This is how you make an AI Ransomware Worm YouTube video by Truffle Security

Here's my bsidessf talk on using LLM's to self replicate and ransome the planet:

youtu.be/s4RKXTC8iuM

Bsides works really hard, and they're all volunteers, I didn't mean to tease them too hard here

🔥 You can now add TruffleHog to Burp Suite!

🌐 Install it directly from the BApp Store
🔍Scan web traffic for live, verified credentials—active & exploitable

Because secrets don’t just leak in code… 😬

🔗 trufflesecurity.com/blog/introdu...

Removing Jeff Bezos From My Bed ◆ Truffle Security Co. Eight Sleep smart bed found to contain an exposed AWS key and a likely backdoor that allowed engineers to remotely access users' beds

The privacy concerns I have around the Eightsleep have kept me from buying one, the security concerns make me want to warn people about buying one:

trufflesecurity.com/blog/removin...

NEW: security researchers found what they say appears to be a backdoor into Eight Sleep beds, which could allow company engineers to SSH into any bed

in theory, they could see if you're home or not, if you're sleeping alone or with someone

in today's newsletter for @bloomberg.com

Agent Zuck takes you out to a stake dinner and offers to plug you into the oculus, which perfectly simulates the year 1999.

All you have to do is hand over the codes to Zion.

🐷 Under the Hood of TruffleHog!

⚡ Part 1 of 2: How Aho-Corasick + CPU optimizations deliver 11-17% faster scans with precomputed keyword matching. 🚀

👉 trufflesecurity.com/blog/under-t...

Millions Of Sign-In-With-Google Users Warned Of Data-Theft Vulnerability A security vulnerability in the “Sign In With Google” OAuth authentication process could allow attackers to access sensitive data from millions of accounts.

Forbes and Arstechnica ran a story on my research, neat! www.forbes.com/sites/daveyw...

I wrote a blog about my shmoocon talk, check it out 👇

I spoke at Shmoocon today and linked my Twitter and Blue Sky.

It led to:
+ 5 Twitter follows
+ 19 Blue Sky follows

Vigilante Justice on GitHub. 🦇🦸

Here's how to spray painting on other fraudster's GitHub Activity Graph.

trufflesecurity.com/blog/vigilan...

🚨 10% of SaaS platforms mishandle GitHub OAuth tokens, opening potential backdoors into corporate accounts. 😱

⚠️ Extends to Azure, Slack & more—increasing risk with poor token handling.

🛑 The issue isn’t OAuth; it’s how platforms secure tokens.

👉 trufflesecurity.com/blog/mishand...

Hey Fidelity,

Now that CCP is literally in our phone networks-

Can you please stop making your customers rawdog their passwords over touch tone?

Thanks.

Look up "Altoona Pizza", I can't even

My Shmoocon talk got accepted!

I've never spoken at Shmoocon before, but I have been submitting every year for a while.

If you're wondering what it takes to get accepted at a conference the answer is a lot of rejection first.

Truffle Security is posting on Blue Sky now??

I found an AWS key inside one of my household devices, does anyone want to guess which one?

Cracking Open APK Files at Scale ◆ Truffle Security Co. TruffleHog now automatically decodes Android Package Kit (APK) files and searches them for secrets. It runs ~9x faster than using an external decompiler before calling TruffleHog.

It's no secret Android apps have a lot of passwords and API keys in them.

TruffleHog can now find them, fast: trufflesecurity.com/blog/crackin...

I'll pay $200 bucks for a moxie robot. Seriously.

Announcing Truffle Security’s CFP ◆ Truffle Security Co. Have a security research idea? We’re sponsoring 2 projects a month. Your research will be featured on our blog, you get $1500 and you can still submit your research to conferences.

Truffle Security sponsors security research, in case anyone is tired of the conference loop: trufflesecurity.com/blog/announc...

Technically you can satisfy data breach notification requirements by sending snail mail to those impacted, and never announcing publicly.

How will code gen will change the security landscape?

AI will write code containing vulnerabilities, and humans won't know the first thing about it.

Then they will actively push to not be held accountable to review and fix it.

So do people use this app?

Sometimes you find the shell, sometimes the shell finds you

Hacking on coffee

@twitchyliquid64.bsky.social is enjoying a coffee

Low-level motherboard security keys leaked in MSI breach, claim researchers What can you do if someone steals your keys but you can’t change the lock? We explain the dilemma in plain English.

A few years ago reports came out suggesting the NSA had hardware signing keys and used them to embed hardware level backdoors. Now, with MSI keys leaking, you can make your own nakedsecurity.sophos.com/2023/05/09/low-level-mot...

Okay I'm posting my first.... What is this action? Sky? Am I skying?

Omg is that why I got followers minutes after joining? I was wondering what the deal was...