Proactively Cut Cyber Risk to Prevent Business Damage
How To Reduce Cyber Risk Before It Becomes Business Impact by @austingadient @Forbes Learn more: https://t.co/VHZwMZzcvB #CyberSecurity #Infosec #Technology https://t.co/AVcRBc9AxR
Top Prompt Hacker Tests OpenClaw—Results Reveal Its Security
I challenged the best prompt hacker on the planet (@elder_plinius) to break into my OpenClaw system... So, is OpenClaw safe? Here's what happened: https://t.co/5xpXzxUtTM
5 Steps to Overcome Alert Fatigue and Strengthen Security Ops
5 Steps to break free from alert fatigue and build resilient #security operations https://t.co/cR0YprtxOS https://t.co/BpZtAMzn8k
Bulletproof Your Endpoint Security in Five Steps
5 essential steps to bulletproof your endpoint #security (and avoid the biggest mistakes) https://t.co/zU8A6OSSWH https://t.co/WqnyE11KOK
Shared Observability Unites SOCs, DevOps, and Risk View
RT SOCs and DevOps will need shared observability for agents: data access, tool calls, MCP interactions, and risk levels in one view. #Security #DevOps @Star_CIO https://t.co/tRGwCPc4Mb
Prioritize Post‑Quantum Signatures for Bitcoin Now
My take on Bitcoin and quantum computing: https://t.co/bq2HdAsnXQ tl;dr: I think the risk is high enough to warrant prioritizing designing, implementing, and evaluating post-quantum signature schemes and consensus upgrades in Bitcoin now.
AI-Driven Lambda Troubleshooting Auto‑detects Missing VPC Security Group
This past week I wrote a lambda troubleshooter using the concept on this blog post where it deterministically queries a bunch of logs and sends them to an ai 🤖 agent for analysis and troubleshooting. I had to redact...
Restrict DB Access; Run with Minimal Privileges
Okay honestly this makes vibe coding into production very dangerous, you guys were all right I think what I'll do is cut off all access to DBs and run it as a user with almost no privileges
Frontier AI Halves Expert Task Time, 5.7‑month Doubling
Here’s an independent domain extension of METR’s famous time-horizon analysis, applying it to offensive cybersecurity with real human expert timing data Similar to METR: 5.7 months doubling time. Frontier models now succeed 50% of the time at tasks that take human...
9‑Minute Window Poses Existential Risk to Bitcoin
When I first heard about on-spend attacks, I immediately thought: this is scary. @apruden08 on why the 9-minute window creates an existential risk for Bitcoin 😱 https://t.co/t4lZ3iQxIm
Fake Class-Action Emails Could Blur Truth and Scams
If scammers started sending out fake class action emails feel like that would be rally hard to distinguish between real vs fake
Security Giants Bet Big; Execution Determines AI Success
When companies like ServiceNow and Mastercard start making big security bets, you know the lines are blurring. Now it’s about execution. Who deploys AI securely and actually succeeds? https://t.co/QOSbQN1WO8
Cybersecurity's New Challenge: Decision, Not Tools
Cybersecurity isn’t a tooling problem anymore. It’s a decision problem. AI-driven threats are moving faster than human response models. Most orgs still rely on: • alerts • dashboards • manual decisions That’s the real vulnerability. The shift? → Decision Intelligence systems Comment “DECISION” and I’ll show you how to implement...
Crypto’s Core Strengths Threaten Its Quantum Future
Here's the irony: the things that make crypto work, immutability, decentralization, public addresses, are exactly what make it extremely vulnerable to quantum computers. @apruden08 on why blockchain faces a deadline other systems don't. 😓 https://t.co/7Lt08CnIfJ
Discovered “NomShub” Sandbox Breakout Bug in Cursor
New blog: We found a sandbox breakout and remote dev tunnel bug in Cursor. Called it NomShub. It was fun making my vscode dev tunnel C2 dashboard pink. https://t.co/KfPBzqEOYe https://t.co/Owgxbnge1b
FBI Calls China-Linked Intrusion a Major Cyber Incident
The FBI reportedly classified a China-linked effort to penetrate one of its surveillance systems this week as a “major cyber incident,” meaning it was a significant risk to U.S. national security. The definition of a “major incident” was established by the...
Metrics Mislead: Scans Don't Equal Security Progress
Counting scans and alerts isn’t security progress—it's masking unresolved vulnerabilities and rising cyber risk. https://t.co/fsb8M3fbRc
FBI Warns Chinese Apps Store Data Accessible to Government
Chinese apps store sensitive data on servers in China, which the government can access, FBI warns. https://t.co/irVklBM99j
Real‑Time Location Tracking Threats: How to Protect Yourself
240 - Warning, They Can Know Where You Are in Real Time. How to Protect Yourself #ArtificialDecisions #MCC https://t.co/LUlIN36Wjm
Outlook Mobile 2FA: Frequently Fails, Users Frustrated
Question - is it just me - or does the @Microsoft Outlook Mobile based 2 factor authorization ever work?
Use AI Defensively To
Cyber attacks launched by malicious humans using AI are a very real AI risk. The best way to guard against them is to use AI to proactively find vulnerabilities in our systems and harden them, along with parallel efforts in...
Guardian AI Emerges: Second‑layer Agents Monitor and Secure Systems
The category is called guardian AI, or supervisor agents. The idea: deploy a second layer of AI to watch what the first layer is doing. ServiceNow has the most developed commercial product here, sold as part of its AI Control...
Bug Bounties Aren’t Universal, AI Hype Is Overblown
Had a great conversation with Mackenzie Jackson from Aikido Security on The Secure Disclosure — we got into some contrarian takes: not every org should run a bug bounty (yes, from the Bugcrowd founder), AI slop is really just 2014...
CrystalX RAT Bundles Prankware to Taunt Victims During Data Theft
CrystalX RAT comes with a handful of prankware, allowing hackers to tease their victims as they steal their data. https://t.co/aOjjo0ApuY
Indirect Prompt Injection Threats and Google’s Defense Strategies
Indirect prompt injection "enables the attacker to influence the behavior of an LLM by injecting malicious instructions into the data or tools used by the LLM as it completes the user’s query." https://t.co/smO5fyBfLT < what @google Security does to...
Agentic Era Demands New Trust Layer, ZKML Offers Solution
Finally going to write a bit more about this (in tomorrow's Clouded Judgement). A snippet of what I wrote: The way I think about it: every major platform shift has required a corresponding trust layer. The internet needed SSL/TLS. Mobile needed...
Don’t Trust Your Supply Chain Blindly—Follow Docker’s Guidance
These recent software supply chain breaches are worrisome. How can we avoid assuming trust where we shouldn't? @Docker has a good post up with recommendations for engineering teams ... https://t.co/O5Mfag8N4y
FCC Cracks Down on Foreign Bank Impersonation Scams
FCC Acts to Protect U.S. Consumers from Bank Impersonation Scams Linked to Suspicious Foreign Call Traffic https://t.co/4LNmknNXR0
Iran Claims Cyberattack on Oracle, AWS Data Centers
Iran says that they have hit Oracle datacenter in Dubai, AWS datacenter in Bahrain - CNBC (just now)
AI Is Simplifying Cybercrime; Future Threats Loom
#AI is already making online crimes easier. It could get much worse. (MIT Technology Review) #JVGpost https://t.co/CbJaHfE8I9 https://t.co/Z89pKDgCWW
Even Tech‑Savvy Users Still Fall for Phishing Scams
I just analyzed this BofA text, and it’s a perfect example of why even tech-savvy people get burned. Why do we still fall for these?
Durable Nonces Are Intentional Feature, Not a Bug
SOLANA FOUNDER JUST SAID IT OUT LOUD: “durable nonces observed on chain” ⚠️ Not a bug… it’s a permanent feature of how on-chain authority works. Every system has this invisible attack surface. ~ @omeragoldberg https://t.co/1jXnOLapcr
Fake Collateral Added, Enabling Oracle Manipulation on Drift
💥 DRIFT EXPLOIT BREAKDOWN 💥 “They added CVT as a new collateral asset on the Drift Protocol” That single move changed everything. Whitelist a fake asset → use it as collateral → start manipulating the oracle + market feed. Game over waiting to happen. ~...
Second Cosignature
2-of-5 in ONE second tells you everything 🚨 “Immediately signed by a second cosigner one second after it was created” That kind of speed is just wild. The admin key was already exposed. ~ @omeragoldberg https://t.co/DpFazTNV4V
Old Multi‑Sig Signer Omitted Themselves, Triggering Drift Confusion
The most confusing detail in the Drift hack… until it clicks 😬 “a signer from the old multi-sig… created it but then… did not add themselves to the new role” That reads like compromised access during migration. ~ @omeragoldberg https://t.co/DpFazTNV4V
Beware: Fake Login Alerts with Password Reset Links
Received an email from X warning you of new or unusual login attempts, with a handy 'change password' link? Beware, it's a slick new phishing attack that can trick even the most vigilant user. I've seen this with other sites...
Admin Keys Threaten DeFi; Implement Circuit Breakers
“Admin key can drain all funds. Otherwise DeFi means nothing.” ⚠️ Every protocol should have circuit breakers, timelocks, and emergency security councils. Sacrifice a bit of UX. Save billions. ~ @omeragoldberg https://t.co/DpFazTNV4V
Attackers Leveraged Signers, Oracles, Fake Tokens, Massive Pools
They didn’t just steal. They manipulated signers, touched oracles, faked tokens, and ran massive pool volumes. 💥 Next-level attack. ~ @omeragoldberg https://t.co/DpFazTNV4V
Web2 Mindset Misses the Mark in Web3
“Wasn’t paranoid enough.” 😬 Top 10 hack, billions in TVL, and the team still got caught off guard. Classic Web2 ops fail in a Web3 world. ~ @omeragoldberg https://t.co/DpFazTNV4V
Solana Hack Spreads Across 20+ Protocols, Proving Contagion
“This hack hit over 20 protocols.” 🔗 Drift wasn’t just a single platform — it spread like wildfire through the Solana ecosystem. Contagion is real. ~ @omeragoldberg https://t.co/DpFazTNV4V
One Compromised Signer Can Collapse Massive TVL
“So much TVL… you’d want to see who’s signing is actually who you think it is.” 🔑 One compromised signer and it’s over. ~ @omeragoldberg https://t.co/DpFazTNV4V
Denuvo Cracked; Zero‑day Releases Now Commonplace
Denuvo has been broken, company promises countermeasures against new DRM bypasses — zero-day game releases become norm as security concerns mount over hypervisor-based bypass https://t.co/TM2KY6ritV
Quantum Computer Capable of Breaking Encryption Nearing Reality
The first quantum computer to break encryption is now shockingly close | New Scientist https://t.co/HsfzVRqn1R
Velma Tops HuggingFace: 98.9% Deepfake Audio Detection
🚨 A startup just hit #1 on @HuggingFace for deepfake audio detection. 98.9% accuracy. 30–1000× cheaper than every competitor. Nobody is talking about this. It's called Velma by @modulate_ai and it changes everything about voice security. https://t.co/XGlxDUoCj2
Hackers Shift Focus From Code to Human Exploits
🚨 JUST IN Solana Foundation president Lily Liu states that hackers are now targeting humans instead of code vulnerabilities. 👀 https://t.co/Wjh2kJ7dTT
Verifying AI Agent Intent Becomes Security Priority
Proofpoint is betting big on Intent in the age of AI agents. At RSA Conference 2026, Proofpoint launched Proofpoint AI Security powered by its recent acquisition of Acuvity. The core idea is simple but powerful. Traditional security tools check permissions - Does...
Pipelines Pose Greater Security Risks Than Ships
Problem is pipelines are much harder to defend, easier to rupture and cyberattack than ships unless you bury everything far underground which is exceedingly difficult.
Could Native Solana Multi‑Sig Have Stopped the Drift Hack?
If Solana had native multi sig addresses, would the Drift hack even have been possible? Actually curious, not trolling.
Anthropic's Code Leak Raises Doubts About Enterprise Security
If Anthropic just leaked their own code (and one of the most valuable pieces of IP on the planet right now)... what makes you think their 'enterprise grade security features' are enough to protect your ideas and data?
US Intelligence Elevates Quantum to AI Threat Level
The U.S. Intelligence Community Just Put Quantum on Equal Footing with AI. And Expanded the Threat Definition https://t.co/BFmWJ9pOmy via @infosec
