All Breaches Affect Limited Files; “Limited” Is Meaningless
Apparently, the hackers stole “a limited number of files”. Humour me here, but when does a breach ever *not* affect a limited number of files? I mean, when was the last breach you can remember that impacted an *unlimited* number of files?!
Continuous Security Audit Across 62,000+ Open Skills
We partnered with @socketsecurity, @snyksec, and @gendigitalinc to continuously audit https://t.co/NfXI7skfWe for security vulnerabilities. There are now 62,000+ skills in the open ecosystem https://t.co/rtwkKCBeBz
Boards Pivot to Recovery as Breach Assumption Grows
As more companies “assume breach,” I am seeing a shift from prevention to recovery. Boards are starting to ask different questions.
Deep Dive Into Weaponized Malicious SVG Files
Good read and research on malicious SVG file analysis and how it's weaponized by Adam Paulina @Binary_Defense https://t.co/65gf6f2XNn #BinaryDefense
Zero‑day Chrome Exploit, Chinese Telco Breach, AI‑crafted Malware
DHOM SitRep #002 just dropped. Chrome's first zero-day of 2026 is being exploited NOW. Chinese hackers owned ALL 4 Singapore telcos. And AI just built its first malware framework. Your weekly cybersecurity briefing — subscribe to Don't Hack On Me. https://t.co/eOI2j9M68A
SMEs Must Expect Cyber Attacks, NCSC Warns
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks: NCSC Boss War - Infosecurity Magazine https://t.co/DjHx7581nV
U.S. Unready for Potential GPS Attack, Warns Former NSA Chief
"America is dangerously unprepared for a GPS attack," Adm. Michael Rogers, U.S. Navy (ret.), former commander of the U.S. Cyber Command and director of the National Security Agency. https://t.co/hYWXOZoxEZ
Start Crypto Agility Now Before Quantum Day Arrives
⏳ Data stolen today will be cracked tomorrow. Post-Quantum Cryptography (PQC) isn't a "next year" problem—it’s a multi-year migration that starts now. I’m looking for "Crypto Agility" on the floor at #RSAC2026. Are you ready for the Q-Day countdown? https://t.co/6PIC4o7OmO #QuantumSecurity...
AI Agents Drive Traffic Surge, Prompt New Security Controls
As AI Agents Take on Tasks in the Real World, New Risks Emerge By 2026, human website visits drop 20% while machine-initiated traffic surges 40%. Zero-click economy emerging where personal AI negotiates on your behalf. Banks must authenticate agents, not just...
AI Finds FFmpeg Overflow; Patience Beats Complexity
My son showed me one of the overflow vulnerabilities found in FFmpeg by Google/Deepmind’s security AI agents. I was thinking about how hard these things are to find, and at least this one didn’t seem deep — just required enormous...
Tailor Your Privacy with ZK—We’re the Experts
Reminder about Privacy: Privacy can mean a lot of things. Think about how you achieve privacy for different things in your daily life: An envelope gives you privacy for your mail. A window curtain provides privacy to your home. A lock screen maintains the...
DIY BLE Test Achieves 800‑Foot Range with Omni Antenna
My hack job of testing distance and range of BLE devices. Light enough to get lift with the drone still with an amplifier, high gain antenna, gps - and a mini computer. It’s all I had sitting around the shelves...
Modern Bluetooth Pacemakers Continuously Broadcast When Disconnected
Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement...
Government Claim to Crack RSA 2048 Raises Skepticism
If someone tells me on The Post-Quantum World that the government cracked RSA 2048, I will certainly have a followup question.
Math's Impartial Power Powers ZK‑STARK Integrity
Math is the ultimate equalizer. It doesn’t bend based on who uses it. It doesn’t care who you are or how loud you shout. ZK-STARKs use math to verify integrity. They work the same whether operated by Darth Vader or Luke Skywalker.
Iran Deploys Phone Tracking, Threatens Starlink Users
Iran Turns to Digital Surveillance Tools to Track Down Protesters @nytimes https://t.co/7JUt5gcTW3 Iran's government most likely tracked the protesters through location data emitting from their phones, researchers later concluded. The move was part of a new phase by the authorities to...
Government KYC Push Threatens App Privacy, Users May Flee
Government push for AML/KYC on apps is alarming. Requiring biometrics and IDs for every request erodes privacy. While ZK solutions could help, mass data harvesting is a real concern. If KYC hits platforms like Discord, we will simply migrate. #Privacy...
Privacy Is a Year‑round Leadership Responsibility, Not a Weekly Event
RT Data Privacy Week is over. Lawsuits, breaches, and AI experiments don't pause the other 51 weeks of the year. Privacy is now a leadership accountability issue, not a back office task. #CIO #CMO #CISO #DataPrivacy @Star_CIO https://t.co/Naq82FuMWZ
QLDPC Cuts RSA‑2048 Attack to 100k Qubits
QLDPC for the win (and also a little bit scary) work by @IcebergQuantum reducing physical qubits to break RSA-2048 to only 100,000 which we probably aren’t that far away from. we aren’t ready for this. https://t.co/DUJQCeG72E
15 Minutes, Terminal Power Reveal OS X Implant
Decided to try Claude by revisiting a malware analysis project that I originally presented at @objective_see in 2021: the CIA's OS X implant called Green Lambert. It's amazing what you can do with a terminal and ~15 min of free...
Quantum Computing Threatens Private Encrypted Data, Experts Warn
I asked what else quantum could break @ChrisPeikert pointed out that we are overlooking the potential impact on our private encrypted data 👇 https://t.co/bFsCVAR5YD
AI Threatens Cryptography, Potentially Faster Than Quantum
So apparently quantum isn't even the only thing we should be worried about?? 😅 AI could break cryptography too?? and possibly even faster than quantum @drakefjustin 👇 https://t.co/eeeNgYWKwx
China's Expedition Cloud Trains Hackers on Replica Critical Networks
Leaked files detail a training platform called "Expedition Cloud" that is designed to allow China's hackers to practice hacking critical infrastructure of China’s opponents in South China Sea and Indochina region using replicas of those networks https://t.co/jbJhbj9JRi
Boards Must Prioritize Cyber‑Risk Oversight, Says Expert
My comments on the role of corporate boards in overseeing the management of cyber-risk. In today's New York Post. Link on my website... Type JS.TC into any web browser.
Top 50+ AI Governance Predictions Leaders Must Prioritize
Digital transformation is hitting a new phase. These 50+ expert predictions on agentic AI, governance, and security outline what leaders must prioritize now. #DigitalTransformation #AI #CISO https://t.co/zhlbEwiusI
Cross‑platform Tool Scans Bluetooth, Resolves Private Addresses
Just released a new tool that scans for Bluetooth devices including Bluetooth Low Energy (BLE) devices. It will scan for all, filtered by MAC, or if you have the Identity Resolving Keys (IRK), can be used to determine the Resolvable...
Key Cybersecurity Essentials for Customer-Facing Platforms
Securing The Front Line: #Cybersecurity Essentials For Customer-Facing Platforms - B2B Marketing Blog | Webbiquity - https://t.co/zi7jypeOqC
9 Unvarnished Cybersecurity Truths CIOs Must Confront
Beyond the Hype: 9 Cybersecurity Realities CIOs Must Face at RSAC 2026 #CIO #Cybersecurity #RSAC #RSAC2026 #AI https://t.co/l36K8t0RcX
Email: From Simple File Sharing to Chaos
Email probably started off as a guy just trying to send himself a file, and then it got completely out of control
Fake AI Chrome Extensions Steal Credentials From 300K Users
🚨 Fake AI Chrome extensions with 300K users steal credentials, emails | Cybersecurity Here are the Extensions: 1️⃣ AI Sidebar (gghdfkafnhfpaooiolhncejnlgglhkhe) – 70,000 users 2️⃣ AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp) – 60,000 users 3️⃣ ChatGPT Translate (acaeafediijmccnjlokgcdiojiljfpbe) – 30,000 users 4️⃣ AI GPT (kblengdlefjpjkekanpoidgoghdngdgl) – 20,000...
Bluetooth Pacemakers Could Be Tracked via War‑Driving
For the Nancy Guthrie case, an idea and maybe a crazy one but she had a pacemaker which often implantable devices use bluetooth such as Medtronic's. Couldn't you war-drive (drones even better) with a high gain antenna with amplifiers -...
Identity Protection Is Key to Combating Fraud
Why Identity Protection and Cybersecurity Are Central to Fighting Fraud by @ChuckDBrooks https://t.co/hftYQY0W6B #cybersecurity #fraud
Hash‑based Crypto: Blockchain’s Timeless Security Foundation
“One of the goals of blockchains is that they’re going to be securing hundreds of trillions of dollars over centuries. hash based cryptography is believed to stand the test of time and is the most minimal assumption that you could...
Ethereum Targets Post‑quantum Cryptography Upgrade by 2029
“The plan right now is to upgrade every single piece of Ethereum cryptography to be post quantum secure by 2029.” — Justin Drake (@drakefjustin), Researcher at the Ethereum Foundation https://t.co/bbNeyUmOCj
Unified Standards Prevent Cryptographic Disasters and Incompatibility
“It’s very good if the industry can all agree on one standard so that things are interoperable, you get many fewer cryptographic disasters or unexpected incompatibilities or security issues.” — @ChrisPeikert, Professor, CSE, University of Michigan https://t.co/bbNeyUmOCj
Ethereum’s Three Core Cryptos Found Vulnerable
“For Ethereum specifically, there’s three pieces of cryptography that are vulnerable: ECDSA, BLS signatures, and KCG.” — Justin Drake (@drakefjustin), Researcher at the Ethereum Foundation https://t.co/bbNeyUmOCj
Native Account Abstraction Enables Safe Blockchain Agents
A question about AI and blockchain: What makes a blockchain Agent friendly? One possible answer I heard from @AbdelStark: Safety through Native Account Abstraction Suppose you give your agent some money to transact on your behalf. The agent could go rogue,...
AI Is Already Simplifying Online Scams, Experts Warn
AI is already making online swindles easier. It could get much worse. Some cybersecurity researchers say it’s too early to worry about AI-orchestrated cyberattacks. Others say it could already be happening. #fintech #tech #finserv #AI @BetaMoroney @efipm @BrettKing @spirosmargaris @jasuja @enricomolinari @mikeflache https://t.co/xbcVW86X8z
Ex‑Trenchant Exec Sold Internal Hacks to Russian Broker
Former exec at exploit development firm Trenchant, owned by L3Harris, admitted to selling internal hacking tools to a Russian broker. Did the company notify the vendors whose products were exploited so that they could be patched? https://t.co/4wKJgZoIkl
1994 Lillehammer Winter Olympics Suffer First Major Cyber Attack
On this day in 1994, the winter Olympics in Lillehammer were hit with a cyber attack. https://t.co/AZfPpQUjAr https://t.co/xox3MFDt75
Recruiters Overlook Security While Demanding Identity Verification
I just saw a Recruiter say "people share their data with every app out there, I don't understand why adding extra security layers to the ATS asking people to verify their identity is a problem."
Vercel Sandbox Adds Simple Network Isolation Support
Vercel Sandbox isolation levels: ✅ Compute & memory resource isolation ✅ Filesystem and durability isolation 🆕 Network isolation Wild how easy this is: --𝚊𝚕𝚕𝚘𝚠𝚎𝚍-𝚍𝚘𝚖𝚊𝚒𝚗 (CLI) or 𝚗𝚎𝚝𝚠𝚘𝚛𝚔𝙿𝚘𝚕𝚒𝚌𝚢 in 𝚂𝚊𝚗𝚍𝚋𝚘𝚡.𝚌𝚛𝚎𝚊𝚝𝚎. Try it out: https://t.co/UoWXCW9Ien
Aave V4 Security Audit Published, Thanks Trail of Bits
The first Aave V4 security audit is now public. Big thanks to the @trailofbits team for the effort.
Executive Backing Turns Data Governance From Reactive to Strategic
Data governance is critical but tough. Without executive support, clear roles, and resources, committees stay reactive. Done right, it drives strategic decisions and strengthens both insights and cyber resilience. https://t.co/brZ80xsiyu
Developers Become Top Cyber‑attack Targets, Warning CISOs
Software developers: Prime cyber targets and a rising risk vector for CISOs | CSO Online https://t.co/BQaEUbegeO
Three Key Security Challenges and Their Solutions
New research: 3 big challenges facing security teams (and how to overcome them) | Cybersecurity Dive https://t.co/mN9t6BWiD6
First‑party Fraud Needs Memory, Not More Blocks
First-party fraud passes every check. The data lines up; the customer's real. The problem is intent, and intent is difficult to quantify. First-party fraud is hard to detect because it's hard to define. A PSP sees risk. A merchant sees a refund. A...
Make Machine Identity a First-Class Concern
Doubleplus good snapshot of where we are and what we need to do... KeyFlux | Trust Infrastructure https://t.co/BagFR3amVx "What Actually Works Treat machine identity as a first-class problem. Not an afterthought bolted onto service accounts." https://t.co/qc8L7FI6bh
Prioritize Parachutes over Costly Drop‑plane Flights
If it were me, I would stop paying for the drop plane flights rather than the parachutes. Seems like a bit of a prioritization issue.
Digital IDs Unite Identification, Authentication, and Authorization
The Promise of Digital Identities (IDs) https://t.co/ZELeCaUzpS "A digital ID combines the three pillars of secure transactions—identification, authentication, and authorization". Not my words, the Feds. Well, to be fair, my words too. Albeit some time ago. https://t.co/aTC5u5N9wx