Olivia
Online
Matt Johansen
@mattjay
Founder of @vuln_u | Long Island elder emo surviving in ATX | AI and Cybersecurity news from an 18yr industry vet
Join 35k+ subscribers:
Joined June 2008
1.9K Following
45.7K Followers
47.3K Posts
Pinned Tweet
🚨 Exciting thing🚨 I'm getting back to my content creation roots.
I've missed blogging, podcasting, and community engagement from back before I worked for big companies with scary PR teams.
So... I'm launching a newsletter called Vulnerable U. https://t.co/eevYXMY8hB
> Microsoft GitHub repos banned
> "Terms of Service violation"
> ???
> Look inside
> Was compromised
... was Microsoft going to become a victim of a supply chain attack on their own platform via their own product?
🚒More fallout from the Mini Shai-Hulud campaign
49 Microsoft, Azure, and Azure-Samples GitHub repos were removed at 16:00 UTC for Terms of Service violations
This is linked to news this morning that attackers had regained access, after the previous durabletask compromise
@uwu_underground PREACH. TikTok is full of em.
Who to follow
Dave Lewis
@gattaca
@1Password Global Advisory CISO, keynote, breaker of things, dad, creator of (-:|3, OG, raconteur, conflicted, gentleman spy, investor, whisky distillery owner
Jayson E. Street 💙 🤗💛
@jaysonstreet
➡️Hacker - Helper - Human ⬅️ . . . Also Author. Speaker & Scientific Hooligan! A bona fide teachable moment for hire! he/him
Chris Wysopal
@WeldPond
Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @weld.bsky.social @[email protected]
Now I want @HunterBiden to come on my YouTube and talk about how to not get your laptop hacked.
Let’s drive some personal Opsec awareness.
MSRC couldn’t possibly do anything worse this week… oh. Oh ok.
You can just do things
Welp, that happened faster than I predicted. Thought it would be end of 2027, then early 2027, but agentic traffic growing so fast that bots have now passed human traffic online for the first time in the Internet's history. https://t.co/2zX5bHdhsa
Also just slightly surreal seeing that little newsletter I started turn into a brand sponsoring conferences around the world.
I’m giving a keynote tomorrow called “The Commoditization of the Nation State Threat Actor”
It’s going to be a showcase of all the ways exploits that usually only a handful of companies/people had to worry about are becoming more common place.
And my crystal ball says within a few months will be even more common.
If you were watching this talk - what would you want to learn?
this morning i wrote about what i've taken away from my conversations with cybersecurity researchers about cybersecurity and advanced AI.
- the models are good at cybersec and they're going to keep getting better. but early signs don't seem to suggest that there are infinite bugs to find. that seems good!
- zero days are sexy, but they're still not the biggest risk for most firms. the recent wave of boring supply chain attacks has illustrated that quite nicely.
- bug bounty programs are struggling under the weight of Slop Disclosure. the post-AI world is going to need to look quite different for security researchers.
read the full piece here: https://t.co/C3C2kmm7mm
and follow the actual security researchers who came on @MTSlive: @moyix, @ZackKorman and @mattjay
@techspence Yeah and that people are just getting around the prompt injection guardrails. It’s why I’m saying rip it out of production this is insane.
This whole thing is wild. How is it still in production? Rip it out and figure out how to do it right.
https://t.co/x4W8bzadwn
absolutely clown shoes.
insane.
Meta finally restored my Instagram account in their internal database but they updated my accounts password to be my Facebook password (I have distinctly different passwords for every app/platform)
So I could not log in until finally I tried the Facebook password and that worked
So they are botching the restoration of their database too... do they not just have backups from before?
This is insane...
I also needed to turn on 2FA for "Meta Accounts Center" which is an account they set up for me (using my fb password) without telling me, but its treated as a different login and account; yet has linked access to any of my meta accounts... so even though I have 2FA on IG and FB and Threads, if anyone logs in to my "Meta Accounts Center" (which meta set up without telling me) they can access all my accounts linked to it (all my accounts), no 2FA required.
When setting up that 2FA I was told that all my recovery codes had already been used [meaning the would be 2FA recovery codes are likely being leaked as well via meta ai support bot... plaintext]
This is truly unreal. Trillion dollar company...
IG had EXTREME security prior to this... what on earth are they doing, they erased a decades worth of incredible security protocol they had built up like a fortress, did they not even consult a single engineer?
Microsoft trying to find the root cause of all their future security incidents
"You can run OpenClaw inside your company now." Annoucing our work with @Microsoft to bring OpenClaw to the Microsoft and Windows ecosystems. Claws now work securly in the enterprise.
Anyone follow me from Tailscale? Have a content idea I'd love to talk to someone there about.
Over the past few days Microsoft has listened to nobody.
They previously implied they would prosecute those who dropped 0day. The tweet below doesn't reject this.
Indeed, they want researchers to be afraid to drop 0day, so they are never going to say that dropping 0day is legal.
Microsoft values the cybersecurity only when they are in control, when the community follows their rules.
Note that Google's approach is the opposite. Google explicitly states that while dropping 0day is not the ideal, it's legal and allowed.
Microsoft has clearly joined with Oracle in becoming the "bad guys" of cybersecurity.
@vtimd yeah i talked to my buddy who is running the Descent Cyber trip and he said some of the stuff might be a bit below 60 ft and that Nitrox tanks would make me hate my life less by the 4th day of dives. So banged both out.
Been working hard for the last few weeks getting PADI scuba certified. Between the eLearning, classroom, pool, and lake days - I underestimated how much work went into this.
But officially Advanced Open Water certified just in time for Descent Cyber Conference this week where I’ll be one of the keynote speakers.
In between dives down in Grand Cayman I’m going to give a talk I’ve been working on called “The Commoditization of the Nation State Threat Actor” - how things we used to only see out of nation backed hackers are turning common place. Getting in to what AI is really doing to change the game and what is hype/marketing.
If you’re into scuba and security I’d check them out next year, it’s going to be a blast.
@InsiderPhD is it deleted? can't find it.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers