Announcement for my new side project! ------------------------------------------------------- SecTemplates.com - Release #1: Security incident response program pack 1.0 Introduction I've worked in the security industry for over 20 years and, during this time, have built and shaped many security programs. At every company I join, I find myself recreating or developing security programs from scratch. My peers have been in a similar position, and the more people I speak with at smaller companies, the more obvious it becomes that there isn't a single location where people can download ready-to-go security programs entirely for free. There's a lot of content online, but it can be difficult to find and challenging to find something simple to start with. I created SecTemplates as a side project to provide baseline programs for smaller security teams without direct expertise in building such programs. Security incident response release pack 1.0 I'm pleased to announce our first release, the Incident Response Program Pack. The goal of this release is to provide you with everything you need to establish a functioning security incident response program at your company. In this pack, we cover Definitions: This document introduces sample terminology and roles during an incident, the various stakeholders who may need to be involved in supporting an incident, and sample incident severity rankings. Preparation Checklist: This checklist provides every step required to research, pilot, test, and roll out a functioning incident response program. Runbook: This runbook outlines the process a security team can use to ensure the right steps are followed during an incident, in a consistent manner. Process workflow: We provide a diagram outlining the steps to follow during an incident. Document Templates: Usable templates for tracking an incident and performing postmortems after one has concluded. Metrics: Starting metrics to measure an incident response program. Announcement: sectemplates.com/2024/06/ann… Download on GitHub: github.com/securitytemplates… About SecTemplates To provide simplified, free, and usable open-source templates to enable engineering and smaller security teams to bootstrap security capabilities in their organizations. Upcoming releases - Penetration testing release pack 1.0 Our penetration testing release pack will contain everything you need to scope your first pentest, work with a vendor, execute, and get the types of reports you need from an external tester.

COMPUTER SCIENCE ENROLLMENT CRASHES: STUDENT DEMAND FALLS OVER 10% AMID AI DISRUPTION

People who pirate software usually get malware infections. I wonder how soon it will be for people to get backdoored/tampered models in a similar manner. The thing is there is no good way to tell a model has been tampered with minus checking the checksums vs the original.

You better believe it's going down, as will anthropic due to costs.

I was chatting with a colleague, and we started talking about “shift left” security efforts over the past couple of decades. For years, vendors have offered IDE security plugins that scan code and sometimes provide remediation suggestions, but adoption of these tools has never been particularly high. As a result preventing problems in the IDE had limited success. With AI agents, skills, and hooks, the long-running push for “shift left” security has a fresh opportunity to regain momentum. This may be the best chance yet for it to become a reality after decades of limited success and mediocre adoption.

actors so good they convinced an entire generation that coding is cool asf..

Wyoming has a smaller population than the other 49 states combined

HISTORY: The 2002 OpenSSH Trojan, the untold story from the other side: miod.online.fr/software/open…

I wrote about what was actually in that #Fable guardrail bypass research paper, and why it should never have triggered an #AI model export control. We can't export control our way to cyber resilience. So many tshirt ideas. lutasecurity.com/post/the-fa…

One of the best FREE Windows exploit development and security research blogs out there. Kernel pool exploitation. PTE overwrites. HVCI and kernel CFG bypass. XFG internals. Browser type confusion. Kernel shadow stacks. Secure kernel internals. ARM64 Pointer Authentication bypass. ETW and PPL research. Covers everything from ROP fundamentals all the way to cutting edge ARM64 and VBS security research. Still actively publishing in 2026. connormcgarr.github.io/ Author: @33y0re #ExploitDevelopment #WindowsInternals #ReverseEngineering

NEW: Amazon researchers are reportedly behind the jailbreak report that led to the U.S. crackdown on Anthropic’s top models.

Looks promising => eBPF-based tool that records every Linux syscall made by Docker containers and produces per-container allowlists ready to use as seccomp profiles github.com/rimvydascivilis/s…

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

The hype bubble is popping

RSA private keys biased toward 0 bits can be factored by swapping a hard math problem for an easy one: integer factorization becomes polynomial factorization. We found hundreds of real-world keys vulnerable to this. Many traced to a type mismatch in CompleteFTP (now patched): each 32-bit limb got only 8 bits of randomness. We recovered 603 RSA and 74 DSA private keys. blog.trailofbits.com/2026/06…

This is some sort of mass delusion. They literally have no product worth this much

2026

The fastest way to get hacked now is to run npm install. what a time to be alive

This guy is a total badass

Lmfao