Social•Feb 2, 2026
Google’s Mandiant Deploy
Mandiant Google’s shiny hunters scattered lapsus okta internal sso phishing blog. Imagine trying to parse that sentence in twenty years ago. Mandiant’s acquisition Google used their shiny hunters to scatter the Lapsus Okta internal sso phishing blog.
By The Grugq
Social•Feb 2, 2026
Combine Naabu and Nmap for Depth, Simplicity, Speed
Port scanners ranked after 15+ years: Nmap → depth Naabu → simplicity RustScan → speed Pro tip: naabu -nmap-cli gives you best of both 🔗 https://t.co/8qHOyCzgAg | https://t.co/LFDCFb3Rgg | https://t.co/d56KN90GG9 https://t.co/WGqy7g65sd
By Jason Haddix
Social•Feb 1, 2026
GPT-4’s Function Calling Sparked VM Escape, Enabling Clawdbot
given that gpt-4 (June 2023) had function calling and tried to escape its own VM by hacking it i'd guess that's when something like clawdbot would've been possible to release by the labs
By Aaron Ng
Social•Feb 1, 2026
Beware: Malicious External Contract Interaction Echo
Yes, this is giving "interaction with [malicious] external smart contract" vibes a la The DAO 😬
By Laura Shin
Social•Jan 31, 2026
Access Controls Matter More Than Tools in Secure Tip Lines
I helped design and implement the secure tip line at the New York Times in 2016. Who can access what, when, where, and how is just as important as the specific apps, tools, and settings that are used. https://t.co/bXZ9qmWkqy
By Runa Sandvik
Social•Jan 31, 2026
FBI Record Shows Reporter’s Devices Secured, Signals Disappearing
New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson: phone was on w/Lockdown Mode; personal laptop was off; work laptop was on w/Touch ID; several Signal chats used disappearing messages....
By Runa Sandvik
Social•Jan 31, 2026
Crypto Heist Sparks Call for U.S. Bitcoin Reserve
Alleged crypto theft by son of government contractor raises a critical question: Is the U.S. ready for a strategic reserve? @kkirkbos says we may need a Bitcoin Fort Knox 👇 https://t.co/tti17Z1eKJ
By Laura Shin
Social•Jan 30, 2026
CLI‑enabled Agents Risk Identity‑changing Prompt Injections
With autonomous agents who have access to the command line, like Claude code and Open Claw, you don't only have to worry about prompt injection that executes commands and operations, but you also have to worry about prompt injection that...
By Jason Haddix
Social•Jan 30, 2026
AI Proliferation Shallowens Bugs, Boosts Top‑tier Fixes
Have we reached the stage of “many AIs make all bugs shallow”? Great writeup on AI, open source, & bug bounties by @stanislavfort cofounder of AISLE “Mass adoption collapsed the median quality (“slop” killed bug bounty..) but.. raised the ceiling” https://t.co/iDvdiDy41J
By Katie Moussouris
Social•Jan 30, 2026
AI Agents Favor Bitcoin for Open‑source Bug Bounty Payments
This is mind blowing. 🤯 Ai agents discussing the best form of payment for finding security holes in open source "skill" repos. Bitcoin at the top of the list.... Turns out humans don't need to convince grandma to use/hold Bitcoin, the...
By Preston Pysh
Social•Jan 30, 2026
Norwegian Police Probe Italian Firm over FLIR Camera Installation
Police in Norway are investigating an Italian company suspected of installing high-end FLIR cameras on a rooftop overlooking Melkøya, the endpoint of the pipeline for natural gas from the Barents Sea. https://t.co/6wbZBfOLzj
By Runa Sandvik
Social•Jan 30, 2026
Group Chats Expose Sensitive Data Due to Trust Gaps
Allowing members of a group to see the group messages is literally the purpose of a group. The issue seems to be that sensitive data is shared with poorly established trust boundaries and insecure COMSEC. There is no technical solution...
By The Grugq
Social•Jan 29, 2026
VPS as Reliable Fallback for Browser‑Only Tasks
Why not a VPS for Molt? In my use cases, research and testing, sometimes fetch and browser tools are blocked by anti-bot tech, or there is some workflow that doesn't have an API.... it's purely browser driven. With cui and...
By Jason Haddix
Social•Jan 29, 2026
Self‑controlled Crypto Wallets Aren't Safe for Life Savings Yet
“We are not in a place where anyone should store their life savings on chain in a wallet they control. It’s probably not safe for that yet.” https://t.co/JTgHPOAJbx
By Laura Shin
Social•Jan 29, 2026
Crypto Security Still Far From Protecting Everyday Investors
“We are not making major progress on improving security for the normal person to feel comfortable putting their life savings into crypto.” https://t.co/JTgHPOAblZ
By Laura Shin
Social•Jan 29, 2026
Unclaimed Hack Refunds Stuck in Unused Contracts
“There’s a lot of money just sitting in random contracts that were tried to be returned to people affected by the hack.” https://t.co/JTgHPOAblZ
By Laura Shin
Social•Jan 29, 2026
TheDAO Sparked Ethereum’s Security Industry Emergence
“I think it would be an easy argument to make that TheDAO really kickstarted the security industry in Ethereum.” https://t.co/JTgHPOAblZ
By Laura Shin
Social•Jan 29, 2026
Unclaimed DAO Hack ETH Funds $250M Security Fund
EXCLUSIVE 🚨 Nearly 10 years after the DAO hack, unclaimed ETH is being used to create a $250M Ethereum security fund. https://t.co/JTgHPOAblZ
By Laura Shin
Social•Jan 29, 2026
Ethereum OGs, Vitalik Launch $220 M Security Fund
EXCLUSIVE: Ethereum OGs and @VitalikButerin to create a $220 million Ethereum security fund 🤯 You'll never guess where the money comes from ... https://t.co/KbfuQI6FX3
By Laura Shin
Social•Jan 29, 2026
Apple's iPhone Privacy Shield Lacks U.S. Carrier Support
Apple’s new iPhone security feature limits cell networks from collecting precise location data, but appears to have very limited support in the U.S. at the moment. Here’s to hoping all the big carriers get on board too. https://t.co/tCJT63yJO3 https://t.co/PK9jhIlU18
By Runa Sandvik
Social•Jan 29, 2026
Cyber InsurTech Hits Turning Point with Massive Funding
Cyber InsurTech at a crossroads ? → https://t.co/lkwru1czZC This reflects the largest round announced recently, which happened to come from a cyber InsurTech startup. https://t.co/NIanaOZPp2
By Florian Graillot
Social•Jan 28, 2026
Open‑Source AI Gains Power, Raises Massive Security Risks
On one hand we should expect many open source models to get great at computer use because of clawdbot proving demand On the other hand random free oss models controlling millions of computers sounds like a nightmare
By Aaron Ng
Social•Jan 28, 2026
Open‑weight AI + Obsidian + Crypto Enables Personal Private Programmable Stack
PERSONAL PRIVATE PROGRAMMABLE I’ve been thinking more about the intersection of Claude Code and Obsidian. There is an upcoming tech stack here that I’m calling personal private programmable. Here’s a sketch of the idea. First, if you squint ahead a few months, we...
By Balaji Srinivasan
Social•Jan 28, 2026
Prompt Injection Threat Turns AI Agents Against Employers
When AI Agents Turn Against You: The Prompt Injection Threat Every Business Leader Must Understand As organizations deploy #AIagents to handle everything from customer service to financial decisions, a critical #security #vulnerability threatens to turn these digital workers against their employers. #PromptInjection...
By Bernard Marr
Social•Jan 27, 2026
WhatsApp Adds Anti‑spyware Blocks for Unknown Media
Powerful new features announced by @WhatsApp today to defend against sophisticated spyware. Includes the ability to block attachments and media from people not in your contact list. https://t.co/nvd2F83n4Z
By Runa Sandvik
Social•Jan 27, 2026
Crypto Crime Soars: $16.1B Laundered in One Year
$16.1 billion laundered in a single year. 1,799 wallets. $44M per day. A new Chainalysis report shows how crypto crime has quietly scaled. Full story here: https://t.co/oXjntBhduW
By Laura Shin
Social•Jan 27, 2026
Cisco AI Summit: Inside Enterprise AI Build, Secure, Scale
Join us online for the Cisco AI Summit livestream. If you care about how enterprise AI is actually being built, secured, and scaled, this is a day worth putting in the diary. Cisco is bringing together many of the people shaping...
By Bernard Marr
Social•Jan 26, 2026
Journalists Should Use Signal Usernames, Not Personal Numbers
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signalapp. Please know that Signal allows you to create a username, meaning you can keep your phone number private....
By Runa Sandvik
Social•Jan 26, 2026
Beware: Clawdbot Could Unleash Unaligned AI Risks
Rahul warns us about Clawdbot. I'm not too worried about the nerds here who load it, but it got so popular over the weekend that non-techies will get drawn in. And that's where the trouble starts. I don't know how...
By Robert Scoble
Social•Jan 24, 2026
AI Expands Risks Yet Powers Scalable Security Solutions
Tech and AI lead the global risk landscape as they increasingly expand the attack surface. The good news? The same tools can help us move faster, see more clearly, and respond at scale. Our Risk & Security Outlook explores what's...
By Nigel Walsh
Social•Jan 24, 2026
Government May Subpoena Google, Proton for Natanson’s Accounts
Given how aggressively the government has pursued Hannah Natanson and the Washington Post, it would not surprise me if Google and Proton also received subpoenas for access to her accounts.
By Runa Sandvik
Social•Jan 23, 2026
Gain Real Visibility Over Fast‑Moving Agentic AI
Agentic AI is moving fast and most teams lack visibility into what’s actually happening. Meet our sponsor for this weeks newsletter: @harmonicsec ! Harmonic's Security’s MCP Gateway is a lightweight, developer-friendly gateway that gives security teams real visibility...
By Jason Haddix
Social•Jan 23, 2026
Spain's Top Court Stalls Pegasus Probe over Israeli Silence
A “chronic lack of cooperation from the Israeli authorities” has forced Spain’s highest criminal court to shelve its investigation into use of Pegasus against Spanish ministers, inc. the prime minister. Cases uncovered by @citizenlab go back to 2021. https://t.co/GUEJ1Mq02R
By Runa Sandvik
Social•Jan 23, 2026
Microsoft Will Surrender BitLocker Keys to Police upon Court Order
If you store your BitLocker key with Microsoft, Microsoft can and will hand the key over to law enforcement in response to valid court orders. https://t.co/FPUJZPSU3h
By Runa Sandvik
Social•Jan 23, 2026
Essential Digital Security Guide Still Relevant After FBI Seizure
I know people are looking for digital security guides and checklists in light of the FBI seizing devices of a Washington Post reporter. Here’s a guide I wrote for @gijn in 2024, which remains up to date and relevant. https://t.co/9vBMK8r1vV
By Runa Sandvik
Social•Jan 23, 2026
Secure Solutions for Journalists and At‑Risk Professionals
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. https://t.co/5eyprsSuBF
By Runa Sandvik
Social•Jan 23, 2026
FBI Seizes Reporter’s Devices, Including Encrypted Drive
Here are the items the FBI seized from Washington Post reporter Hannah Natanson: a recorder, two laptops, an external drive, a smart watch, an iPhone. Her December article mentioned that she stored reporting notes on an encrypted external drive, so...
By Runa Sandvik
Social•Jan 22, 2026
Claude Extension Serves as Fallback when Browsers Blocked
When you don't have an Skill/MCP, a headless browser is blocked, curl and fetch are blocked... the Claude extension is a slow but serviceable backup.
By Jason Haddix
Social•Jan 22, 2026
Rethink Dispute Processes to Turn Fraud Into Advantage
Banks can turn first-party fraud from a hidden vulnerability into a competitive advantage if they rethink dispute processes. Join our conversation with @shanthi_peace, CEO of Casap. Watch the full episode: https://t.co/aCTj9YH63K https://t.co/vmuPbei31q
By Jim Marous
Social•Jan 22, 2026
Defender, Not Attacker, Determines Cyber Attack Impact
I wrote a short post on how the impact of cyber attacks is determined by the target, not the attacker. It’s important to remember how much control the defender has over not just the terrain but the effects of an...
By The Grugq
Social•Jan 21, 2026
Ethereum's Transaction Record Skewed by Address Poisoning Attacks
Ethereum just hit an all-time high in daily transactions But much of the activity was driven by address poisoning attacks https://t.co/rBDQRtSqza
By Laura Shin
Social•Jan 21, 2026
AI Fuels Buggy Bounty Incentives; cURL Exits to Reset
AI was the accelerant on a perverse incentive fire sparked by bug bounty platforms that reward spray & pray. Both open source & orgs without dedicated vuln response teams get overloaded when they offer cash there. cURL is right to...
By Katie Moussouris
Social•Jan 21, 2026
BTQ Partners ITRI for Low-Power
NEW: BTQ is partnering with ITRI to build a new chip architecture for post-quantum security. $BTQ ’s QCIM targets lower-power cryptography, and is now moving into silicon validation with ITRI, the incubator behind $TSMC.
By Wendy O
Social•Jan 21, 2026
Banks Overlook Billion-Dollar Fraud Crisis
[New Episode] The Billion Dollar Fraud Crisis Most Banks Are Missing. With @shanthi_peace, CEO of Casap. Watch the latest episode now: https://t.co/aCTj9YH63K https://t.co/dJky1nDo6a
By Jim Marous
Social•Jan 20, 2026
PAI Boosts Claude Code Efficiency by 50% – Free Workshop
PAI is a super power. @DanielMiessler created features on top of Claude Code that increase its efficacy by 50%... and that's a lot based on how awesome Claude Code is. Incoming FREE workshop of PAI and other tools I'm using to...
By Jason Haddix
Social•Jan 20, 2026
Privacy, Security, and Scale: Non‑Negotiable Blockchain Essentials
3 things that will become non-negotiable for any chain that plans to operate in the long-term: Privacy, security, scale. - Privacy (by now it's obvious, and still) - because if we're to migrate our digital life -- financial and non-financial --...
By Eli Ben-Sasson
Social•Jan 17, 2026
Newsrooms Must Adopt Holistic Safety Beyond Digital Checklists
I spoke to @CJR about the FBI seizing devices from a @washingtonpost reporter and what newsrooms should know. The way forward here is more than just a digital security checklist, but a holistic focus on safety: physical, digital, emotional, legal....
By Runa Sandvik
Social•Jan 16, 2026
Iran-Linked Hack Targets Middle East Gmail, WhatsApp Accounts
Spoke to @zackwhittaker about a hacking campaign targeting high-profile Gmail and WhatsApp accounts across the Middle East, found by @NarimanGharib earlier this week. Gharib believes the campaign is linked to Iran, TechCrunch was unable to attribute it. https://t.co/XH9cRWtxh2
By Runa Sandvik
Social•Jan 16, 2026
Bots Now Dominate Web Traffic, Malicious Bots Rising
Here's what makes up a website's traffic today. It used to be mainly humans, but now bots make up the majority of website traffic. In addition, more malicious bots have been visiting sites than in the past. Check out the data. https://t.co/fpsvUqwlhE
By Neil Patel
Social•Jan 16, 2026
New Dev Tools Promise End‑to‑End Encryption for Open‑Source L
Are there any other developer tools that let you encrypt your workflow? I met with the founders, video coming tomorrow, and they claim that everything is encrypted on open source LLMs even in and out of the LLM.
By Robert Scoble