To my black family, friends, and people seeing this: I love you You matter I'm here for you #BlackLivesMatter

I cannot overstate how powerful codex is for cybersecurity work. I'd encourage all defenders to sign up for Trusted Access for Cyber (chatgpt.com/cyber) and give it a shot for their workflows. If orgs are slow to get TAC approvals, please reach out to me.

Probably shouldn’t have hyped the hype machine of world catastrophe which mythos is not.

Checkout all the great talks from this year's event. I'm obviously quite fond of my talk with @PyroTek3 but @rootsecdev also does a fantastic job walking though some modern token attacks.

Huge! Some amazing talks here !! Check them out

Talks from @TrustedSec's invite-only conference #SmileyCon are now available on YouTube. Enjoy!

Bitkocker exploits go brrrr Nothing is safe, everything is vulnerable ;) (that’s not true but it sounds like a cool marketing line) Not tested this but I’m sure many will. Just woke up! Need tea 🫖 #bitlocker #microsoft #windows #exploits github.com/MSNightmare/Great…

Do you want to meet new friends, learn cool things and have fun in @defcon? Then sign-up to volunteer in our village. Use the form below. forms.gle/2s8t8tc3qS8mFKK18

want to see how much HTTPS is in use? transparencyreport.google.co…

🔥 The InfoSec World 2026 agenda is live! Explore the sessions, discover the speakers, and build a schedule tailored to your goals. ⏰ Register now to save: bit.ly/4cXS9yK #InfoSecWorld #CRAevents

x% of y = y% of x So, in order to calculate a percentage in your head, it might be easier to turn it around. What is 4% of 50? It's the same as 50% of 4.

Now that we've identified the blind spot, here's how to fix it. In Part 2 of our two-part series, @Carlos_Perez delivers a phase-based implementation guide to hardening Microsoft #Intune across 11 critical controls. Read it now! hubs.la/Q04l3yQk0

Attackers were able to query customer tables 😳 As a reminder, these tables can contain, employee information, asset information, vulnerability asset information, HR cases, security operations, vendor information.

I'm seeing from virtually every enterprise customer that they are being tasked with two things: 1. All in on AI - every aspect of the business, right now every organization, every team, every function of the business. 2. How they will reduce 20-30% in their budgets using AI. 3. Build enterprise solutions that solve business problems without relying on SaaS providers. How little do they know that this increases demand, work, and complexity as well as adding substantial cost for AI token usage. Someone flagged me where I was speaking (non cybersecurity) and said "How do I reduce 20% of my budget, while adding monumental complexity, workload, and unproven technologies that aren't defined on what they would accomplish at the same time?" Welcome to our lives in cybersecurity the past 20 years.

New Veeam vulnerability exposes backup servers to RCE attacks bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

I tire of this. The word is "users". Normal end-users. And I don't blame them for doing so. If orgs want to improve security: block browser password storage at the policy level, invest in a password manager, and train end users how to use it. People don't respond well to shame (even if implicit), but they do to knowledge and encouragement. Dumb take, Proton.

Keep going family!!

If you have the ability, Mike and Angela are amazing humans going through a very difficult time and could use your help. Praying for their family during this difficult time ❤️🙏

How dead is Active Directory? According to NAIC census data as of December 2024, there were about 1.5 million businesses in the US with 10 employees. Even with conservative estimates, the amount of businesses that STILL have AD is not insignificant. Active Directory is alive and well and continues to be a major infrastructure component for many, many organizations. That means that Active Directory will continue to be attacked. That also means that learning to defend Active Directory will continue to be important.

According to naic census data as of December 2024 there’s ~1.5M businesses of 10 employees in the US. 86% of businesses (surveyed by Microsoft) have some form of workload that depends on AD. Long live Active Directory ✌️

‼️🚨 BREAKING: ServiceNow has been breached. Customers are reporting unauthorised access to their instances. One customer states their security team reported this vulnerability to them, and they closed the case twice, saying they had already known since the 7th of April.