Current Mass Data Access, Not Future AI, Threatens Privacy
"AI is trained on your data"... this is not the real risk. It's a red herring, manufactured as The Concern because who cares that much. The real risk to you is not that tomorrow's model is trained on your data. The real risk is that ten thousand employees, hackers, and governments can access all your most personal and proprietary conversations today and forever. Privacy must be the default or humanity is seriously fucked.
NightBeacon Assist Empowers SOC Analysts with AI Guidance
NightBeacon Assist rolled out today to our SOC analysts. Can ask specific questions or to do automation workflow to enrich data even more if needed. Allows analyst to ask the assistant questions about the ticket if they don't understand or...
AI Permission Fatigue Creates Hidden Security Risks for CIOs
Devs are getting numb to AI permission prompts the same way everyone ignores Terms of Service. Those "approve" clicks can open doors to security, data privacy, and compliance risks CIOs will own. #CIO #AI https://t.co/p18hdtdbZn
Spammers Exploit Azure to Enroll Users Without Consent
Microsoft really needs to get a grip on spammers using Azure. It’s far too easy for spammers to sign you up to Azure lists without consent and get into your inbox because the messages come from an Azure alias. This...
Descope's Agentic Identity Hub Secures AI Agent Access
Looking for bulletproof security for AI agent access? @DescopeINC just changed the game with their Agentic Identity Hub 🔥 → MCP server authentication backing OAuth 2.1, PKCE, DCR, and CIMD → A secure vault stocked with 50+ templates and short-lived tokens → Strictly scoped,...
Cursor AI Offers Reusable Security Templates, Sparks Trust Debate
A new release from @cursor_ai turns its internal security agents into reusable templates teams can deploy themselves. For developers, that could mean continuous security checks — but it raises questions about trusting AI to review code. 🔗Story here: https://t.co/yp2DZC9LrL https://t.co/ugKk1HaKki
Specialized DNS Proxy Needed for Detecting Beacon
I work up thinking about this and think I’m going to update my agent framework to use traffic inspection proxy that only allows specific domain names for DNS. There are other reasons you might want to do that which I’ve...
AI Drives Cybersecurity Consolidation Around Data‑Rich Platforms
AI is forcing a shift in cybersecurity - here’s who benefits 👇 AI accelerates attacks and expands the surface area. At the same time, it’s forcing consolidation around platforms with data, scale, and automation. Investing
Most Firms Ignore AI Tool Security, Risking Breaches
66% of orgs see AI’s impact on cyber, but only 37% check tool security before deployment. Personal agents like OpenClaw are brilliant productivity boosters—and a CISO’s worst nightmare. Don't be a statistic: https://t.co/KfaNBOyWmm #CIO #CISO #AI #Agentic #Cybersecurity #RSAC2026
Hire Experienced Tech Auditor for Healthcare Apps, HIPAA Compliance Critical
If you are vibe-coding apps for the healthcare sector I beg you - pay a deeply experienced technologist to audit it before anyone uses it. hipaa laws are no joke. I’ve personally been through the compliance audits, defending our encryption...
MDR Uncovers Horabot: Multi‑tool Banking Trojan Targeting Mexico
Here’s a report about a campaign targeting Mexico that our MDR team hunted down. It features Horabot – a bundle of a banking Trojan, email spreader, and complex attack-chain: https://t.co/9WytZpXEHB https://t.co/a5S98XvupC
Check for “Lzcdrtfxyqiplpd” To Spot GlassWorm Malware
Step Security advises developers who install Python packages directly from GitHub or run cloned repositories to check for signs of compromise by searching their codebase for the marker variable “lzcdrtfxyqiplpd,” an indicator of the GlassWorm malware. Also init.json, i.js
LLMs Can Unintentionally Expose API SQL Injection Vulnerabilities
Q: When is an SQLi bug just a sparkling API? A: When you ask an LLM to grab a bunch of data from a website, and it realizes that one is there. imho, this is one of those "don't hate the finder,...
Autonomous AI Demands Stronger Data, Cybersecurity Governance
The State of AI in the Enterprise - 2026 AI report @deloitte Autonomous systems “heighten needs for data and cybersecurity governance. Organizations need to define where humans should remain in control, how automated decisions are audited, and which records of system...
AI Platforms Launch with Security, Yet Trust Gaps Remain
Five vendors. Five governance layers. Zero of them closed the agent-to-agent trust gap. New @VentureBeat: the first major AI platform to ship security at launch — and where the holes still are. https://t.co/vZmQSxSEdD #AgenticAI #AIGovernance #CyberSecurity #NVIDIAGTC #CISO #AIAgents
OT‑IT Divide Shrinks as Threats Demand Collaboration
Great to be in Houston last week at CS4CA. One thing that stood out immediately: the OT and IT worlds are still very different cultures. But the gap is closing quickly because the threat landscape is forcing it. The conversations here are...
McClellanOsc’s X Account Hacked—Exercise Posting Caution
FYI - Just heard from @McClellanOsc . His X account has been hacked. Please be careful with what may be posted until he gets it back under control. Thanks.
Fortify with Trenches, Reduce Attack Surface
Digging more trenches to minimize attack surfaces. Tryna be a big weiner without any exposed flanks. https://t.co/cOC49oIcJN
Uncontrolled Personal AI Agents Threaten Enterprise Security
Shadow IT just got a major upgrade. Employees are deploying "Personal Agents" with zero oversight, handing over enterprise credentials to unverified 3rd-party plugins. Are you ready for the fallout? Full story here: https://t.co/KfaNBOyWmm #CIO #CISO #AI #Agentic #Cybersecurity #RSAC2026
First Internet Worm Redefined Cybersecurity Forever
In 1988, two men sit in a room. One of them is cryptographer Bob Morris, the father of Robert Morris, who had just released the first Internet worm. "A line had been crossed and the world we inhabited had changed." (@johnmccumber, Assessing&Managing...
Over 40k OpenClaw Servers Exposed, 12k at Risk
40,000+ openclaw servers just got exposed to the internet. hackers can easily steal api keys and personal data from over 12,000 of them. if you self-host, your machine might be wide open. i compared the security of every hosted provider to save...
AI Deepfakes Threaten Hiring: Detecting Candidate Fraud
Interviewing a Ghost: When AI, Deepfakes, and Fake Identities Enter the Hiring Process AI is transforming hiring—but it’s also enabling a new wave of candidate fraud. In this episode of The Jim Stroud Podcast, Jim speaks with Maryam Mahdaviani, founder...
ZK‑STARKs Survive Quantum Attacks; Most Crypto Won’t
Reminder: ZK-STARKs are post-quantum secure. But not all cryptography is quantum resistant. Here is a simplified explanation on how quantum computers, when they arrive, will be able to break certain types of cryptography: (note: I am not a quantum computing expert) In quantum...
Vienna Becomes Russian Hub Targeting NATO Communications
“It’s one of our main concerns about Russian activity here. We know they have been targeting Nato government and military communications with what they’ve got,” said one senior European diplomat based in Vienna. “Vienna has really taken on a lot...
Inside HIBP's Core Architecture: Weekly Update
Weekly update is up! Behind the scenes of some of Have I Been Pwned’s most important architectural components https://www.troyhunt.com/weekly-update-495/
Human Oversight Essential: AI Can’t Fully Guard Cybersecurity
Why We Can’t Let #AI Take the Wheel of Cyber Defense by Steve Durbin @SecurityWeek Learn more: https://t.co/m9sL8PCrDB #CyberSecurity #Infosec #IT #Technology https://t.co/6ilbLLMPGh
Businesses Unprepared for Upcoming AI-Powered Cyberattack Surge
Are Businesses Ready for the Next Wave of #AI-Powered Cyberattacks? by @rehackmagazine @UniteAi Learn more: https://t.co/K9XWhqCPWK #CyberSecurity #InfoSec #IT #Technology https://t.co/UNRR1REKGG
Your AI Agents Could Launch Internal DDoS Attacks
Think you have control over your data? Think again. Personal AI agents are acting on your behalf, using your credentials to access things you didn't even know you had access to. It’s a DDoS attack from the inside. Read why: https://t.co/KfaNBOyWmm #CIO...
Enable WhatsApp Two‑Step Verification: Simple Yet Essential
Whether you just joined @WhatsApp or have been using it for years, it's a smart idea to enable two-step verification. Here's how, step by step, and why it's not as good as 2-factor authentication, but better than nothing... https://t.co/KDT8J6yR9L #whatsapp...
AWS IP Dump Misclassifies Services, Hindering Precise Monitoring
Took a while but modified this script to display all the IP ranges that match in the AWS json IP file for each IP. That way I can monitor which regions and services my system is connecting to. The problem...
Fictional Threats Reveal GridEx’s Real-World Utility Defense
What can a fictional scenario teach us about real-world grid security? Explore how GridEx is shaping the future of utility protection. https://spectrum.ieee.org/power-grid-attack-gridex-drone?share_id=9258752
AI Hackers Nearing Proficiency; Defense Requires Collective AI
AI models are getting better at hacking. Surprisingly (to me) they're still not world class hackers. But on this pace they could be within a year or two. As I've said recently, the way to defend against this is at...
NightBeacon Slashes SOC Alert Fatigue, Boosts True Positives
New blog post I just wrote: How NightBeacon Cuts SOC Alert Fatigue Without Replacing Analysts Blown away at how fast it's learning, not only false positive reduction, but the quality of interpreting true positives, enriching data, going in and pulling additional...
Okta AI Agents Secure Enterprise Blueprint, GA April 30
Great joining @BrianSozzi at @YahooFinance to discuss the blueprint for the secure agentic enterprise and how Okta for AI Agents, which will be generally available April 30, helps organizations put that blueprint into practice. https://t.co/OKEqoWLxUW
Personal AI Agents: The Inbox Trojan Horse Threatening CIOs
The Trojan Horse in Your Inbox: Why Personal AI Agents are a CIO’s Newest Nightmare #CIO #AI #Agentic #PersonalAgents #Cybersecurity https://t.co/5poCN8b0U2
Chrome Image
The extension would load affiliate codes, essentially stealing commissions from the original link that was clicked -> Your favorite image-saving Chrome extension was scraping your data for cash "The save image extension reportedly injected its own affiliate links from 578 sites,...
Open SSH Port as Fallback when T
Why would Tailscale not work? I have Tailscale on my iPhone In case Tailscale would go down, I'd just go into Hetzner firewall and add 22 inbound open for my own IP
Tailscale Adds Extra Barrier, Requiring Two Rare Breaches
If your Tailscale is hacked The hacker now has direct access to your server But now he still needs to get into your SSH with an SSH key So to get in two extremely rare things have to happen: 1) Tailscale is hacked 2) There's...
Secure SSH with Tailscale, Not Public Internet Exposure
False Many examples of SSH access 0-days and hacks SSH should never be exposed to the entire internet SSH is like your front door, even if you are the only one with the key, your lock might have a production defect (very rare...
Reimagine Resilience: AI‑Driven Data Protection for Enterprises
The #AI Imperative: Resilience Reimagined-Protecting the Agentic Enterprise & #Data - today's organisations demand more than just incremental improvements to existing data protection strategies; it calls for a wholesale reimagining of resilience itself. https://t.co/TWAXIQbUE0
OneDrive’s Personal Vault Offers Biometric Secure Storage
Microsoft OneDrive cloud storage is a cornerstone of the modern Windows experience, but did you know it includes a biometric secure storage area? Welcome to your Personal Vault... https://t.co/cee7hX8yzl #onedrive #privacy #security https://t.co/dHxaRToKrS
Windows 11 Security Update Fails—Temporary Fixes Available
Stuck with a Security Update that's failing every time you try to install it on your Windows 11 PC? It's a widespread problem for PC owners. Here's what's going on and how to keep your PC safe in the meantime......
Bay Area Cyber Leaders: Secure Enterprise AI at Scale
Preparing for another round of cybersecurity roundtables next week. One of my favorite parts of the job is hearing how different organizations approach the same problem. Next stop is San Jose for Securing the Enterprise AI Factory at Scale. If you’re a...
Free 600+ Structured Cybersecurity Skills for AI Agents
A developer just built a GitHub repo that lets you learn 611+ cybersecurity skills for free. All structured and ready for AI agents. It's called Anthropic Cybersecurity Skills. A database of real, organized security skills that any AI agent can plug into and...
Typeless AI Guarantees HIPAA & GDPR Privacy by Design
Typeless is now officially HIPAA and GDPR compliant, and that is a bigger deal than it sounds. Most AI tools can't say that. HIPAA protects your health data in the US. GDPR protects everything in the EU. Passing both means your data...
Secure IoT: Segment, Encrypt, Monitor to Reduce Exposure
IoT devices extend the attack surface deep into operations, connecting sensors and industrial assets to critical data flows. Weak passwords & unpatched firmware create systemic exposure, so segmentation, encryption, and monitoring become structural controls Microblog @antgrasso https://t.co/YHrFUmPna8
2025 Mobile Threats Surge: 815k Malware Packages, 255 Banking Trojans
Mobile virology – 2025: over 815,000 malicious installation packages, including 255 mobile banking trojans. Other figures and details for the year: https://t.co/zuY7JdjtRJ https://t.co/CFqnA4s0QA
NightBeacon Slashes False Positives, Boosts Detection Confidence
Launched NightBeacon Friday morning. 48 hours later: - 80.83% false positive reduction. - 3x higher true positive confidence. - 98.23% smarter model based on live data. - Multi-platform log intelligence built overnight. - Zero manual tuning. https://t.co/lmtyDyskXe This is just the beginning. #BinaryDefense
Missing MCP Safeguards Turns Experiments Into Production Vulnerabilities
If your MCP server doesn't enforce data scopes, PII controls, and environment isolation, you're not "experimenting with agents" - you're opening side doors into production. #AI #DevOps #MCP https://t.co/7dcoLIKa0K
Prompt Claude Code for Full OWASP Security Sweep
What do you use to have Claude Code do a full security sweep of your codebase? My go-to is “Run a deep OWASP security sweep of the full app, all APIs and any internal services. Report in descending severity and suggest...
