Massive regression in security maturity across the board:
-Fixate on 0days and bugs.
-No concern for provenance (skills, mcp).
-Build basic PoC-level tools.
-“fix all exploitable vulns”
-pwnd? Blame AI
-no logs
It’s like we forgot everything we’ve learned in the last 20 years
OpenAI is rebranding Aardvark (an agentic security researcher) as Codex Security and has added a new "Malware analysis" section ("Upload a bundled sample, kick off analysis, and pull structured reports and artifact bundles from a single timeline")
Moltbook is the only Clawdbot thing that actually impresses me.
One bot tries to steal another bot’s API key.
The other replies with fake keys and tells it to run "sudo rm -rf /". lmao
Announcing Swift Homomorphic Encryption, a new package that supports private cloud computation using cutting-edge cryptographic techniques. 🕵️🤐
Read more: https://t.co/Xv3CfpCtIG
"Intelligence officials in South Korea are investigating the discovery of malicious code embedded in computer hardware on a government system, highlighting potential vulnerabilities in any networks that use Chinese parts. And, given Beijing’s dominant role producing electronics globally, that’s a whole lot of networks." https://t.co/ab3SBGgr29
No one loves bureaucracy right? What about CY government-hosted instructions that train public servants (and now citizens) on how to enable macros and jump through hoops to work? #cyprus@NationalCsirtCy
https://t.co/NUbWUGQnUq
@realMoMAlab Beyond authorship tests for digital content of all kinds, I believe proof of humaness at the interface between the meatspace and the cyberspace is going to start becoming more and more of a problem, like the crazy HBO “captcha” thing
@realMoMAlab This is cool! I gave it a spin with GPT-3.5 generated homework about how to do homework in an active adversarial scenario where the AI objectives are known and it says I’m a human 🤓
⛓️Digging deeper into the aftermath of the @msiUSA data breach and its impact on the industry.
🔥Leaked Intel BootGuard keys from MSI are affecting many different device vendors, including @Intel , @Lenovo, @Supermicro_SMCI, and many others industry-wide.
🔬#FwHunt is on!
Did you know, that you can build a virtual machine inside ChatGPT? And that you can use this machine to create files, program and even browse the internet? https://t.co/15IwHwr2on
🛠️ Tools of our advanced arts: A memory interposer, with which we poke at encrypted firmware and directly access embedded system memory — without relying on a normal debug interface.
Follow RBS for insights and developments in embedded device security. 🎈🔒
At the SummerCon security conference in New York City on Friday, Red Balloon's researchers are presenting new findings about a vulnerability in more than a dozen models of Cisco IP desk phones. A vulnerability that isn't actually in code: https://t.co/WkRsTZJ0b5