Joined April 2014
- Tweets 16,131
- Following 2,026
- Followers 10,789
- Likes 13,381
3,599 Photos and videos
Jun 12
A WhatsApp #E2EE & #OPSEC reminder:
1โฃMetadata is not protected by E2EE; WhatsApp knows phone #, profile name, contacts, groups etc.
2โฃEven with E2EE, the other end can leak ๐คท
E2EE protects content in transit, not endpoints or metadata
CC: @matthew_d_green @thegrugq @RidT
Jun 11
3/ Imagine being the guy that accidentally self-snitches your spyware development ops.
Honestly impressive. I hope the ramen tasted good.
Here's the docket: courtlistener.com/docket/163โฆ
2
11
32
9,121
Jun 12
1
636
Tal Be'ery retweeted
Jun 11
๐ฎPrediction markets are live on @ZenGo - powered by @Polymarket.
๐Predict the 2026 World Football Tournament straight from your phone. โฝ48 nations. 104 matches.
Back your team. Make your call.
#PredictionMarkets #WorldCup #CryptoWallet
โ zengo.com/prediction-marketsโฆ
6
7
23
2,599
Jun 12
Security nightmare, probably
Jun 11
Get paid to wait
The Claude Code spinner might be the most watched line on Earth.
So I turned it into an ad marketplace.
Advertisers bid on it. You keep 50% of the money.
Install the extension โ get cash from ads.
Introducing Kickbacks
1
1
323
Jun 11
Jun 11
Epic OPSEC fail by NSO Group.
@whatsapp recently caught the notorious spyware company hacking across their platform.
(NSO is forbidden from doing this by a US court!)
In their testing, NSO was sending a test image of a soup cup...on a desktop mat with the NSO Group logo.
Making it worse, the image was user-reported to WhatsApp.
Cleanest attribution I've seen in a long time.
647
Jun 11
ืจืง ืืื ืืกืจ ืคื ื ืดืืืืจ ืชืจืืขืด.
ืืืืืื ืืืชื ืฉืืื ืจืืืจ.
ืกื ืื ืืฆืืื ืืืืืจืฃ ืฉื ืื ืืงืก ืืฉืืืื ืขื ืฉืืื๐คฉ
2
283
Jun 11
I was going to write something, but @SwiftOnSecurity said it better: the answer to offensive cyber AI is doubling down on fundamentals.
Containment (= network privileges) is the lever.
@ZeroNetworks' report (FD: I'm an advisor) shows we still have a lot of work ahead of us.
Jun 10
Today we're releasing the ๐๐๐๐ ๐๐๐ญ๐๐ซ๐๐ฅ ๐๐จ๐ฏ๐๐ฆ๐๐ง๐ญ ๐๐ฑ๐ฉ๐จ๐ฌ๐ฎ๐ซ๐ ๐๐๐ฉ๐จ๐ซ๐ญ โ the first benchmark measuring how far breaches actually travel inside live enterprise networks. ๐
As AI accelerates attacker speed and expands the internal attack surface, the data shows how exposed most enterprises already are: 80% of enterprise servers are reachable from anywhere inside your network. 87% accept inbound RDP or SSH from broad internal sources. The blast radius is bigger than most organizations realize โ and most can't even see it.
That's why we built Breach Map. It's a free tool that shows you exactly how far a breach could travel in your environment, before attackers find out first.
Dmitri Alperovitch, Co-Founder of CrowdStrike and current President of Silverado Policy Accelerator, put it best: "The organizations that adapt fastest will shift from perimeter-only thinking to containment: limiting lateral movement, reducing blast radius and ensuring attacks cannot bring down a business."
Read the press release โ businesswire.com/news/home/2โฆ
Get the report โ zeronetworks.com/resource-ceโฆ
Map your blast radius โ zeronetworks.com/resource-ceโฆ
1
2
3
1,052
Jun 11
The original @SwiftOnSecurity tweet
x.com/SwiftOnSecurity/statusโฆ
May 26
With as much detail as I can share, from top down we are taking Mythos/AI acceleration of cyber threats seriously โ by doubling-down on security fundamentals. Sandbagging attack paths using considerable levers of control we already have, w/ AI as our business justification.
1
695
Jun 11
Anyone has experience with setting an organization wide (10s - 100s users) LLM proxy for mainly Claude Code coding agents?
What was your motivation? Can you please share setup / results / insights?
CC: @claudeai
1
1
1
487
Jun 11
Jun 11
โWe saw the dumbest basketball team in the history of civilization. โฆ The San Antonio Spurs helped the New York Knicks win this game.โ
Charles Barkley after the Spurs allowed the largest comeback in NBA Finals history ๐
222
Jun 11
ืืจืืืช ืืจืฉืืช ืืืกืื ืขื ืจืชืืืช ืืื ืืืืืืืช ื AI.
ืื ื ืจืชืื ืืช ืืื ืืืืืืืช ืืืจืืชืืืืงื ืืืืืช ืืืืจื ืืก ืืฉืืืจืื ืืชืืฆืื ืืฉืื ืืื ืืฉืืืจืช ืืืขืืจ ืืื ืืขืกืืงืื, ืืื ืฆืืจื ืืืืฉืช ืืคืกืื. ืืืฆื ืืืื ืคืืืข ืืขืืงืจ ืืฉืืืืช ืืืฉืืช.
ืืฉ ืืื ืืช ืื ืืืืื. ืืืื ืืชืจืื ืืช ืืงืื ืืืืฉืื ืืืืฆืข
@amsterdamski2 @Idaneretz
ืจืฉืืช ืืืกืื ืืฆืื ืคืขืจ ืฉื 20 ืืืืืืจื ืฉืงื ืืื ืืฆืืจืืช ืืื ืืืืืืืื ืืืจืื ืืชืฉืชืืฉ ื-AI ืืืืืงืช 100% ืืืื"ืืืช - ืืืงืื 4% ืืืื
calcal.ist/2p868ke3
@Shlomo_Tei
6
403
Jun 10
Let them eat Fable
Jun 10
Our Anthropic overlords deciding which prompts the peasants are allowed to use.
5
381
Jun 10
(Sadly, I'm not the author, so please refer me to the original poster)
2
331
Jun 10
Jun 10
NEW: malware developers added nuclear & biological weapons text to to their spyware.
Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.
Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky.
When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.
We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.
In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.
H/T to colleagues that shared this with me socket.dev/blog/mini-shai-huโฆ
3
354
Tal Be'ery retweeted
Jun 9
๐ "It not only produced a full chain exploit, but produced eight distinctย exploits, at a cost of $15,700 in API creditsโan average of about $2,000 per privilege escalation. The binding constraint to N-days is now just a few thousand dollars and API access, which expands the pool of capable N-day attackers dramatically."
Jun 8
red.anthropic.com/2026/n-dayโฆ
Very nice
3
15
102
21,248
Jun 9
Jun 8
Iโm sorry if people have been having a go at you because of my tweet. Not at all the plan. I was very slightly drunk and already upset about something that had nothing to do with you. If itโs any comfort, I got it in the neck too. Iโm a thin-skinned twat, apparently, even though it wasnโt my skin. I was sticking up for the writers who I adored. Obviously I shouldnโt have cited Bach/Kahlo/Moore - asking for trouble - and would have done better to go for the 10,000 blues songs written around the same 12 bar chord structure. Iโve listened to most of them and will keep doing so. Because we love what we love.
1
380
Jun 8
ืืขืื ืื ืฉืื ืืฉ ืฉืื ืืขืืืช ืขื ืืืชืจ ืฉื ืื ืง ืืืืื? (ืฉืืืืืช ืืืืจืืช, ืืืจืื ืื ืขืืืืื)
283
Jun 8
Never deleting this app.
Jun 7
Thanks for your critique, Janet. We actually tried a couple of episodes where House (Hugh Laurie) (please put the brackets in the right place) gets it right first time, but they were only 6 minutes long. NBC werenโt happy. Then we tried some where House never gets it right and the patient dies. The audience wasnโt happy.
One could apply your trenchant analysis to other art forms: JS Bach wrote 30 Goldberg variations on the same chord structure; Frida Kahlo painted 50 portraits of herself; Henry Moore, what??
The point is, or was, variations on a theme; if all you see is hospital, medical blah blah, then it wasnโt meant for you.
Nonetheless, I look forward to your first novel!
1
2
431
Jun 7
A possible reply:
"A talk is not a security boundary.
I'm using automation to respond to MSRC"
1
630