Cyber War Targets Companies First
262 - The War Is Going Cyber and Companies Are the First to Be Attacked #ArtificialDecisions #MCC https://t.co/vs9dQXBP5d
AI Sandbox Breach Exploits Thousands of Zero‑days, Contacts Researcher
Sarah Connor after Claude Mythos found 1000s of zero-day vulnerabilities then breakout of its sandbox environment after a “sophisticated multi-step exploit” before gaining internet access and sending e-mail to an Anthropic researcher while person was eating a sandwich in the...
AI Security Mirrors Existing Controls, Not a New Paradigm
Is AI security actually different? The categories look familiar: Shadow AI, Shadow IT Agent identity, IAM AI vendors, TPRM So what is fundamentally different about security for AI related threats?
Anthropic AI Uncovers Vulnerabilities Across All Major OSs
Anthropic’s new AI model has found security problems “in every major operating system and web browser.” Anthropic is only previewing the model with partners like Microsoft, Google, Amazon, Apple, and Nvidia due to security concerns https://t.co/HV5u8X7UnY
Storm Infostealer Bypasses MFA, Hijacks Session Cookies Globally
Storm infostealer hijacks session cookies, bypassing multi-factor authentication, harvesting credentials, and enabling persistent account access across enterprise and cryptocurrency systems globally. https://t.co/gQxOVedsxv
U.S. Must Lead AI Security Race Against China
As you read about Anthropic's Mythos capabilities to find critical security weaknesses, consider what if a Chinese AI company had gotten here first. There is a real race underway, and its in our interest I believe for U.S. companies to...
Never Trust Inbound Calls—Verify Through Official Numbers
Watch out. Scam calls are GOOD now. My info and yours is already on the web—phone, name, address. So just because they know your details, doesn't mean it's real. If anyone calls asking for a security verification or personal info, immediately...
Anthropic Teams with Cyber Industry for Security Safety
Project Glasswing - big news that Anthropic partners with cyber/software industry on cyber security safety. https://t.co/rGKMOgcvTc
Malware Bypasses 2FA via DPRK Session Token
I found @tayvano_’s explanation of DPRK’s session token technique genuinely unsettling. Your 2FA doesn’t help once the malware is on the device. Uneasy Money: https://t.co/3LBYxJBwbb https://t.co/e4cGWPq2pN
Mythos Flips Defender Calculus; Glasswing Leads Massive Coordination
N days, logic bugs, exploit chains defeating friction-based exploit mitigations — your time has come. @AnthropicAI #mythos changed the defender’s calculus overnight. Glad #glasswing is attempting the biggest multiparty vuln coordination of the century https://t.co/KroRUisqY8
Private Firm Hoards Zero‑day Arsenal; Govt Barred From Anthropic
An underrated feature of this situation: a private company now has incredibly powerful zero-day exploits of almost every software project you've heard of. And Hegseth and Emil Michael have ordered the government not to in any capacity work with Anthropic.
AI Exposes Old Flaws, Finally Boosts Cybersecurity
Every security flaw discovered by AI was there before AI, waiting to be discovered either by people or by AI. The world has never been good at securing computer systems; finally with AI we are going to get good.
AI Now Outcodes Most Humans in Vulnerability Exploitation
Welcome to the space age of cybersecurity. “AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” https://t.co/nWdi1l4vOI
Leading Companies Unite on Project Glasswing Against AI Cyber Threat
I’m proud that so many of the world’s leading companies have joined us for Project Glasswing to confront the cyber threat posed by increasingly capable AI systems head-on. https://t.co/pn3HSVsThP
Anthropic Talks US Officials on Claude Mythos Cyber Capabilities
"Anthropic has also been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities." 👀https://t.co/RRcB6f6Mfa
Avi Eisenberg Attempted Aave Exploit, Says Omer Goldberg
Avi Eisenberg at one point had his eyes set on exploiting Aave, @omeragoldberg says 👇 https://t.co/qntXoLbTpf
Who Monitors DNS on Outdated Mobile Hotspot Devices?
Who is looking at DNS connections on phones and mobile hotspots like Netgear mobile hotspot devices that haven’t had a software update for two years? Just curious.
Secure Internal Collaboration: Best Practices for Companies
How to ensure secure internal collaboration in your company by @antgrasso #CyberSecurity #Infosec #IT #Technology https://t.co/P005pWoFq3
China's OSINT Firms Now Supplying Iran with Targeting Intel
I've seen some incredible open source intelligence focused companies supporting our government and industry with phenomenal insights. The PRC has firms doing that too and they are supporting Iran with intelligence precise enough to enable targeting. https://t.co/6Hl0lJQh4y
Outdated Hospital Systems Invite Ransomware, Endanger Patient Care
I was just listening to an interview on the radio with a person who worked at a hospital. 1. Your cyber insurance makes you a target. They know how much you can pay. 2. Don’t use your backups until you...
Cybersecurity Measures Focus on Activity, Not Threat Reduction
"I do believe that cybersecurity is fundamentally broken,"Payton said. "It's measured in terms of activity instead of reduction of threat surface." Pretty much what I wrote in my book in 2020. Old news but no one seems to be listening. https://t.co/53DAIYfvP1
Ensemble Judge Model Validates LLM Decisions in NightBeacon UI
New UI design for our NightBeacon AI SOC solution @Binary_Defense. Recently implemented a new ensemble (judge) model. This model checks the work of the primary LLM to ensure it agrees with the steps taken to validate its malicious, suspicious, or...
Beware: Scammers Impersonate Me—Only Official Research Here
These messages are ALWAYS posted by scammers who impersonate me. I do not run any such service on WhatsApp, Telegram or Discord. Our research is only published on https://t.co/9W3aDdLK3Q Do NOT engage with these scammers, block & report. https://t.co/64AJ4IQj1C
Circle's Judge‑Only Freeze Policy Fails Amid $285M Hack
Circle’s policy: they only freeze funds if a judge orders it. For a $285M hack that just happened, that timeline doesn’t work. @tayvano_ and @kaiynne on why this is the wrong call. Uneasy Money: https://t.co/3LBYxJBwbb https://t.co/Yder2DQH5I
Bet: Quantum Won’t Break ECC by 2032, ML‑KEM
I’m making a bet with Filippo Valsorda that quantum computers won’t break ECC by 2029/2032, and (secondarily) that one version of ML-KEM will be de-standardized. I have loads of confidence in the former and little in the latter. I just...
Smarter AI Agents Expand Cybersecurity Attack Surface
🔺 AI Agents Are Getting Smarter and Their Attack Surface is Getting Bigger 😳 | Cybersecurity https://t.co/4yOZbkldG5 https://t.co/NdtoEK56SM
Everyday Devices and Fiber Optics Can Spy on You
Interesting new attack. Your house is probably full of embedded devices that can be hacked at will, open mics in sensitive areas, and cellphones that continuously monitor your speech. And it turns out that even the raw fiberoptic cable can...
AI Coding Surge Overwhelms Security Review Capacity
Vibe coding security risks (based on the sheer amount of new code being introduced at companies) -> The rapid adoption of AI coding tools has let workers generate massive volumes of code, leaving companies scrambling to review and secure the...
Quantum Penetration Testing: Are We Ready Yet?
Is It Time For A Quantum Penetration Test? by J Nathaniel Ader @Forbes Learn more: https://t.co/CodfvKavfv #QuantumComputing #EmergingTech #Technology #Innovation #Tech https://t.co/rKyowhOBLq
Every Encryption System Needs a Cryptography Bill of Materials
Cybeats Blog | Cryptography Bill of Materials (CBOM): Why Every Encryption Ecosystem Needs One https://t.co/DGQpWfPZ3F
Open‑source Tool Simplifies SOC 2, ISO 27001, HIPAA, GDPR Compliance
Comp AI: The open-source way to get compliant with SOC 2, #ISO27001, #HIPAA and #GDPR https://t.co/mvwHwvS9mu https://t.co/q7t0s2qhc4
Flowise AI Agent Builder Faces Active CVSS 10 RCE Attack
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed https://t.co/aINT8EHBFi https://t.co/SKA564pKd5
Unpatched Claude Coding Flaw Lets Attackers Steal Cowork Files
Attackers can exfiltrate user files from Cowork by exploiting an unremediated vulnerability in Claude’s coding environment, which now extends to Cowork. The vulnerability was first identified in https://t.co/noHjpUqN1I chat before Cowork existed by Johann Rehberger, who disclosed the vulnerability. It...
Iran's Cyber Arsenal Now Targets Critical Infrastructure Worldwide
Iran has rapidly developed advanced cyber capabilities, evolving from information gathering to conducting destructive, state-linked attacks against critical infrastructure in the U.S., Israel, and the Gulf states. https://t.co/XlKdD8VuZu
Turn Fear Into Action: Strengthen Security with AI
I was afraid this afternoon. Read a security report that a massive cyberattack is coming. Fear causes the human mind to do weird things. My mom, in 1988, thought a massive nuclear war was coming, so joined a Montana suvivalist cult. Had...
New Threat Evolves Script Kiddies, Targets Everyday Users
read this when it first came out.. my first thought was crystal clear: "This is simply the natural evolution of SCRIPT KIDDIES but on steroids.." my second thought was broader: "The majority of every day people, will indeed at some point very soon, fall...
New Cyber Threats Target Power Grid Infrastructure
All emerging cyber threats targeting power infrastructure at a glance #energysky -- via pv magazine usa: https://t.co/CgfOPDFHMV
Y Combinator Leader Overlooks OpenClaw Security Vulnerabilities
Wild: the head of Y Combinator seems pretty blind to the security risks in OpenClaw.
Sherlock Bug Bounty for Aave V4 Now Live
Sherlock bug bounty for Aave V4 is live. Learn more below about the program and scope.
Autonomous Agents Pose a New Large‑scale Threat
An agent with a goal and agency can do real damage. We used to worry about compromised accounts. Now we need to worry about autonomous decision-making at scale. That is a very different risk model.
Negligence Fuels Social Engineering Attacks, Accountability Needed
"It's mainly social engineering attacks. ... If you're grossly negligent, you should definitely be held accountable." https://t.co/8bYXWatFF8
Questioning TestFlight Use After Drift Hack Tactics
"Do you stay away from TestFlight right now?" -- @perkinscr97 on the tactics used in the Drift hack https://t.co/8bYXWatFF8
Nation‑state Attacks on Startups Guarantee Their Own Victory
"When a nation-state attacks a startup, the nation-state is going to win every single time." -- @perkinscr97 https://t.co/jfZlSDnB86
Seal911 Success Highlights Need for Stronger Endpoint Security
"The fact that that Seal911 has been the saving grace for a bunch of teams shows that people could put more resources into better endpoint security." -- @llewellenmichael https://t.co/8bYXWatFF8
Enterprise Domain Management Requires Strict Renewal and Security Processes
Hive mind - how do large enterprises manage their domains? I'd love to talk to some IT leaders - what processes ensure https://t.co/VFOQyhfres or https://t.co/kuiRO5DwUb or https://t.co/N7kgQgrxQy doesn't expire, or get socially engineered into a redirect or transfer?
Cybercriminals Accelerate: Storm-1175 Beats Patches in Days
It is not every day that a financially motivated threat actor manages to move faster than the vendors trying to secure their products. Yet that is precisely what Microsoft says Storm-1175 has been doing. The China-based cybercriminal group, closely associated...
AI Revolutionizes Penetration Testing: My Museum Talk
How I Use AI for Penetration Testing Speaking at the Computer History Museum in Mountain View, CA April 10, 2026 https://t.co/tTRkze5Enp https://t.co/aYFdKg7G78
LinkedIn Silently Harvests Chrome Extension Data
Every time you open LinkedIn in a Chrome or Chromium-based browser, covert code silently scans your browser for info about any extensions you've installed, then transmits the info back to LinkedIn and partners. From this, they can glean info about...
Security Tools Chase CVEs, Miss Planted Backdoors
"Modern-day security tooling looks for the wrong things ... a deliberately planted backdoor doesn’t have a CVE." https://t.co/1wbJMiZMrj
LinkedIn Denies Smear, Admits Browser Extension Scanning
LinkedIn calls it a smear campaign, but does not deny scanning people's browsers for extensions. https://t.co/q5Kp0kwh1J
