Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think The new AI model is being heralded—and feared—as a hacker’s superweapon. Experts say its arrival is a wake-up call for developers who have long made security an afterthought.

Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think #cybersecurity #hacking #news #infosec #security #technology #privacy

SQL statements are just one-shot prompts from the 70s

I’ve completely switched from feeling a little twinge when reaching my Claude session limit to increasingly anxious that I’m not going quickly enough to get shut off and am leaving cycles on the table

On the long road to agentic systems, MCP tools are a well-lit highway rest stop, almost universally needed but still maybe not where you wanna linger too long

It’s funny to me that LLMs can perform better when given better English, when the reason many folks use LLMs is to minimize or eliminate the exercise of good writing

Agentic AI = nobody uses your web/mobile apps except when there is no other choice, which puts those UI assets in the same category as fax machines and paper contracts

Hard to admit but my #1 superpower is actually having failed so much, in so many different ways, and at different levels of scale, that I can sense failure in teams in real time as a physical sensation, the way dogs start barking before an earthquake

So much of “prompt engineering” is what we used to just call “being a good manager” and you might not really grok that without having managed a midsize team at some point in your career

I believe my marketing/events team would recognize this as my writing process

apidays New York 2025 - API Management for Surfing the Next Innovation Waves: GenAI and Open Banking | May 14 & 15, 2025 May 14 & 15, 2025 - API Management for Surfing the Next Innovation Waves: GenAI and Open Banking | AI's potential hinges on effective API management. Apidays NYC explores this critical connection, sho...

We're going to #apidays NYC! 🎉 Our VP of Eng.,
@robfromboulder.bsky.social, will be speaking there, as well. 🗣️

See us in NYC May 14-15 to talk #APIsecurity, #SIEM, & more. Or just to hang & get #Graylog swag! 🤝🎁

www.apidays.global/new-york/ #APIs #cybersecurity #API #APIdaysNY #Graylog

Why API Discovery Is Critical to Security API discovery is critical to an organization's security posture because shadow and deprecated APIs are unmanaged risks that attackers can take advantage of.

Unmanaged #APIs create #security blindspots. 🕶️ 😧 And, as orgs build out their application ecosystems, the number of APIs integrated into IT environments expands — which can easily overwhelm security teams. ↕️ 👀 😵

Enter... API discovery.💥 Learn more.👇

graylog.org/post/why-api... #cybersecurity

Table 1: Top 15 Routinely Exploited Vulnerabilities in 2023

- SQL injection
- Code injection
- Command injection

Fact: ORMs aren't a magic bullet for SQL injection. Misusing the API or vulnerabilities in the library itself can still cause problems.

I've seen it already with TypeORM and with Sequelize.

How To Approach API Security Amid Increasing Automated Attack Sophistication In 2025, security teams must prioritize API monitoring, threat detection, and protection against both automated and traditional attacks to safeguard sensitive data.

#APIsecurity incidents were at an all time high in 2024. 🙀

With increasing #cyberattacks driven by #AI & automation, #security teams must have a strategy that emphasizes monitoring firewalls, gateways, etc. but also works towards detecting API data exfiltration.

www.itprotoday.com/vulnerabilit...

omg 🤦🏻‍♂️

The obvious question is whether this would actually be enforced…but imho establishing a federal standard of care for privacy is worth it either way

Syslog Protocol: A Reference Guide Follow this guide Syslog Protocol: A Reference Guide and you will have enough information to understand the differences and nuances of Syslog.

Need a reference guide for the Syslog protocol? 📑 We've got you covered! 🙌

#Syslog is a logging protocol that is supported across many applications as well as hardware, and despite having been developed in the 1980s is still a very common format in use today. graylog.org/post/syslog-... #cybersec

Watch and wait and enjoy sports and hope that a national moment of realization obtains, gotcha

Just today have seen multiple phishing attempts offering “help” accessing frozen government funds and benefits

This is a really big deal about protecting critical infrastructure.

If any adversary takes down your water supply, you got a problem.

#CyberCivilDefense #take9

Everyday we're all for-real under threat of cyber attacks, that's seriously scary.

Good news is there’s something we can all do to thwart these dangers.

Here's a start: just pause and #Take9 seconds before you click, download, or share.

Follow @pausetake9 for more!

#CyberCivilDefense

Using Data Pipelines for Security Telemetry Data pipelines automate the collection, transformation, and delivery processes to make data usable for analytics and visualization.

Not all orgs need heavy-hitting data pipeline management tools.🏋‍ Complex tools create extra work & require more skills. Simple ones won't give you the data you need. You need the “just right” tool.

Learn more about data pipelines & their benefits for security telemetry. graylog.org/post/using-d...

CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises A top federal cybersecurity official said that threat hunters from CISA first discovered activity from Salt Typhoon on federal networks.

CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises

It's been an awesome few days at the #Graylog company-wide get together in Charleston, SC. 🎉 One highlight was our awards ceremony where we honored some particularly impactful team members.👏

Congrats on some amazing achievements & TY for being such great roll models! 🏆 #cybersecurity #infosec

Biden signs 11th-hour cybersecurity executive order Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

Is Biden's 11th-hour EO on cybersecurity DOA?

"Given the timing right before a change in the administration, I can't help but think it's a bit of a Hail Mary designed to include everything possible and just see what sticks."

Why Patching Isn’t the Ultimate Goal in Cybersecurity Patching critical systems is always the fix for eliminating vulnerabilities. Or Is it? A focus on what matters and the priorities is best.

Hi #infosec, I wrote a blog about patching prioritization. CVE scores weren't meant to be the gold standard. Context from your runtime activity is an essential ingredient. And for those systems that cant/wont be patched, you need monitoring in place. graylog.org/post/why-pat...

These are the cybersecurity stories we were jealous of in 2024 | TechCrunch The very best work from our friends at competing publications.

I love the annual tradition of @lorenzofb.bsky.social @zackwhittaker.bsky.social and @carlypage.bsky.social highlighting the best cybersecurity stories (and, in quite a few cases, thorough investigations) that other people wrote techcrunch.com/2024/12/24/t...