allocator' feature, which was supposed to be good, was not." https://t.co/FwY7H6TiKM
Identity Theft: Verizon Account Opened without Consent
Someone opened up a Verizon Business account in my name, got two lines and internet, but never changed the billing address so I just got the bill. Currently on hold with their fraud department
Preventing USR Hacks: Expert Advice From Omer Goldberg
"There are ways to prevent this type of hacks," says @omeragoldberg on Uneasy Money, speaking about USR https://t.co/FwY7H6TiKM
Curators Set Morpho Caps to Zero, Unaware It Fails
The moment curators realized the Resolv hack was happening, they set Morpho supply caps to zero. Morpho's own documentation warns that setting caps to zero doesn't stop the attack. Most curators didn't know that. https://t.co/P1vIs3eM4Z
Trivy Compromise Spreads to Major Python Package
Aqua Security’s Trivy vulnerability scanner compromise is trickling down into a hugely popular Python package. https://t.co/oj8J8KJrGo
Chinese Firms Boost AWS Compliance Demand 250% Abroad
Chinese companies' demand for Amazon Web Services compliance has increased by 250% as they expand overseas | Going Global · Technology _ https://t.co/YUHaLiFdIV https://t.co/w6d3n4u8bd
EU NIS2 Overhauls Cybersecurity for PV Plant Operators
How EU NIS2 is reshaping cybersecurity for PV plant operators #energysky -- via pv magazine global: https://t.co/eSJkuEt6jK
Securing the Agentic Economy: Future of Finance Webinar
Excited to be joining Skyler Fox from @ProveIdentity to lead a webinar exploring the practical requirements for securing the agentic economy and what this means for the future of financial services. Register here: https://t.co/YLubCFXpnR @chyppings #agenticai #digitalidentity https://t.co/xeWxcrgXty
Thousands' Driver's Licenses Misused for Fake Delivery Accounts
Oh, it's far worse that what has been reported on thus far. There are thousands of Americans who have had pictures of their licenses used to create accounts across delivery apps.
Beware: Fake DMs Claiming to Be Me—Report Them
⚠️ Heads up: if you get a DM from an account that looks like me, it isn’t me. I don’t DM followers or use alternate accounts. Please report it. Appreciate the help.
Your Domain Is the Security Foundation, Not a Card
Treating your domain name as just a digital business card is a massive security oversight. In reality, it is the bedrock of your Security Infrastructure. 🛡️ If your domain is compromised, everything else - your email, your SSL certificates, and your...
Security Evolves: From Cost Center to AI Enabler
Just dropped: Securing the Agentic Enterprise - my deep-dive post-platformization analysis of Palo Alto Networks' big RSAC 2026 moves. From chatbots to autonomous agents: security must evolve from cost center to business enabler. Prisma AIRS 3.0, secure browser, NGTS & unified...
Post‑Quantum .NET Encryption Boosts Performance by Stripping Excess
Tonight was learning about post-quantum encryption in .Net & performance improvements by ditching ... well most everything 😆 https://t.co/LAUpVGDpiW
Encrypted Frontier Models Enable Private, Monetizable Inference
I’m often asked about the possibility of using frontier models in an open source environment. I believe that one way or another, frontier companies will eventually adopt the same approach as @near_ai has to privacy, secure enclaves, and end-to-end encryption....
Malware on Support PC Gave Hacker 24‑hour Network Access
A support agent's computer was infected with malware, giving a hacker 24 hours of play time inside Crunchyroll's network. https://t.co/tBl0LR3AdO
AWS Now Adds IDs to Security Group Rules
I thought there was a problem with the security group rules created by my bootstrap script initially but there was not. AWS added ids to security group rules which threw me for a loop in my tired state when I...
Google Releases 60‑control Checklist and Terraform for Cloud Security
346: Zuckerberg Finally Finds His People, They Are All AI Agents One does not simply walk into cloud security - but Google just published a 60-control checklist and some Terraform to help you try. Ryan loves it, but what does...
Supply-Chain Attacks Demand Isolated, AI-Driven Code
🚨 Supply chain attacks are the scariest threat in modern software. The LiteLLM compromise was an absolute nightmare scenario. The reality check: → A compromised update hit a package with 97M downloads a month → Grabbed SSH keys, database passwords, and API keys → Spread...
Windows 11 Security Update Fails: Why and What to Do
Stuck with a Security Update that's failing every time you try to install it on your Windows 11 PC? It's a widespread problem for PC owners. Here's what's going on and how to keep your PC safe in the meantime......
Litellm Breach Pales Beside Worse AI Supply Chain Threats
the litellm compromise is bad… But you’d 🤮 if you’ve seen some of the stuff in the AI supply chain I’ve seen 🫠
Threat Handoffs Now Occur in Seconds, Not Hours
"In 2022, the median time between an initial access event and the hand-off to a secondary threat group was more than 8 hours. In 2025, that window collapsed to just 22 seconds." https://t.co/gjePO94A0N < important security data in this new...
LiteLLM Compromised Despite “Secured by Delve” Claim
Oh damn, I thought this WAS a joke ... but no, LiteLLM *really* was "Secured by Delve" (the company that rubber stamped all of these audits, and seems to have been on the edge of fraudlent auditing, but useless for sure) And...
Google Adds Dark‑web Intel for Faster Threat Detection
"To get teams the critical data they need to make quick, accurate decisions about rising threats, we’re introducing a new dark web intelligence capability in Google Threat Intelligence." https://t.co/qGKDWJjI36 < identify risks faster and get ahead of adversaries
Even Supposedly Secure Systems Face Unauthorized Third‑party Integration Risks
This has earth-shattering implications for systems that thought they were immune from unauthorized 3rd-party integrations.
Synthetic Data Keeps Customer Info Safe From Frontier AI
Most of these AI solutions right now for the cybersecurity industry are utilizing frontier models. That should scare a lot of folks - customer data going into extremely new technology platforms that they literally state their new models, features/functionality are...
NightBeacon AI Detects Phishing in Seconds, Automates Response
NightBeacon AI today identified an insanely cool phishing email attack that showed up on GTI/other sources as benign/non malicious. How it worked: NightBeacon determined the tonality was creating urgency (key indication of social engineering), it looks for any URLs, it went...
Italy Mandates Cybersecurity for Large Solar Installations
Italian solar sector gears up for cybersecurity regulations on PV systems over 100 kW #energysky -- via pv magazine global: https://t.co/uHG0ChzaJN
Over 800 OpenClaw Skills Flagged as Malware
Digging into the latest thinking from @Google Security. One comment... there are >800 skills in #OpenClaw that are known malware. #CIO #CISO #RSAC #AI #Cybersecurity https://t.co/AqDeTBCXdm
Databricks Leverages Anthropic AI to Enter Cybersecurity
Databricks enters cybersecurity... with Anthropic's models inside. The company that stores data now wants to secure it too. The incumbents prepared for AI entering the market.... less clear they're prepared for the data vendor thats already inside the building Sitting down w...
Inverter Cyber Attacks Surge Amid Expanding Solar Threats
Solar cyber threats expand, but inverters still stay in the crosshairs #energysky -- via pv magazine usa: https://t.co/zoWwiHb0Db
Aging Grid Threatens Security Amid Weather, Cyber Risks
JPMorgan Chase & Co. says aging, run-down grid infrastructure now risks undermining security goals, with everything from extreme weather to cyberattacks posing a growing threat. https://t.co/7x2Dguwv4W
US Flags Foreign‑Made Routers as Security Threat
US authorities have turned their attention to routers made outside the US, suggesting they're a national security risk. https://t.co/FxRBqkwa6x
Auto‑copy 2FA Codes Top Convenience, Vaccines Follow
Automatic copying of confirmation codes for 2FA on your phone. But I agree vaccines are a close second
Agentic AI Demands an Observability Control Plane
“In this era of Agenetic AI, organizations will need an ‘observability control plane’”, says Vasu Jakkal, Corporate Vice President, Microsoft Security, @Microsoft during her Monday keynote ‘Ambient and Autonomous Security: Building Trust in the Agentic Al Era’ at #RSAC2026 in...
Update iOS Immediately to Block DarkSword Exploit
NEW from @zackwhittaker @lorenzofb: Someone has posted an exploit kit that can hack hundreds of millions of iPhones to Github. The hacking tool, known as DarkSword, targets out-of-date and older iOS devices. Apple recommends updating to the newest OS now. https://t.co/tJfqYWDOe1
AI Agents Pose Immediate Commerce Security Risks
Your AI agent doesn't have brand loyalty. It doesn't verify addresses properly. And it might just hand $500K in USDC to a scammer. The agentic commerce security problem is real, and it's already here now. Laurens Fraussen and Steven Ehrlich...
Cyber War Begins: Companies Face First Attacks
The War Is Going Cyber and Companies Are the First to Be Attacked #ArtificialDecisions #MCC https://t.co/PGGJukkaqK
Understanding Where FIDO2 Passkey Private Bits Reside
Where are the Private Bits of FIDO2 Compliant Passkey Stored? Just because you’re vibe coding doesn’t mean you no longer need to understand how things work. Research for my tool to start a batch job with a Yubikey. https://t.co/GK9IGy1Vi9 https://t.co/5NFLp5P7Oc
Agentic AI Expands Attack Surface, Prompting Injection Focus
As AI systems become more agentic, we are rapidly expanding the attack surface. Prompt injection isn’t a corner case—it’s a natural outcome of: – untrusted inputs – tool access – delegated autonomy This shifts the question from “does it work?” to “how does it fail...
China's OpenClaw AI Fuels Lobster Agent Cybersecurity Panic
"Raising a lobster" is the new Labubu OpenClaw AI goes viral in China, raising cybersecurity fears Email deletion scare underscores risks as ‘lobster’ agents surge across real-world AI systems handling sensitive personal data #China #techwar #chips #tech @baoshaoshan @thecyrusjanssen @DOualaalou @lajohnstondr @PSTAsiatech https://t.co/LceRUFV7T6
Open‑Source XIAM: Seven Years of Identity Innovation
Talked to Fletcher Heisler from Authentik about Extended Identity Access Management — XIAM. Open source identity, seven years in the making. Worth a listen: https://risky.biz/RBNEWSSI120/
