Awful to see Jorgenson crash like that. Gutted for him, I hope it's not as bad as it looked. #AGR26

Our evaluation of Claude Mythos Preview’s cyber capabilities | AISI Work We conducted cyber evaluations of Anthropic’s Claude Mythos Preview and found continued improvement in capture-the-flag (CTF) challenges and significant improvement on multi-step cyber-attack simulati...

This paper represents a small but deeply impressive and genuinely important achievement by the much maligned British state in what is probably the most important global issue of our era.

Hear me out ( 🧵) 1/

www.aisi.gov.uk/blog/our-eva...

I'm live with the @huntress.com folks for Tradecraft Tuesday on axios and DPRK if you want to hang out:

events.zoom.us/ejl/AnrTlSR3...

WOUT!!

Ok on a serious note, it cannot be exaggerated how bad formalized Iranian control of the Strait is for the world. The entire global economy rests on an American guarantee of free commercial shipping. That guarantee is gone. We don’t know exactly what will happen but none of it will be good.

prt-scan: AI-Powered GitHub Actions Supply Chain Attack | Wiz Blog Wiz Research traces six waves of pull_request_target exploitation to one actor, starting three weeks before public disclosure. 500+ malicious PRs, 10% success.

🚨 500+ malicious PRs. One campaign.

Wiz Research traced 6 waves of prt-scan starting 3 weeks earlier.
AI-powered, automated attacks exploiting pull_request_target.

Low success rate—but real npm + cloud creds hit.

Full story: www.wiz.io/blog/six-acc...

NEW: @wired.com has ID’d a number of the masked paramilitary agents in the exceedingly violent unit surrounding Greg Bovino that formed the leading edge of the invading force the federal government sent to Chicago last fall; @awinston.bsky.social and @regret.bsky.social have the story.

North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt | CNN Politics Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts sa...

North Korea is good at supply-chain attacks: www.cnn.com/2026/03/31/p...

Do you like these pictures I took

🐺🐺🐺

Let’s go Huskies.

U.S. foreign policy has been captured by dorks obsessed with the movie 300 and the only way to fix it is to put in power dorks obsessed with the movie Master and Commander.

LiteLLM TeamPCP Supply Chain Attack: Malicious PyPI Packages | Wiz Blog TeamPCP compromises LiteLLM, distributing malicious PyPI versions 1.82.7 and 1.82.8, using .pth files for stealthy persistence and data exfiltration.

Our write-up of the LiteLLM supply chain compromise earlier today. Tactics remain the same (with a new exfil domain), but they keep coming.

Another One: KICS GitHub Action compromised by TeamPCP

A few new TTPs here, will have more updates later today:

www.wiz.io/blog/teampcp...

I keep seeing this framing like Bremmer's. It is wrong. Instead:
1. Iran was developing an ICBM when Khamenei imposed a 2,000-km range limit.
3. The programs shifted to space launch.
4. Khamenei lifted the restriction in October 2025 after the June attacks.
5. Now he's dead, and here we are.

The affected version has been revoked, but if it ran in your environment, you need to assume that any secrets in that location are compromised and look for the persistence mechanism.

Trivy Compromised by "TeamPCP" | Wiz Blog Breaking down the March 2026 Trivy supply chain attack. TeamPCP compromised trivy + trivy-action & setup-trivy GitHub Actions, deploying credential stealers.

💣Supply Chain attack affecting the Trivy scanner. 💣

Last night a malicious version (0.69.4) was published. This version steals credentials, cryptocurrency and keys from affected machines and installs a small python script for persistence.

www.wiz.io/blog/trivy-c...

I’ve been critical of Iran’s pre-war deterrence practices, but this seems like a reasonable intra-war deterrence success.

Get your tickets (and CFPs) now! This conference is always a great time and you learn a lot.

Me in slack:

Pretty funny to work for an entity that can be abbreviated as BOFA and badly fall for a blatantly obvious trick

Kaspersky recently produced a podcast on Operation Triangulation, basically a story of the investigation

Things that I haven't seen mentioned elsewhere:
— Triangulation malware existed for >10 years
— Some technical details similar to the Equation Group

www.youtube.com/watch?v=j4pC...

A 1999 assessment by DoD OGC briefly mentions a draft treaty on information warfare that circulated on the Internet in 1995. Does anyone have any idea what it was or where on the Internet it could have been circulated?

(Source: nsarchive.gwu.edu/document/214...)

reading "Bombing to Win" on the subway and shaking my head to show everyone I'm against bombing to win

I also have two affiliations with US universities in a similar situation, but it is somehow with the US Department of Defense.

While some cyber attacks from Iran might increase, keep in mind that many Iranian hackers face Internet shutdowns, instability caused by U.S./Israeli strikes, etc. So they won't be very active

Note this from a recent F6 report on Persian ransomware www.f6.ru/blog/c77l-ra...

The C.I.A. Helped Pinpoint a Gathering of Iranian Leaders. Then Israel Struck.

It's interesting how we keep seeing major publications getting reporting on successful high-stakes CIA operations and intelligence soon after they happen.

The Court, IEEPA, and the Legislative Veto We're all trying to find the guy who did this

My take on Learning Resources v. Trump: the elephant in the room in Chadha and the legislative veto.

fivepoints.mattglassman.net/p/the-court-...