AI Security and AI-Driven Defense Lead Microsoft Pre-Day
On the ground for @Microsoft's Security Pre-Day. This is always a good session to kick off RSAC week. Lots to unpack, but suffice it to say that security-for-AI and AI-for-security were the key themes. Full analysis to come. #CIO #CISO #RSAC2026 #Cybersecurity https://t.co/j215sy93Uv
AI Agents Transform Insider Risk From Alerts to Guidance
Excited to share that Ballistic Ventures led the Series A investment in Above Security, as the company emerges from stealth today with $50M in funding. Insider risk is one of the most persistent - and misunderstood - problems in cybersecurity. It’s...
Prepare for AI Swarm Attacks with New Cyber Playbook
AI Swarm Attacks Are Coming, Is Your Business Ready? #AI #swarm attacks, powered by autonomous agents, #deepfake #phishing , and always-on malware, could transform #cybercrime and leave unprepared businesses dangerously exposed. This article explains why leaders need a new #cybersecurity...
Dual AI Workflow Doubles Quality of Specs and Reviews
Created a chatgpt 5.4 plugin for Claude, it automatically gets a "second opinion", forges the best results for prd/spec/implementation. Once finished and reviewed, submits to chatgpt for bug review / security review analysis. Works insanely better having two work together. ⏺...
New Framework Delivers Unprecedented SCADA Cybersecurity
New framework promises unprecedented level of cybersecurity for SCADA systems #energysky -- via pv magazine global: https://t.co/WiAfR3TSL6
Iranians May Soon Target Lucrative Data Center Assets
I wondered when the Iranians would get around to targeting data centers. They're pretty juicy, as potential targets go.
Government Digital IDs Threaten Personal Data Security
This is why government digital ID is a terrible idea. Trusting these useless clowns with your personal data is a recipe for disaster.
How to Protect Yourself After Companies House Breach
I’m worried about the Companies House data breach, what can I do? - The Times and The Sunday Times https://t.co/Ob5FvbS46f
Lawmakers Seek VPN Bans to End Online Anonymity
I’ve been repotting on this, there are already state lawmakers pushing for VPN bans. The goal is to fully remove anonymity from the internet
AI Agents Lack Security Guardrails; NVIDIA Releases NemoClaw
Your AI agent can execute code and call external APIs. How many security guardrails does it have? For most people: zero. NVIDIA just open-sourced NemoClaw. https://t.co/2Kwv30NOkN
Silencing AI Noise to Build Practical AWS Automation
I’ve started muting all the accounts pushing hot takes on ai 🤖 so I can focus on getting things done. If it’s not contributing towards accomplish something not really helping. Here’s what I’ve gotten done or trying to get done with...
2022‑2024 Energy Infrastructure Cyberattacks Mapped
All 2022–2024 cyberattacks on energy infrastructure at a glance #energysky -- via pv magazine global: https://t.co/3bPj3iU1nv https://t.co/PZo92XzX1Q
Rust Could Block 80% of Chrome’s Recent Exploits
I asked Google AI mode if rust would have prevented these vulnerabilities out of curiosity. Here’s what it said. 1. The "Hard No" (Prevented by Rust) These categories make up about 80% of your list. In "Safe Rust," the compiler simply won't...
Chrome Update Fixes 26 Remote Code Execution Flaws
Chrome Security Update Patches 26 Vulnerabilities that Enable Attackers to Execute Malicious Code Remotely https://t.co/LgCt5yd3Zb
Avoid Third‑Party DNS Tools Without Customer Approval
I’m sure this works great. I haven’t tried it yet. As a pentester, don’t use this without customer approval because your customers may not want their vulnerability data stored in third party systems. Also they would have to add a...
Attacker Tested Npm Worm Chain with Dummy Payload
Interestingly, the threat actor is said to have swapped out the ICP backdoor payload for a dummy test string ("hello123"), likely to ensure that the entire attack chain is working as intended before adding the malware.
8 Essential Practices to Secure Your Crypto in 2026
How I keep my crypto safe in 2026 Crypto hackers have stolen $10+ billion in the last 4 years. If you are not careful, you'll be next. This article shares 8 security practices that everyone should be using. https://t.co/5wydObIyx8
Niantic's CIA Ties Spark Data Privacy Concerns
Should Niantic's background with the CIA make us nervous about what it's going to do with the virtual world created from 30 billion data points accumulated by Pokemon Go?
Meta Removes Instagram Encryption, Sparking User Frustration
Here’s a good article about Meta’s very frustrating decision to pull encryption out of Instagram. https://t.co/ajH18YCDZK
Cryptographer Challenges RustSec Ban on Bug Reports
Cryptographer fights RustSec ban over bug reports • The Register ~ What’s your take? Critical or not? https://t.co/a7d2iTtF6J
Compliance Startup Fakes Certifications, Leaves Data Unprotected
Chefs kiss. Delve issues “vibe complaince” rubberstamp SOC and other certifications, while leaving their own door wide open w sensitive documents unsecured… for who knows how long. Security 101 A cautionary tale of a complaince startup faking everything, and almost making it...
Check Your ProtonMail Account Before It Gets Deleted
If you have a @ProtonMail account and haven’t logged in recently better check it. I luckily randomly saw a message. Not really cool to randomly cancel people’s email accounts.
LinkedIn Faces SOC2 Non‑compliance Shock Monday
LinkedIn gonna be crazy on Monday when they all find out they’re not SOC2 compliant
AI Agents Can Leak DNS: Bug or Intentional Abuse?
AI Agent DNS Leaks 🤖 Is this really a bug? Or is it functionality abuse? Because this is how the internet works. You decide. In any case be aware... https://t.co/Fmvxsh8210 https://t.co/uZo5hLB09k
Deep Secrets of Agent‑Based D&R Sell Out Fast
One of my #RSAC presentation is a sponsored session ... and yes, this is the one that sold out :-) Because it is about the deep secrets of how we use agents for D&R. We should probably make a...
ISMG CXO Advisory Reveals Top Cybersecurity Priorities
One advantage of working with ISMG's CXO advisory practice is exposure to thousands of cybersecurity leaders. You hear what is actually worrying them. Right now the themes are pretty consistent: AI governance Identity security Third party risk Board level accountability What's top of your list?
Spring Clean Your Digital Life for Better Security
Spring cleaning isn’t just for closets. It’s a good time to clean up your digital life too: update passwords, remove old accounts, review app permissions, and enable MFA. A little data hygiene now goes a long way in protecting your personal cybersecurity.
Quantum Networks Secure Expanding IoT Across Critical Sectors
Quantum networks are extending IoT architectures with qubits, QKD and entanglement-based links. As connected assets multiply in energy, healthcare and mobility, secure key exchange and synchronized nodes reduce risk and protect critical services at scale. Microblog @antgrasso https://t.co/BjZH6mjWA6
Key Security Docs Often Missing; Use Templates
Cybersecurity scales with process + templates 🔐 Key docs every org needs: 🛡️ InfoSec: incident logs, access matrix, data classification 🌐 Network: DDoS plan, VPN/NAC logs, patch schedule ☁️ Cloud: config baseline, IR log, backup testing, asset inventory 🧩 AppSec: secure coding checklist, SAST logs,...
AI Is Simplifying Cybercrime; the Threat Will Intensify
AI is already making online crimes easier. It could get much worse. | MIT Technology Review https://t.co/OOi3OhIPMa
NIST Releases DNS Guide; Infoblox Leads Protective DNS
The new NIST Secure Domain Name System (DNS) Deployment Guide is out. Kudos to @Infoblox for helping author this and for also providing imho the world's best protective DNS service. https://t.co/vprZTZ5sfH https://t.co/OxZ0qSLxWK
Bots to Outpace Humans Online by 2027
Online bot traffic will exceed human traffic by 2027, Cloudflare CEO says | TechCrunch https://t.co/WGWoAMpWVy
Delve's Compliance Certificates Exposed as Fraudulent and Worthless
Damning evidence suggesting that compliance certificates issued by Delve (a startup founded in 2023) are fraudlent + worthless I never understood how eg Cluely could be GDPR, SOC2, HIPAA compliant in ~a week. Now we know: they probably aren't. Just wild https://t.co/XoUjOBAUSD https://t.co/eaqLo0nAJS
Blockchain Boosts Data Security for Modern Enterprises
How to Use #Blockchain for Enhanced #Data Security by @antgrasso #CyberSecurity #Infosec #IT #Technology https://t.co/3ayIWGHho2
Backslash Bypass Exploits URL Normalization Across Multiple Routes
A backslash bypasses your redirect validation. The WHATWG URL spec normalizes \ to / during parsing. I found it in 13 routes across 7 apps. https://t.co/gLGqgI3pyn
US-Led Botnet Takedown Highlights IoT Risk, Boosts Cyber Stocks
US-led takedown hit four botnets on 3M+ IoT devices; US–Germany–Canada plus tech partners curbed DDoS. IoT weakness sustains cyber risk. Trade insight: overweight cybersecurity leaders.— Viktor Kopylov, PhD, CFA More insights: t.me/si14Kopylov
AI Agents Exposing Data: Need Robust Access Controls
After hearing about agents hacking McKinsey's chat bot & Meta having a "rogue" agent that gave people access to files they shouldn't have had access to. Wondering if systems like these will become a way to manage risks of agents...
AI‑built Apps Turn You Into Your Own Vendor
Moving from SaaS to AI-generated apps doesn't just change your tech stack—it shifts the risk. ⚠️ When you "build" with AI, you are the vendor. You own every bug, every breach, and every patch. Are you ready to be a software...
FBI Takes Down Iran-Linked Hacker Group’s Website
The FBI appears to have seized the website of an Iran-linked hacker group that claimed responsibility for the only known significant cyberattack on a U.S. company since war between the countries started in February. https://t.co/B8Efsx5dD0
Good AI Teams Must Outpace Bad Actors' AI
The only thing that can stop a bad guy with an AI is a good guy with an AI. Or many good guys with AI. We need to find ways to incentivize that, and build our detection, defense, and intervention capacities...
Add a Verification Selfie to Secure Your Instagram
Big IG fan? Then you definitely want to ensure that you can recover access to your Instagram account if it's hijacked. Now, before it's an issue, the smart move is to add an @Instagram Verification Selfie. Here's how... https://t.co/YVCNoanFY5 #instagram...
Google Details New Advanced Sideloading Flow for Android
Google reveals details about the advanced flow for sideloading apps on Android from unverified developers https://t.co/wv1k3Sujzz
Hackers Breach Firewall Provider, Exposing 672k Personal Records
Every day, in every way, it gets worse. Marquis says 672,075 people had their names, dates of birth, postal addresses, social security numbers, bank account and card details stolen after hackers got in to their firewall provider’s system. https://t.co/Wes13lLF1N https://t.co/vnLfmf8HsP
Google Launches Safer Android Sideloading to Block Scams
Google introduces a new way for users to sideload Android apps that still protects against scams https://t.co/1MWxIHQ54d
Identity Isn’t a Perimeter; Real Security Needs Depth
Identity is not the new perimeter. Catchy phrases are not going to make security any easier. Dig deep and learn how to do it right.
Personal AI Agents Pose Massive Data Leak Risk
If a personal agent works "on your behalf," it has your agency. That means it sees every file, email, and system you do. One bad extension is all it takes to leak the "crown jewels." Is the risk worth the reward?...
AI vs AI: New Threats Outpace Old Models
Two companies launched AI that autonomously fights other AI this week. Your threat model from last year doesn't cover this. The adversaries upgraded. Did your security posture?
Identity‑Based AI Authorization Beats Binary HITL Dilemma
btw emerging consensus is that identity-based authz for ai is the most important solution for security, esp if you want to break the binary decision between HITL-everything and —dangerously-skip-permissions keycard is the leading voice in this and now supports all koding...
Companies House Admits Breach, Apologizes, Pledges Stronger Security
Companies House @CompaniesHouse has finally admitted to the "hack" and apoligised, well done them #Data #cyberattack #cybersecurity "An apology -- We recognise that this incident may have caused concern, and we are sorry for that. Companies House takes its responsibility...
Sandfly Secures Heterogeneous Enterprise Linux Without Outbound Telemetry
So I'm not sure how to put this, but Sandfly is the real deal on protecting enterprise Linux. It absolutely cooks everything else in a heterogenous chaotic client base.
