Responsible AI Starts with Zero‑Trust, Encrypted Data Governance
You can't have responsible AI without responsible data. Classify AI data, extend zero trust, encrypt in use, and spell out non-negotiable governance policies from day one. #AISecurity #DataGovernance https://t.co/aiB5P99ido
Teams Outage Marks Historic Intelligence Breakthrough
The loss of access to Microsoft Teams is gonna go down in history as one of the most consequential intelligence actions of all time
Cutting Iran's Remote Work: Teams Access Blocked
The most important strategic strike on Iran was denying them access to seamless remote work with Microsoft Teams
HTTPS Login Alone Doesn't Protect Session Tokens
The other wild thing was only using HTTPS on the login screen, so you could just steal their session tokens instead over HTTP 😱
50+ Expert Forecasts on AI Governance and Security
RT Digital transformation is hitting a new phase. These 50+ expert predictions on agentic AI, governance, and security outline what leaders must prioritize now. #DigitalTransformation #AI #CISO @Star_CIO https://t.co/zhlbEwiusI
Enterprise MCP Adoption Surpasses Security Controls, Need Defense‑in‑depth
Shot: Enterprise MCP adoption is outpacing security controls https://t.co/B4FpJ7maqr Chaser: Securing AI Agents When Using Google Managed MCP Servers: A Defense-in-Depth Guide https://t.co/HBAXx8caUE
Cloud Providers Can’t Certify TEE Key Secrecy
I heard an interesting anecdote about TEEs from some fintech people. They were trying to convince regulators that TEEs aren’t just “computers under their control”, so they asked cloud providers to certify that they’d never hand over the keys. Providers...
Google's Android 17 Automates SIM PIN Unlocks
🔓 Android 17 wants to solve the biggest headache with using SIM PIN locks Google is building a new system for letting the phone automatically handle SIM PIN unlocks. ✅ Details - https://t.co/lGbIxYTndW
Under 1% of Flaws Exploited, yet Weaponization Accelerates Dramatically
"Less than 1% of software vulnerabilities were exploited in the wild over the past year, but those flaws are being weaponized faster and on a larger scale than ever before" https://t.co/MJeKsYSj9R https://t.co/pvetZNrUmq
Security Must Account for All Human Actors
The farmers and the mercenaries: Rethinking the 'human layer' in security | CSO Online https://t.co/W4BglrjoFn
XRPL Validators Stop Critical Batch Flaw After AI Alert
BIG: 🚨 XRPL validators blocked a critical Batch amendment flaw that could have enabled unauthorized transactions after AI-assisted researchers flagged the bug before mainnet activation
Verification Checks Claim, Recognition Finds Identity
🔍 Face Recognition vs Face Verification 🔑 Face Verification → Confirms if someone is who they claim to be (Yes ✅ / No ❌). 🧑🤝🧑 Face Recognition → Identifies who the person is by comparing against many faces 👥. #FaceRecognition #FaceVerification #AI...
One Email per Breach May Miss Second Dump
Updated breaches are a bit messy when it comes to sending domain notifications. We only send ONE email per breach to domain subscribers, so you may get an alert for dump 1 but not for dump 2. It's probably worth...
Grammarly’s DLL Injection Caused Recurring Computer Crashes
Fun fact I had a senior Director of a facility complain about computer crashing. I would reimage their machine and it would be fine and then it broke again. They kept installing Grammarly which was doing DLL injection into every process.
French Cybersecurity For Dummies Releases Third Edition
The third edition of the French version of Cybersecurity For Dummies is now available... #cybersecurity #french #cybersécurité #josephsteinberg #dummies
Prompt Injection Attacks Are Already Surfacing in the Wild
"Prompt injection attacks in the wild" https://t.co/wXEOcvcpdX <- if you have coffee in your hand, set it down now. Snort attack likely :-)
Protect Your Identity: Fraud Prevention in AI Era
Insights On Preventing Fraud and Identity Theft in The AI Era by @ChuckDBrooks https://t.co/Z1DoLfU6rP #CyberSecurity #identitytheft
Combat AI Attacks with Automated Zero‑Trust Security
CIOs and CISOs face AI-driven attacks that outpace traditional defenses. The answer: automated AI security, zero-trust frameworks, centralized identity, and regular training. Fighting fire with fire is how we protect organizations. https://t.co/HSIY5JYyPE
Speed Up Pen‑Test Remediation with PlexTrac’s Automated Workflow
(Sponsor) If pentest reporting takes weeks, remediation stalls. ⏱️ PlexTrac replaces spreadsheet tracking with a findings-to-fix workflow and exec-ready reporting. See Demo: https://t.co/NuE4kH3FXK https://t.co/DbP8Xmotdx
Google Disables Wallet on Pixel 4 over Severe Security Flaws
Google allegedly found "severe security issues" with Pixel 4 series, blocking Google Wallet use ✅ Details - https://t.co/lnyNOXovE7 https://t.co/gJTaZoudLA
Deepfake Fraud Costs UK £9.4B, US Must Act
The UK’s £9.4B loss to deepfake-enabled fraud is not a headline, it’s a warning. AI-powered scams are scaling faster than legacy identity and compliance systems can adapt. If the US doesn’t harden digital onboarding, verification, and cross-sector fraud defenses now, the bill...
Persona Confirms No Data Breach, Nothing to Leak
Been reading the @Persona_IDV incident write up as a bunch of people have asked “will the data be going into @haveibeenpwned?” Easy answer: no, because there’s no data: https://t.co/4oxtwYBxj2
Privacy Must Be Built Into AI Data Workflows
RT High-level policies aren't enough. It's time for audits, training, DSPM, and privacy-by-design in AI workflows. If privacy isn't built into how data moves, you're hoping - not leading. #DataGovernance #AI #CIO @Star_CIO https://t.co/Naq82FuMWZ
Basic Security Issues Outpace Complex Threats, Says CXO Advisor
One of the big advantage we have here at CXO Advisor is threat intel. We talk to security leaders across industries every week and the same concerns surface independently. Interestingly, it's not the complex theoretical threats, it's the basics: AI...
Canadian Tire Breach Leaks 38M Emails, Personal Data
I've had a few queries on this one (which isn't unusual for a large incident), mostly to the effect of "but I've never bought tyres in Canada". So, firstly, this isn't a tyre retailer, there are a heap of other...
Samsung's Keep Secures Data for Galaxy AI
I love this directness: “in order to be useful Galaxy AI needs data” which is why @SamsungMobile created “keep” to make sure the user’s info is kept safe https://t.co/EK7ZvUFZTr
Threat Actors Downgrade vSmart Controller to Exploit Root Access
"Using the built-in update mechanism the actor downgraded a vSmart controller to a version with...known local privilege escalation vulnerabilities.... Achieving...persistence as the user ‘root’, the actor [then] restored..controller to [previous] version" https://t.co/PcdPHtzgCR
AI-Driven Attacks Exploit Simple FortiGate Misconfigurations Globally
New threat intel shows a financially motivated threat actor using commercial generative AI tools to compromise more than 600 FortiGate devices across 55+ countries by exploiting exposed management ports and weak credentials, not zero-day vulnerabilities. AI is amplifying basic security...
Beyond Launch: Platform Compliance Drives $100M Advantage
Most founders optimize for the first milestone: launch fast, check the box, move on. @DrataHQ optimized for what comes after. “When you need more than SOC 2 - which happens when you’re successful - we’re right there with you.” Feature vs. platform thinking....
Cyberattacks Eclipse Inflation, Recession as SMBs' Top 2026 Threat
Cyberattacks Overtake Inflation and Recession Concerns as the #1 Threat to SMBs in 2026, New VikingCloud Research Finds https://t.co/O8FsxVZLOe
Russian Spy Nomma Zarubina Sent to U.S. Prison
Nomma Zarubina, who once drunk-texted an FBI agent saying "Catch me baby. So many spies," is heading to U.S. prison for spying for Russian intelligence. https://t.co/UnZ15LNWq6
AI Threats Are Scaring Security Professionals—Act Now
This interview freaked me out. The security "AI"pocalypse is here. The founders of https://t.co/yNcyjm5j7B, Arbaaz Mahmood and Matt Busigin, talk me through why security professionals are freaked out by AI and trying to prepare the world's businesses as fast as they...
Cyber Resilience Means Business Continuity Amid Failures
Cyber resilience goes beyond stopping attacks. It’s keeping the organization running when systems fail, and data is uncertain. Prevention helps, but resilience ensures the business keeps moving. https://t.co/iRvh9PxW7z
Wynn Resorts Hit by Cyberattack, $1.5M Ransom Demanded
Wynn Resorts reportedly cyberattacked and asked to pay $1.5M ransom | Casinos & Gaming | Business https://t.co/x191MhE93X
AI Agents Now in 80% of Fortune 500; Governance Crucial
80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier @Microsoft has released its latest Cyber Pulse report, offering practical insights into emerging cybersecurity risks as AI agents become embedded in everyday business operations. https://t.co/nYODu6iNVB...
Beware: Fake Apple Newsroom Headlines Manipulating Markets
You’re going to see a lot of fake Apple Newsroom headlines here that look like this (below), and it may even influence folks/markets until they realize they are all fake tomorrow. Don’t fall for these. It’s a simple manipulation of...
Ex‑Trenchant Exec Gets 7‑year Sentence
Peter Williams, the former Trenchant exec who stole zero-day exploits from his employer and sold them to a Russian exploit buyer, was sentenced today to 7 years and 3 months in a hearing that was partially closed to the public...
AI Integration Threatens SaaS Moats, Wipes Out Security Stocks
A security feature launch tweet by Claude wiped out $15B in cybersecurity stocks. AI is eating SaaS. Here’s what this means for the future of SaaS: Cybersecurity names like CrowdStrike, Palo Alto Networks, and Zscaler fell after Anthropic showed Claude...
AI Drafts SOC2 Auth Service, Leaves 35 Issues
Asked Opus 4.6 to design an SOC2‑compliant auth service from zero. It came back with 35 issues. Pilot’s job now is to deliver them. Estimated cost: ~$4. Estimated time: ~1 hour + ~10 minutes of cleanup. --- Devs only have jobs until I get better...
Boards Demand Business Impact Over Technical Threat Metrics
📈 The Board is over "Red, Yellow, Green" charts. They want financial risk quantification. Moving from technical metrics to business risk is the #1 theme for CIOs at RSA this year. Stop reporting on "threats" and start reporting on "impact."...
US Government Fails to Push Firms Toward Supply‑Chain Security
Great story in the New York Times highlighting the difficulties that the US government has faced in getting the world's most profitable companies to take supply chain security seriously, and reduce their exposure to a crisis in the Taiwan straights 1/...
AI Accelerates Threat Groups' Attack Speed
Threat groups move at record speeds, as AI helps scale attacks | Cybersecurity Dive https://t.co/frfbUAXzlI
Proof, Not Promises, Drives Trust in Security
So @markowitzadam was selling a product built on proving things with evidence. But when a university asked him to prove his security posture, he couldn’t. That contradiction became the seed for @DrataHQ ($100M+ ARR). Trust isn’t what you say. It’s what you prove....
EF Calls for Deeper, Purpose‑Driven Innovation in DeFi
Defi is a central part of the value that Ethereum provides. Financial empowerment is a central part of what it means to have agency and freedom in our current world. Finance is far from the only thing that Ethereum is...
NYC Cyber Leaders: Private Dinner on Dataverse Protection
If you’re a cybersecurity leader in NYC, join me this Thursday for a roundtable dinner focusing on New Strategies to Protect Your Expanding Dataverse. Private dinner, peer conversation, no vendor pitch. These are the discussions where the real issues come...
Secure AI‑Driven DevOps via Signal‑Powered SideChannel
Introducing a new tool called "SideChannel". A secure alternative to OpenClaw. Utilizes signal for communication and has Claude integration. I built SideChannel, an open-source Signal bot that connects Claude AI to your entire development workflow. End-to-end encrypted. From your pocket. The real...
FT Blamed AI; It Was User Misconfiguration Error
We want to address the inaccuracies in the Financial Times' reporting yesterday. The brief service interruption they reported on was the result of user error—specifically misconfigured access controls—not AI as the story claims. https://t.co/0ApCIDNsJT
Cyber Supply Chain Security Is Essential for National Resilience
Cyber supply chain security is no longer optional—it’s essential for resilience, innovation, and national security. Read the full piece: The Cybersecurity Challenges of the Supply Chain by @ChuckDBrooks https://t.co/THnR3VKAJx #cybersecurity #technology #supplychain
Secure‑by‑Design Strategies Against Weaponized AI Attacks
Do you have a forward-thinking security strategy to combat weaponized AI? I’m hosting @mikeriemer830, Field CISO at @GoIvanti for a live webinar tomorrow February 24. We’ll cover: ✅ Real-world AI-driven attack patterns ✅ Why kernel-level security matters more than ever ✅ Practical steps to...
Openclaw's Clever Design Masks Potential Negligence and Hidden ToS Breaches
Yikes. If this is true, then it’s both pretty ingenious and supremely negligent. I wonder what percentage of users have done a code audit of Openclaw. And what other fun ToS-voiding surprises lurk in there.