Build Real Cloud Skills, Not Just Certificates
Want to become a cloud engineer? Stop running behind badges. Start building skills that actually matter. 1️⃣ Understand cloud cost and budgeting. 2️⃣ Learn security and IAM properly. 3️⃣ Get comfortable with automation and Infrastructure as Code. 4️⃣ And most importantly, build real problem-solving ability instead of only following tutorials. Because in the real world, companies don’t pay you for certificates. They pay you for preventing disasters, managing scale, and keeping systems stable.
AI Security Teams Must Track Assets, Origins, Behavior
.@Cisco: Securing Autonomous Supply Chains https://t.co/kMD9aMu5KT @SupplyChainD "AI security teams are now being asked three questions at once: what AI assets do we have, where did they come from, and how will they behave in production as agents interact with...”...
Left Ignoring Data Privacy as AI Surveillance Bills Loom
Yes but effectively NO ONE on the left is talking about data privacy & the House is abt to go into markup on a package of 19 “child safety” bills that would enact unprecedented levels of mass AI surveillance/fully remove...
State-Level Attackers Demand Radically Different Security Assumptions
Fun fact: Computer security has a famous 2014 paper on how dramatically different assumptions and practices must be when dealing with the most motivated attacker in the world, who is after -YOU-. This is, -literally-, known "Mossad vs not-Mossad." Note the phone...
Cloudflare Confidently Ready to Counter Iran Threats
Whatever may come next from Iran, @Cloudflare is well aware of their techniques, not worried, and fully prepared to defend our customers.
Essential AI Coding Security Tips From @Elvissun
This guy has lots of great security tips if you're coding with AI, great follow @elvissun
AI Prompt Breaches Reveal Personal Data Tied to Identities
Data breaches containing AI prompts from users create a whole new set of privacy problems. Prompts are frequently very personal in nature and, from a privacy perspective, not something users expect to see tied back to their IRL identities.
Fraud Scams Evolve Beyond Classic CEO Email
My accounting team is receiving scary good fraud attempts… It is no longer the yahoo email from the CEO saying “Send $10M to this bank asap. We just acquired a company. Many thanks” Stay safe out there
AFL++ Integration Makes Libghostty Fuzzing Fast and Fun
I'll write more about this later, but I've spent the past few days hooking up libghostty with AFL++ and fuzzing various parts of it and agents make the full path of fuzz => verify with test case => minimize =>...
Cybercrime Outpaces Spend; Prioritize Architecture, Identity, Resilience
Cybercrime growth is outpacing cybersecurity spend. We are not going to tool our way out of this. Architecture, identity discipline, and operational resilience matter more than another dashboard.
Responsible AI Starts with Zero‑Trust, Encrypted Data Governance
You can't have responsible AI without responsible data. Classify AI data, extend zero trust, encrypt in use, and spell out non-negotiable governance policies from day one. #AISecurity #DataGovernance https://t.co/aiB5P99ido
Teams Outage Marks Historic Intelligence Breakthrough
The loss of access to Microsoft Teams is gonna go down in history as one of the most consequential intelligence actions of all time
Cutting Iran's Remote Work: Teams Access Blocked
The most important strategic strike on Iran was denying them access to seamless remote work with Microsoft Teams
HTTPS Login Alone Doesn't Protect Session Tokens
The other wild thing was only using HTTPS on the login screen, so you could just steal their session tokens instead over HTTP 😱
50+ Expert Forecasts on AI Governance and Security
RT Digital transformation is hitting a new phase. These 50+ expert predictions on agentic AI, governance, and security outline what leaders must prioritize now. #DigitalTransformation #AI #CISO @Star_CIO https://t.co/zhlbEwiusI
Enterprise MCP Adoption Surpasses Security Controls, Need Defense‑in‑depth
Shot: Enterprise MCP adoption is outpacing security controls https://t.co/B4FpJ7maqr Chaser: Securing AI Agents When Using Google Managed MCP Servers: A Defense-in-Depth Guide https://t.co/HBAXx8caUE
Cloud Providers Can’t Certify TEE Key Secrecy
I heard an interesting anecdote about TEEs from some fintech people. They were trying to convince regulators that TEEs aren’t just “computers under their control”, so they asked cloud providers to certify that they’d never hand over the keys. Providers...
Google's Android 17 Automates SIM PIN Unlocks
🔓 Android 17 wants to solve the biggest headache with using SIM PIN locks Google is building a new system for letting the phone automatically handle SIM PIN unlocks. ✅ Details - https://t.co/lGbIxYTndW
Under 1% of Flaws Exploited, yet Weaponization Accelerates Dramatically
"Less than 1% of software vulnerabilities were exploited in the wild over the past year, but those flaws are being weaponized faster and on a larger scale than ever before" https://t.co/MJeKsYSj9R https://t.co/pvetZNrUmq
Security Must Account for All Human Actors
The farmers and the mercenaries: Rethinking the 'human layer' in security | CSO Online https://t.co/W4BglrjoFn
XRPL Validators Stop Critical Batch Flaw After AI Alert
BIG: 🚨 XRPL validators blocked a critical Batch amendment flaw that could have enabled unauthorized transactions after AI-assisted researchers flagged the bug before mainnet activation
Verification Checks Claim, Recognition Finds Identity
🔍 Face Recognition vs Face Verification 🔑 Face Verification → Confirms if someone is who they claim to be (Yes ✅ / No ❌). 🧑🤝🧑 Face Recognition → Identifies who the person is by comparing against many faces 👥. #FaceRecognition #FaceVerification #AI...
One Email per Breach May Miss Second Dump
Updated breaches are a bit messy when it comes to sending domain notifications. We only send ONE email per breach to domain subscribers, so you may get an alert for dump 1 but not for dump 2. It's probably worth...
Grammarly’s DLL Injection Caused Recurring Computer Crashes
Fun fact I had a senior Director of a facility complain about computer crashing. I would reimage their machine and it would be fine and then it broke again. They kept installing Grammarly which was doing DLL injection into every process.
French Cybersecurity For Dummies Releases Third Edition
The third edition of the French version of Cybersecurity For Dummies is now available... #cybersecurity #french #cybersécurité #josephsteinberg #dummies
Prompt Injection Attacks Are Already Surfacing in the Wild
"Prompt injection attacks in the wild" https://t.co/wXEOcvcpdX <- if you have coffee in your hand, set it down now. Snort attack likely :-)
Protect Your Identity: Fraud Prevention in AI Era
Insights On Preventing Fraud and Identity Theft in The AI Era by @ChuckDBrooks https://t.co/Z1DoLfU6rP #CyberSecurity #identitytheft
Combat AI Attacks with Automated Zero‑Trust Security
CIOs and CISOs face AI-driven attacks that outpace traditional defenses. The answer: automated AI security, zero-trust frameworks, centralized identity, and regular training. Fighting fire with fire is how we protect organizations. https://t.co/HSIY5JYyPE
Speed Up Pen‑Test Remediation with PlexTrac’s Automated Workflow
(Sponsor) If pentest reporting takes weeks, remediation stalls. ⏱️ PlexTrac replaces spreadsheet tracking with a findings-to-fix workflow and exec-ready reporting. See Demo: https://t.co/NuE4kH3FXK https://t.co/DbP8Xmotdx
Google Disables Wallet on Pixel 4 over Severe Security Flaws
Google allegedly found "severe security issues" with Pixel 4 series, blocking Google Wallet use ✅ Details - https://t.co/lnyNOXovE7 https://t.co/gJTaZoudLA
Deepfake Fraud Costs UK £9.4B, US Must Act
The UK’s £9.4B loss to deepfake-enabled fraud is not a headline, it’s a warning. AI-powered scams are scaling faster than legacy identity and compliance systems can adapt. If the US doesn’t harden digital onboarding, verification, and cross-sector fraud defenses now, the bill...
Persona Confirms No Data Breach, Nothing to Leak
Been reading the @Persona_IDV incident write up as a bunch of people have asked “will the data be going into @haveibeenpwned?” Easy answer: no, because there’s no data: https://t.co/4oxtwYBxj2
Privacy Must Be Built Into AI Data Workflows
RT High-level policies aren't enough. It's time for audits, training, DSPM, and privacy-by-design in AI workflows. If privacy isn't built into how data moves, you're hoping - not leading. #DataGovernance #AI #CIO @Star_CIO https://t.co/Naq82FuMWZ
Basic Security Issues Outpace Complex Threats, Says CXO Advisor
One of the big advantage we have here at CXO Advisor is threat intel. We talk to security leaders across industries every week and the same concerns surface independently. Interestingly, it's not the complex theoretical threats, it's the basics: AI...
Canadian Tire Breach Leaks 38M Emails, Personal Data
I've had a few queries on this one (which isn't unusual for a large incident), mostly to the effect of "but I've never bought tyres in Canada". So, firstly, this isn't a tyre retailer, there are a heap of other...
Samsung's Keep Secures Data for Galaxy AI
I love this directness: “in order to be useful Galaxy AI needs data” which is why @SamsungMobile created “keep” to make sure the user’s info is kept safe https://t.co/EK7ZvUFZTr
Threat Actors Downgrade vSmart Controller to Exploit Root Access
"Using the built-in update mechanism the actor downgraded a vSmart controller to a version with...known local privilege escalation vulnerabilities.... Achieving...persistence as the user ‘root’, the actor [then] restored..controller to [previous] version" https://t.co/PcdPHtzgCR
AI-Driven Attacks Exploit Simple FortiGate Misconfigurations Globally
New threat intel shows a financially motivated threat actor using commercial generative AI tools to compromise more than 600 FortiGate devices across 55+ countries by exploiting exposed management ports and weak credentials, not zero-day vulnerabilities. AI is amplifying basic security...
Beyond Launch: Platform Compliance Drives $100M Advantage
Most founders optimize for the first milestone: launch fast, check the box, move on. @DrataHQ optimized for what comes after. “When you need more than SOC 2 - which happens when you’re successful - we’re right there with you.” Feature vs. platform thinking....
Cyberattacks Eclipse Inflation, Recession as SMBs' Top 2026 Threat
Cyberattacks Overtake Inflation and Recession Concerns as the #1 Threat to SMBs in 2026, New VikingCloud Research Finds https://t.co/O8FsxVZLOe
Russian Spy Nomma Zarubina Sent to U.S. Prison
Nomma Zarubina, who once drunk-texted an FBI agent saying "Catch me baby. So many spies," is heading to U.S. prison for spying for Russian intelligence. https://t.co/UnZ15LNWq6
AI Threats Are Scaring Security Professionals—Act Now
This interview freaked me out. The security "AI"pocalypse is here. The founders of https://t.co/yNcyjm5j7B, Arbaaz Mahmood and Matt Busigin, talk me through why security professionals are freaked out by AI and trying to prepare the world's businesses as fast as they...
Cyber Resilience Means Business Continuity Amid Failures
Cyber resilience goes beyond stopping attacks. It’s keeping the organization running when systems fail, and data is uncertain. Prevention helps, but resilience ensures the business keeps moving. https://t.co/iRvh9PxW7z
Wynn Resorts Hit by Cyberattack, $1.5M Ransom Demanded
Wynn Resorts reportedly cyberattacked and asked to pay $1.5M ransom | Casinos & Gaming | Business https://t.co/x191MhE93X
AI Agents Now in 80% of Fortune 500; Governance Crucial
80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier @Microsoft has released its latest Cyber Pulse report, offering practical insights into emerging cybersecurity risks as AI agents become embedded in everyday business operations. https://t.co/nYODu6iNVB...
Beware: Fake Apple Newsroom Headlines Manipulating Markets
You’re going to see a lot of fake Apple Newsroom headlines here that look like this (below), and it may even influence folks/markets until they realize they are all fake tomorrow. Don’t fall for these. It’s a simple manipulation of...
Ex‑Trenchant Exec Gets 7‑year Sentence
Peter Williams, the former Trenchant exec who stole zero-day exploits from his employer and sold them to a Russian exploit buyer, was sentenced today to 7 years and 3 months in a hearing that was partially closed to the public...
AI Integration Threatens SaaS Moats, Wipes Out Security Stocks
A security feature launch tweet by Claude wiped out $15B in cybersecurity stocks. AI is eating SaaS. Here’s what this means for the future of SaaS: Cybersecurity names like CrowdStrike, Palo Alto Networks, and Zscaler fell after Anthropic showed Claude...
AI Drafts SOC2 Auth Service, Leaves 35 Issues
Asked Opus 4.6 to design an SOC2‑compliant auth service from zero. It came back with 35 issues. Pilot’s job now is to deliver them. Estimated cost: ~$4. Estimated time: ~1 hour + ~10 minutes of cleanup. --- Devs only have jobs until I get better...
Boards Demand Business Impact Over Technical Threat Metrics
📈 The Board is over "Red, Yellow, Green" charts. They want financial risk quantification. Moving from technical metrics to business risk is the #1 theme for CIOs at RSA this year. Stop reporting on "threats" and start reporting on "impact."...
