Javvad Malik
@j4vv4d.com
The unholy alliance between information security and cynicism wrapped up in storytelling and videos. www.JavvadMalik.com
Sole founder of Host Unknown
Sole founder of Host Unknown
Reposted by Javvad Malik
Blowing up the scam compound is a new one... Be better if they had done if earlier but better late than never
-Myanmar blows up KK Park scam compound
-Yanluowang ransomware IAB pleads guilty
-US CBO hacked by foreign APT
-Singapore to punish scammers with cane beatings
-Chrome will remove XSLT support for security reasons
Podcast: risky.biz/RBNEWS502/
Newsletter: news.risky.biz/risky-bullet...
-Yanluowang ransomware IAB pleads guilty
-US CBO hacked by foreign APT
-Singapore to punish scammers with cane beatings
-Chrome will remove XSLT support for security reasons
Podcast: risky.biz/RBNEWS502/
Newsletter: news.risky.biz/risky-bullet...
November 10, 2025 at 10:52 AM
Blowing up the scam compound is a new one... Be better if they had done if earlier but better late than never
A great insightful story by @joetidy.bsky.social in an interview with cyber-crime Kingpin Vyacheslav Penchukov
www.bbc.co.uk/news/article...
www.bbc.co.uk/news/article...
Tank interview: A hacking kingpin reveals all to the BBC
One of the world's most prominent cyber-criminals speaks to the BBC in an exclusive interview.
www.bbc.co.uk
November 10, 2025 at 10:36 AM
A great insightful story by @joetidy.bsky.social in an interview with cyber-crime Kingpin Vyacheslav Penchukov
www.bbc.co.uk/news/article...
www.bbc.co.uk/news/article...
Reposted by Javvad Malik
Marks & Spencer pegs #CyberAttack cleanup costs at a staggering £136M, contributing to a massive slump in profits. The true cost of a breach is revealed!
#CyberSecurity #RetailTech
#CyberSecurity #RetailTech
M&S pegs cyber cleanup costs at £136M, profits tumble
: Retailer's tech systems aren’t down anymore, but the same can’t be said for its rocky financials
www.theregister.com
November 6, 2025 at 8:00 AM
Marks & Spencer pegs #CyberAttack cleanup costs at a staggering £136M, contributing to a massive slump in profits. The true cost of a breach is revealed!
#CyberSecurity #RetailTech
#CyberSecurity #RetailTech
Reposted by Javvad Malik
www.theguardian.com/world/2025/n... people now realising that electric cars / busses are always on. I wonder when the 1st major electric car manufacturer gets hacked / has an issue and accidentally disables the whole fleet will be?
Danish authorities in rush to close security loophole in Chinese electric buses
Investigation launched after discovery that Chinese supplier had remote access to vehicles’ control systems
www.theguardian.com
November 6, 2025 at 8:23 AM
www.theguardian.com/world/2025/n... people now realising that electric cars / busses are always on. I wonder when the 1st major electric car manufacturer gets hacked / has an issue and accidentally disables the whole fleet will be?
A CISO’s Guide to Agentic Browser Security. Some interesting points and similar to most AI deployments in that the guardrails will continually evolve and you're not going to get perfection from day 1 (or maybe even day 500)...
api.cyfluencer.com/s/a-ciso-s-g...
api.cyfluencer.com/s/a-ciso-s-g...
A CISO’s Guide to Agentic Browser Security - Noma Security
The CISO's guide to agentic browser security provides the top-six steps for cybersecurity teams to take with the advent of agentic browsers.
api.cyfluencer.com
November 6, 2025 at 9:10 AM
A CISO’s Guide to Agentic Browser Security. Some interesting points and similar to most AI deployments in that the guardrails will continually evolve and you're not going to get perfection from day 1 (or maybe even day 500)...
api.cyfluencer.com/s/a-ciso-s-g...
api.cyfluencer.com/s/a-ciso-s-g...
A nice breakdown of MCP for identity, least privilege, and auditable access between LLM's and external systems.
go.aembit.io/s/what-is-mc...
go.aembit.io/s/what-is-mc...
What is MCP Security: A Complete Introduction MCP Security: A Complete Introduction to Model Context Protocol
AI agents' rise has transformed software, as they make decisions and coordinate tasks. However, their security is often weak due to poor authentication and ad-hoc controls. The Model Context Protocol ...
go.aembit.io
October 27, 2025 at 2:00 PM
A nice breakdown of MCP for identity, least privilege, and auditable access between LLM's and external systems.
go.aembit.io/s/what-is-mc...
go.aembit.io/s/what-is-mc...
The Louvre heist happens every day in the cyber world. The attacks look basic, boring, uninteresting... yet the impact is quite large
cybersec.picussecurity.com/s/the-louvre...
cybersec.picussecurity.com/s/the-louvre...
The Louvre Heist Happens Every Day in Cyber
The Blue Report 2025 reveals why modern data breaches mirror the Louvre heist, exposing how weak controls let attackers steal critical data.
cybersec.picussecurity.com
October 22, 2025 at 1:40 PM
The Louvre heist happens every day in the cyber world. The attacks look basic, boring, uninteresting... yet the impact is quite large
cybersec.picussecurity.com/s/the-louvre...
cybersec.picussecurity.com/s/the-louvre...
Reposted by Javvad Malik
This is an important article highlighting the difference between AI and other injection vulnerabilities.
"..like saying that my house cat and a 650 pound wild tiger are the same because they’re both felines."
api.cyfluencer.com/s/what-s-the...
"..like saying that my house cat and a 650 pound wild tiger are the same because they’re both felines."
api.cyfluencer.com/s/what-s-the...
What’s the Difference Between AI Prompt Injection and XSS Vulnerabilities? - Noma Security
The ForcedLeak AI agent vulnerability raises the question, "What is the difference between AI prompt injection and XXS vulnerabilities?"
api.cyfluencer.com
October 14, 2025 at 11:51 AM
This is an important article highlighting the difference between AI and other injection vulnerabilities.
"..like saying that my house cat and a 650 pound wild tiger are the same because they’re both felines."
api.cyfluencer.com/s/what-s-the...
"..like saying that my house cat and a 650 pound wild tiger are the same because they’re both felines."
api.cyfluencer.com/s/what-s-the...
Red teaming of AI Agents will become an increasingly important discussion point in the near future. As we move towards having more agents pretty much everywhere (whether we want it or not) the gap between human agent interaction being exploited more.
cybersec.pillar.security/s/agentic-ai...
cybersec.pillar.security/s/agentic-ai...
Agentic AI Red Teaming Playbook
Go beyond model scores and blind fuzzing, test your agentic systems against real-world risks.
cybersec.pillar.security
October 13, 2025 at 10:17 AM
Red teaming of AI Agents will become an increasingly important discussion point in the near future. As we move towards having more agents pretty much everywhere (whether we want it or not) the gap between human agent interaction being exploited more.
cybersec.pillar.security/s/agentic-ai...
cybersec.pillar.security/s/agentic-ai...
Some interesting methods disussed in this artible about security AI agents and LLM workflows without secrets.
go.aembit.io/s/securing-a...
go.aembit.io/s/securing-a...
Securing AI Agents and LLM Workflows Without Secrets Securing AI Agents Without Secrets
AI agents still rely on static API keys, leaving them exposed to breaches and prompt injection attacks. Since API keys aren’t true identities, the solution isn’t better secrets management—it’s elimina...
go.aembit.io
October 7, 2025 at 3:48 PM
Some interesting methods disussed in this artible about security AI agents and LLM workflows without secrets.
go.aembit.io/s/securing-a...
go.aembit.io/s/securing-a...
Fridges, AI, and the Hidden Cost of Convenience
There’s an old story about a village that finally got electricity. Everyone bought fridges. A few months later, the elders gathered and suggested the unthinkable… “get rid of them!” Before the fridges, leftover food was shared. No one went to bed…
There’s an old story about a village that finally got electricity. Everyone bought fridges. A few months later, the elders gathered and suggested the unthinkable… “get rid of them!” Before the fridges, leftover food was shared. No one went to bed…
Fridges, AI, and the Hidden Cost of Convenience
There’s an old story about a village that finally got electricity. Everyone bought fridges. A few months later, the elders gathered and suggested the unthinkable… “get rid of them!” Before the fridges, leftover food was shared. No one went to bed hungry. After the fridges, leftovers were hoarded “just in case,” forgotten for days, and then thrown out. The tech solved an individual problem and quietly broke a community system that worked.
javvadmalik.com
September 12, 2025 at 3:33 PM
Fridges, AI, and the Hidden Cost of Convenience
There’s an old story about a village that finally got electricity. Everyone bought fridges. A few months later, the elders gathered and suggested the unthinkable… “get rid of them!” Before the fridges, leftover food was shared. No one went to bed…
There’s an old story about a village that finally got electricity. Everyone bought fridges. A few months later, the elders gathered and suggested the unthinkable… “get rid of them!” Before the fridges, leftover food was shared. No one went to bed…
How the browser became the main cyber battleground
api.cyfluencer.com/s/how-the-br...
api.cyfluencer.com/s/how-the-br...
How the browser became the main cyber battleground
How attacks have moved away from endpoints and internal networks to the browser — a blind spot for traditional security tools.
api.cyfluencer.com
September 11, 2025 at 1:03 PM
How the browser became the main cyber battleground
api.cyfluencer.com/s/how-the-br...
api.cyfluencer.com/s/how-the-br...
Reposted by Javvad Malik
Don't forget our Call for Papers (also Rookies and Workshops) is still open!
Have you got something original and interesting to share, but need somewhere to do it?
➡️ #BSidesLDN2025
More information and to submit your proposal: cfp.bsides.london/bsides-londo...
#Security #BSides #London
Have you got something original and interesting to share, but need somewhere to do it?
➡️ #BSidesLDN2025
More information and to submit your proposal: cfp.bsides.london/bsides-londo...
#Security #BSides #London
August 20, 2025 at 7:36 AM
Don't forget our Call for Papers (also Rookies and Workshops) is still open!
Have you got something original and interesting to share, but need somewhere to do it?
➡️ #BSidesLDN2025
More information and to submit your proposal: cfp.bsides.london/bsides-londo...
#Security #BSides #London
Have you got something original and interesting to share, but need somewhere to do it?
➡️ #BSidesLDN2025
More information and to submit your proposal: cfp.bsides.london/bsides-londo...
#Security #BSides #London
Nice, balanced piece. It shows where AI can help in pen testing and the bits that still need human expertise. Worth a read if you’re looking for a grounded view of “AI as co-pilot, human as pilot” rather than hype.
api.cyfluencer.com/s/will-ai-re...
api.cyfluencer.com/s/will-ai-re...
Will AI replace human pen testers?
Read more to understand the strengths and limitations of AI pen testing compared to human pen testing expertise.
api.cyfluencer.com
August 15, 2025 at 10:09 AM
Nice, balanced piece. It shows where AI can help in pen testing and the bits that still need human expertise. Worth a read if you’re looking for a grounded view of “AI as co-pilot, human as pilot” rather than hype.
api.cyfluencer.com/s/will-ai-re...
api.cyfluencer.com/s/will-ai-re...
Reposted by Javvad Malik
Good news: some of Bluesky’s worst scolds have gathered together in the replies to this great joke so that you can block them all at once.
wow, all it took was one week of restricted access to porn.
August 15, 2025 at 6:29 AM
Good news: some of Bluesky’s worst scolds have gathered together in the replies to this great joke so that you can block them all at once.
An interesting piece on MFA downgrade attacks. The concept is quite straightforward. When users have multiple authentication methods available (say, a passkey and an SMS code), attackers can manipulate the login process to only show the weaker option.
go.j4vv4d.com/0Qv100
go.j4vv4d.com/0Qv100
How attackers are getting around phishing-resistant auth
MFA downgrade attacks are an increasingly common technique used by attackers to bypass phishing-resistant authentication methods registered to an account.
go.j4vv4d.com
July 28, 2025 at 1:01 PM
An interesting piece on MFA downgrade attacks. The concept is quite straightforward. When users have multiple authentication methods available (say, a passkey and an SMS code), attackers can manipulate the login process to only show the weaker option.
go.j4vv4d.com/0Qv100
go.j4vv4d.com/0Qv100
I sometimes kind of miss the old days when the whole community was in one place on Twitter. But then again, I do enjoy not being on social media as much too.
July 25, 2025 at 11:16 AM
I sometimes kind of miss the old days when the whole community was in one place on Twitter. But then again, I do enjoy not being on social media as much too.
Reposted by Javvad Malik
US woman jailed for 8yrs for stealing identities to give North Koreans IT jobs. Christina Chapman admitted to stealing the identities of 68 US citizens, then running a laptop farm from her home to help North Koreans work for 300 separate companies.
www.bbc.co.uk/news/article...
www.bbc.co.uk/news/article...
July 25, 2025 at 8:24 AM
US woman jailed for 8yrs for stealing identities to give North Koreans IT jobs. Christina Chapman admitted to stealing the identities of 68 US citizens, then running a laptop farm from her home to help North Koreans work for 300 separate companies.
www.bbc.co.uk/news/article...
www.bbc.co.uk/news/article...
Reposted by Javvad Malik
Sam Altman telling the Fed he’s worried about AI fraud is like a bear telling the park ranger he’s concerned about all the mauled campers.
In an interview at the Federal Reserve, Sam Altman warns of an impending "fraud crisis" because of how AI could enable bad actors to impersonate other people (Clare Duffy/CNN)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
July 23, 2025 at 5:19 AM
Sam Altman telling the Fed he’s worried about AI fraud is like a bear telling the park ranger he’s concerned about all the mauled campers.
European manufacturing is going through its own digital transformation. Think 'Smart Factory meets Security Nightmare.'
Worth a read if you're in manufacturing or just enjoy a good 'robots meet reality' story.
blog.knowbe4.com/digital-fact...
Worth a read if you're in manufacturing or just enjoy a good 'robots meet reality' story.
blog.knowbe4.com/digital-fact...
Digital Factories, Digital Dangers: Why Manufacturing is a Prime Target for Cyberattacks
Digital connectivity is reshaping European manufacturing, driving both efficiency and innovation.
blog.knowbe4.com
July 21, 2025 at 1:27 PM
European manufacturing is going through its own digital transformation. Think 'Smart Factory meets Security Nightmare.'
Worth a read if you're in manufacturing or just enjoy a good 'robots meet reality' story.
blog.knowbe4.com/digital-fact...
Worth a read if you're in manufacturing or just enjoy a good 'robots meet reality' story.
blog.knowbe4.com/digital-fact...
When your AI chatbot recruiter uses '123456' as a password...
This isn't just about McDonald's - it's about how we're rushing to hand over sensitive data to AI
Worth a read if you're considering AI automation
go.j4vv4d.com/rQ2x8W
This isn't just about McDonald's - it's about how we're rushing to hand over sensitive data to AI
Worth a read if you're considering AI automation
go.j4vv4d.com/rQ2x8W
McDonald's Recent Breach Showcases Need for Vendor AI Assessments
Learn from the McDonald's AI bot breach—explore proactive AI vendor risk assessments and solutions to secure your business from similar threats.
go.j4vv4d.com
July 18, 2025 at 1:46 PM
When your AI chatbot recruiter uses '123456' as a password...
This isn't just about McDonald's - it's about how we're rushing to hand over sensitive data to AI
Worth a read if you're considering AI automation
go.j4vv4d.com/rQ2x8W
This isn't just about McDonald's - it's about how we're rushing to hand over sensitive data to AI
Worth a read if you're considering AI automation
go.j4vv4d.com/rQ2x8W
Reposted by Javvad Malik
July 13, 2025 at 5:39 PM
Reposted by Javvad Malik
I’m in a WhatsApp group for Security Copilot with business execs and pattern for months has been exec joins during pilot kickoff, says Security Copilot is amazing, then comes back a month later and asks if anybody knows how to optimize it, then reappears two months later asking how to justify it 😅
July 10, 2025 at 8:25 PM
I’m in a WhatsApp group for Security Copilot with business execs and pattern for months has been exec joins during pilot kickoff, says Security Copilot is amazing, then comes back a month later and asks if anybody knows how to optimize it, then reappears two months later asking how to justify it 😅