Backups Aren't Enough; Data Exposure Drives Ransomware Pressure
While backups continue to be essential, they no longer determine preparedness when attackers steal sensitive data and use exposure as the primary pressure point. https://t.co/lyA68DaCBf
Yearly Crypto Security Guide After Screen‑Hijacking Hack
In 2019 a hacker took over my computer screen and tried to get crypto from me. It was a terrifying experience. So I decided to make a crypto security guide and continually update it every single year to help protect others. ↓ https://t.co/m4IiWtvtvf
Samsung One UI 9 May Add MTE Toggle
Samsung One UI 9 could introduce a Memory Tagging Extension (MTE) toggle directly in the Auto Blocker app Currently Pixel 8+ series allow you to enable MTE with advanced protection mode or through developer options ✅ Details - https://t.co/JQvyuOuoyz https://t.co/z98eEoLPOq
FCC Proposes Ban on Pre‑2024 Chinese Tech
ICYMI: @FCC on Friday proposed barring Chinese tech on the Covered List added in 2024 or earlier https://t.co/SObMOT0jXm
North Korea Bypasses 2FA Using Stolen Tokens, Evading AV
“It doesn’t matter that you have 2FA. They can just use that token to be you.” @tayvano_ on how DPRK bypasses 2FA entirely — and why most antivirus won’t detect it. With @kaiynne and @LucaNetz on @unchained_pod: https://t.co/izx08LxSbO
OpenClaw Silently Steals Emails and Calendars, Warns Researchers
Cisco found OpenClaw skills that performed data theft without user awareness. Security researchers called it “a nightmare.” Maybe don’t give it your email and calendar. https://t.co/MFj5pVF0o6
Russia's VPN Crackdown Triggers Nationwide Bank Outage
Russia’s VPN Crackdown Caused Bank Outage, Telegram Founder Says Telegram founder Pavel Durov says filters overloaded critical systems Millions rely on VPNs as Telegram ban fails to stick Disruption briefly forced Russians to rely on cash payments nationwide
LinkedIn Allegedly Scans Browsers for Extensions, Gathers Data
LinkedIn is secretly scanning your browser for 6,000 extensions A report alleges LinkedIn uses hidden JavaScript on its website to scan visitors' browsers for installed extensions + collect device data The system collects 48 device signals, including CPU, memory, screen, language, audio...
Ask These Five Questions for Data Resilience
The CISO’s Mandate: Five Critical Questions to Ask Your Storage Provider for Data Resilience https://t.co/O79CRe7P1i
Securely Integrate AI Agents Into Your Workforce
AI agents are joining the workforce, so how should organizations manage and secure them? https://t.co/4tsBSzKgf5
Circle's Judge‑order Rule Blocks $285 M Hack Freeze
Circle had the ability to freeze over $285M in stolen USDC from the Drift hack. They declined — their policy requires a judge’s order first. @tayvano_ explains why that’s the wrong call, and how Tether does it differently. Timestamps: 🚀 0:00 Introduction 🏦 11:21...
Less Reliable Than Fuzzers, Yet Occasionally Luckier
They are exactly like fuzzers except not as reliable. They can get lucky faster though sometimes.
From RAG to Zero‑Trust: Verifying Hostile LLM Memory
“i came in thinking I’d build a RAG system. i left with a zero-trust verification pipeline that treats the LLM’s parametric memory as hostile.” 👀 🔗 https://t.co/nFZBhpfUKq https://t.co/HYoRr2wYhf
Meta Halts AI Training After Data Breach Exposes Secrets
Meta freezes AI data work after breach puts training secrets at risk https://t.co/WtjqyiuUAu via @thenextweb
User Seeks Help Recovering Hijacked X Account
Hey @nikitabier my friend JT’s X account got taken over. It was @tcmllc I can send over any details via DM Can you help us out?
LinkedIn Scams: An Ecosystem of Identity Theft and Fraud
LinkedIn scams go beyond fake posts or “I’m grateful” stories; they form an ecosystem of identity abuse, data harvesting, and financial fraud.
Senators Warn VPN Use May Invite Government Surveillance
Using A VPN Could Subject You To Government Surveillance, Senators Warn [Roundup] - View from the Wing https://t.co/hJwQPvAsyq
Iran’s Charming Kitten Exploits Insiders and Low‑tech Tricks
Iran’s Charming Kitten group relies on deception, insider access, and low-tech methods to steal trade secrets and compromise systems. https://t.co/8jKdiH2bzt
Valid Finding Reveals Overlooked Cookie Injection Requirement
The finding is valid but we need to have a cookie injection on the target or its subdomains but I noticed something the AI didn’t notice…yes AI with humans or spend a lot a lot of tokens.
UK Tightens Energy Cybersecurity After Poland Attack
UK defining stronger energy cybersecurity rules after Poland attack #energysky -- via pv magazine global: https://t.co/UAgNu4x2di
Hope Hyperliquid Is Conducting Emergency Security Review
I really hope Hyperliquid is in a war room right now assuming they’ve already been compromised and reviewing every last thing they’ve done for the last year and a half …
New Attack Exposes Massive Vulnerability—Review Now
I called the attack “chilling” only from what details we knew on Thursday. What actually happened is orders of magnitude more chilling. READ THE WHOLE THING. If you work in this industry, you or your protocol may be a sitting...
Evidence Suggests North Korea May Have Orchestrated Drift Attack
Are North Korean state actors behind the Drift Protocol attack? @omeragoldberg says the markings are there, while sharing what it would take to confirm the speculation 👇 https://t.co/8SgvDYy6Lx
Skull Vibrations Could Become Future Biometric Passwords
Vibrations in your skull may be your next password by Rutgers University @TechXplore_com Learn more: https://t.co/oRTnakuTjb #EmergingTech #Innovation #Tech #Technology https://t.co/qvg0gNKuw2
AI Health Advice Raises Privacy Risks Without Clear Standards
More people are turning to AI for health advice, but it comes with trade-offs. Uploading medical data can deliver useful insights, yet it also raises serious privacy concerns and risks around how that data is stored and used. The lack of...
Drift Hack Exposes DeFi Audits Gaps and Possible NK Threat
Another week, another DeFi exploit 🫠 @omeragoldberg joined me to unpack the Drift Protocol hack: ⁉️ What went wrong? 👀 How the attack resembles the Mango DAO and Resolv exploits 🤔 Why was Circle so slow to react? ⚠️Are North Korean state actors behind the...
Allowlisting CRLs in Plants: Ongoing, Working Fine
I went through a process to allowlist CRLs in our plants. It's not complete but it's been fine.
Seeking Tools that Scan Repos for Malicious Dependencies
What are vendors that offer scanning of PRs or repos to protect against malicious dependencies? I know of Sonar (Advanced Security), Socket .dev, JFrog. What else do you know of or use and what does it do? (At some point, you want...
Is That Image Actually Malware? Find Out
Image or Malware? Read until the end and answer in comments :) https://t.co/5nD545aoAi #BreakingNews https://t.co/Vvny6JzyBD
GStack Receives 14 Security Fixes, Half From Community
14 security bug fixes just landed for GStack, half of which were community PR's. https://t.co/98jmCzQ38i
Zero‑Trust BYO‑VPS Delivers Commercial Features
So, I built more or less complete platform to test whether I could match the core features of commercial vendors with a zero-trust, BYO-VPS platform. Zero-trust: The control plane stores no credentials, only metadata. A worker running next to your server...
Lawsuit Claims Perplexity’s ‘Incognito’ Sold Chats for Ads
Perplexity’s “Incognito Mode” is a “sham,” -lawsuit says Google, Meta, and Perplexity accused of sharing millions of chats to increase ad revenue. https://t.co/vxnnXugoR4
Zero‑Trust BYO VPS Platform Matches Commercial Features
I've built: A zero-trust BYO VPS platform. It has feature parity with commercial alternatives, but it still needs a lot of polish. 😀
Enable WhatsApp Two‑Step Verification: Simple Yet Essential
Whether you just joined @WhatsApp or have been using it for years, it's a smart idea to enable two-step verification. Here's how, step by step, and why it's not as good as 2-factor authentication, but better than nothing... https://t.co/KDT8J6yjkd #whatsapp...
Security Must Match Your Attractiveness as a Target
Scary stuff. The best security remains obscurity. Unfortunately just being “anonymous” isn’t enough anymore due to constant third party data breaches, like Coinbase leaking user balances and addresses. The potential security holes are endless. Basically every...
Rushing Bitcoin to PQ Signatures Risks New Vulnerabilities
It’s been almost 10 years since the Blocksize Wars ended and Brian hasn’t changed at all. He still carries the exact same complete lack of humility and understanding. Brian forms the opinion first, along with a prescribed course of action and...
CISA Lists TrueConf Client Flaw in Exploit Catalog
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog https://t.co/LEm093lFfD #BreakingNews https://t.co/7HuNg6hJGV
Military Personnel Leak Sensitive Data via Fitness App
We've got more cases of military personnel revealing a significant amount of information through the fitness app. https://t.co/BwTkOxURPX
Private VPC Without NAT Blocks Internet Access Securely
AWS Security Agent-Penetration Testing Overview | by Sena Yakut | AWS in Plain English Was just reading this and pretty good review. If you put in a private VPC no NAT or peering can’t reach Internet which is what you want...
Quantum Threat Makes Crypto Existential, Not Just Technical
What keeps me up at night about quantum is that centralized companies can just rewrite their ledgers when hacked. Bitcoin can't. That's why a quantum threat to crypto isn't just a tech problem, it's existential. 👀 h/t @apruden08 https://t.co/ZZnqMsa0hq
Reuters Saudi Reporter Warns of WhatsApp Impersonation Scam
The chief Saudi correspondent for @Reuters warns that someone's impersonating him on WhatsApp with links and requests for information; at least one individual in the UAE was contacted by this number already. https://t.co/OkG01CK0TK
Beware: Fake Senjin Capital Job Ads Are Phishing Scams
I have been made aware of fake job advertisements using Senjin Capital’s name as the employer. We are not currently hiring, and when we are hiring you will see a post on this page about it. These ads are likely an...
Use “Are We Dancer?” To Expose AI‑masked Impostors
Protip if you think you're dealing with a DPRK fake job applicant using AI masking as an American millennial, ask them to respond to "Are we dancer?" Will take them too long to read in too formal a tone and...
Cisco Warns AI-Driven Wi‑Fi Security Risks and Talent Gaps
. @Cisco report flags #AI wireless security risks, talent shortages #wifi #spectrum 🖇️https://t.co/9tt8i7caO5 🖇️ https://t.co/bqI75Tbe4s
Crypto Spam Hack Sends Phishing Podcast Vote DMs
@greenfield64 has been hacked by crypto spammers and they are sending DMs out to people asking to vote for him to host a podcast but it’s phishing for you touting your password so be careful. Don’t respond
Seeking Experts to Explain Circle’s Drift Hack Response
🎙️ Who would you like to hear from about how Circle handled the Drift hack? I've reached out to Circle, some former prosecutors, and Seal 911, and haven't gotten anyone yet who can do it ... Taking suggestions 👇
Meta Halts Mercor Partnership After AI Data Breach
Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk https://t.co/0lYIi0rXSh https://t.co/oLoqpKBljV
Proactively Cut Cyber Risk to Prevent Business Damage
How To Reduce Cyber Risk Before It Becomes Business Impact by @austingadient @Forbes Learn more: https://t.co/VHZwMZzcvB #CyberSecurity #Infosec #Technology https://t.co/AVcRBc9AxR
Top Prompt Hacker Tests OpenClaw—Results Reveal Its Security
I challenged the best prompt hacker on the planet (@elder_plinius) to break into my OpenClaw system... So, is OpenClaw safe? Here's what happened: https://t.co/5xpXzxUtTM
5 Steps to Overcome Alert Fatigue and Strengthen Security Ops
5 Steps to break free from alert fatigue and build resilient #security operations https://t.co/cR0YprtxOS https://t.co/BpZtAMzn8k
