A thoughtful piece by Anthropic on AI-accelerated offense. In my mind, the only sustainable answer to vulnerability management is modern design and shrinking the attack surface. claude.com/blog/preparing-your-secu...
Microsoft dropped another blog with the full social engineering attack chain of the actor responsible for Axios. More interesting though is Socket’s blog about the campaign that resulted in Axios.
www.microsoft.com/en-us/securi...
socket.dev/blog/attacke...
Sanctions-evasion-ception
Sorry busy pretending to be Iranian to try to get hired as a North Korean IT worker pretending to be American.
flare.io/learn/resour...
*don’t sweat it ffs
I have maybe one good take a year. Your posts are ridiculously high quality at ridiculously high volume and I cannot say enough good things about spending the time to mentor junior folks. Thank you for the ACK but sweat it for even a second
There is an underlying lesson about building working relationships, creating the achievement muscle memory, and being there in the moments and hours and weeks that make a difference and then getting recognition for it. Anyone who says that there’s only one path is mistaken.
A lot of things Tay says are gospel but success looks different for different folks and there are a lot of different sizes and types of orgs out there where this does not apply. I am wildly successful working for an old school Fortune 500 and I’ve physically been to an office once ever.
It’s trite but this marks the dawn of a new era of hacking. This is Pandora’s box and we just have to hope that some of the defender benefits outweigh the bad.
These are the technical details of the hack of the government of Mexico using AI. cdn.prod.website-files.com/69944dd945f2...
Yes I had a role in this but that’s not the only reason I’m sharing it haha!
For reference: www.bloomberg.com/news/article...
It’s trite but this marks the dawn of a new era of hacking. This is Pandora’s box and we just have to hope that some of the defender benefits outweigh the bad.
These are the technical details of the hack of the government of Mexico using AI. cdn.prod.website-files.com/69944dd945f2...
60 Minutes Australia has always had some interesting DPRK coverage. This one on fake IT workers is really good. They actually catch a few on the line and talk to them. youtu.be/kIcw6vpmAHI?si=qWDQX...
I'd encourage companies build tabletops around this insider scenario.
Pouring one out for all the open source maintainers dealing with AI slop pull requests, DPRK targeting, malicious worms, tech sector contractions, and the current/impending avalanche of Anthropic vulns.
The same actor got another developer/package albeit one that doesn’t have remotely the same footprint. safedep.io/malicious-np...
-Cybercrime losses passed $20b last year
-Authorities disrupt APT28 router botnet that intercepted email logins
-Iran hacks PLCs across US
-Exploitation hits ComfyUI and Flowise AI servers
-Anthropic unveils 0-day computer God
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS548/
This is an impressive amount of work. Unfortunately, though, with insufficient and inconsistent underlying data and that data was organized in a very strange way leading to some odd framing and conclusions. Wish the author had taken time to bounce some of their ideas off an expert.
I don’t agree with everything in this piece but I wholeheartedly agree that letters of marquee will make things much worse in several different ways.
Wanted to warn the #NodeJS community: This campaign is active. Thank you to the maintainers who shared their stories - some of these came frighteningly close. One got all the way to the fake meeting before walking away. The more we talk about this, the harder it is for these attacks to succeed.
We’re seeing cases where teams can’t explain how they were compromised by the Axios incident because it doesn’t show up in their project's lockfile. The blast radius here is much larger than it looks.
Deep dive into the messy reality of modern dependency resolution → socket.dev/blog/hidden-...
This is officially publicly attributed to Sapphire Sleet / BlueNoroff / TA444 / Stardust Chollima / DangerousPassword / UNC1069 / CageyChameleon. Yes, I know it’s a pile of ridiculous names and yes I know we, the CTI industry, created this mess. Sigh.
cloud.google.com/blog/topics/...
Computer enabled elder abuse, romance scams, and business fraud cause exponentially more harm than all other forms of hacking combined.
More controversially, sophistication in hacking doesn’t matter nearly as much as measures of success / impact.
It’s not a good book and while mobile vulnerabilities exist, they’re expensive, difficult, less reliable, and there are relatively few people creating them compared to vulnerabilities for a lot of other platforms.
foreignpolicy.com/2021/05/03/c...
As a general rule, my philosophy on new technology is broadly summed up as: no.
Slightly less summed as: hellll no.
I tend to be fairly conservative on the hot new whatever, and I'm usually against bandwagons.
[Ed note: Steve works on 30-year-old auth protocols, of course he's like this.]
I am not an expert on router security but this seems completely and utterly insane to me.
If you have an iPhone, today is a good day to make sure you are running the latest software. techcrunch.com/2026/03/23/s...
Aisuru/Kimwolf botnet got disrupted today
SLEUTHCON 2026 is coming! 🐍🐻🌲
Registration is open and our CFP is live!
We're back on June 5th, in-person in Arlington, VA and virtually. CFP closes April 17th + tickets will sell out!
sleuthcon.com
#SLEUTHCON #SLEUTHCON2026 #Cybercrime
