Robert Auger
@robertauger.bsky.social
25 years Appsec,PurpleTeam,Web Application Security Consortium(WASC) cofounder,Baythreat Organizer,Ex-PayPal/eBay/Box/Workday/Coinbase infosec. http://Sectemplates.com | https://www.cgisecurity.com/ | https://github.com/securitytemplates/sectemplates
Reposted by Robert Auger
Future of CVE Program in limbo as CISA, board members debate path forward
Future of CVE Program in limbo as CISA, board members debate path forward
Last week, CISA released two documents explaining their plans for the CVE Program — a critical cybersecurity resource used globally to catalog thousands of software and hardware bugs.
therecord.media
September 19, 2025 at 8:23 PM
Future of CVE Program in limbo as CISA, board members debate path forward
At defcon today if anyone wants to chat
August 9, 2025 at 10:14 PM
At defcon today if anyone wants to chat
About 75% done with a new pack for Sectemplates.com focusing on appsec 'Security Partnerships'. How many of you have leveraged such as program and how did it go for you?
March 9, 2025 at 7:18 AM
About 75% done with a new pack for Sectemplates.com focusing on appsec 'Security Partnerships'. How many of you have leveraged such as program and how did it go for you?
I wonder how long it will take for AI interfaces into your brain to
1. read your ‘database’ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or ‘ram’ to aid with tasks
5-10 years?
1. read your ‘database’ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or ‘ram’ to aid with tasks
5-10 years?
March 7, 2025 at 9:01 PM
I wonder how long it will take for AI interfaces into your brain to
1. read your ‘database’ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or ‘ram’ to aid with tasks
5-10 years?
1. read your ‘database’ of memories to help with memory recovery
2. Read your thoughts on current tasks and help you optimize it
3. Write access to your memory or ‘ram’ to aid with tasks
5-10 years?
I have a bunch of solid security domain names I'm thinking of finally selling. What would be the best way to sell them to security vendors?
March 1, 2025 at 5:43 AM
I have a bunch of solid security domain names I'm thinking of finally selling. What would be the best way to sell them to security vendors?
Random rant: If security teams understood how to represent their work as dollar savings, how much more funding and support they'd receive?
February 28, 2025 at 7:08 AM
Random rant: If security teams understood how to represent their work as dollar savings, how much more funding and support they'd receive?
Announcement - Incident Response Program Pack v1.5
This release is to provide you with everything you need to establish a functioning security incident response program at your company.
Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...
This release is to provide you with everything you need to establish a functioning security incident response program at your company.
Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...
February 17, 2025 at 11:45 PM
Announcement - Incident Response Program Pack v1.5
This release is to provide you with everything you need to establish a functioning security incident response program at your company.
Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...
This release is to provide you with everything you need to establish a functioning security incident response program at your company.
Announcement: www.sectemplates.com/2025/02/anno...
GitHub: github.com/securitytemp...
I need to spend more time here, Twitter is just political yelling and screaming
February 9, 2025 at 5:35 AM
I need to spend more time here, Twitter is just political yelling and screaming
Reposted by Robert Auger
Stealing Accesses tokens from Cloud Functions in GCP
Stealing Accesses tokens from Cloud Functions in GCP
How Attackers Leverage Serverless Functions to Escalate Privileges and Move Laterally
infosecwriteups.com
February 8, 2025 at 8:32 AM
Stealing Accesses tokens from Cloud Functions in GCP
I imagine people using botnets to train AI models in the near future.
January 29, 2025 at 7:48 AM
I imagine people using botnets to train AI models in the near future.
Chinese AI models will be cheaper at the cost of censoring certain topics and people will eat it up... Ask it about Tank man or Xi and you'll see some obvious examples. www.wsj.com/tech/ai/chin...
Silicon Valley Is Raving About a Made-in-China AI Model
DeepSeek is called “amazing and impressive” despite working with less-advanced chips.
www.wsj.com
January 26, 2025 at 11:32 PM
Chinese AI models will be cheaper at the cost of censoring certain topics and people will eat it up... Ask it about Tank man or Xi and you'll see some obvious examples. www.wsj.com/tech/ai/chin...
Feels like the future for automating exploitation is training llms and using agents to perform these attacks. Agree? Disagree?
January 24, 2025 at 8:11 PM
Feels like the future for automating exploitation is training llms and using agents to perform these attacks. Agree? Disagree?
Reposted by Robert Auger
BREAKING: Chinese hackers accessed Yellen's computer in US Treasury breach, per Bloomberg.
January 17, 2025 at 1:25 AM
BREAKING: Chinese hackers accessed Yellen's computer in US Treasury breach, per Bloomberg.
Reposted by Robert Auger
Hacking campaign compromised at least 16 Chrome browser extensions
Hacking campaign compromised at least 16 Chrome browser extensions
Threat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users.
securityaffairs.com
December 31, 2024 at 5:12 PM
Hacking campaign compromised at least 16 Chrome browser extensions
I'm pleased to announce the latest SecTemplates.com release, External Penetration Testing Program Pack v1.1.
Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...
Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...
December 28, 2024 at 12:12 AM
I'm pleased to announce the latest SecTemplates.com release, External Penetration Testing Program Pack v1.1.
Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...
Announcement: www.sectemplates.com/2024/12/anno...
GitHub: github.com/securitytemp...
This is a good idea, however I doubt that this code on average is getting proper security testing/updates. As a result there may be a surge in agencies adopting vulnerable code and increasing their attack surface fedscoop.com/agencies-mus...
Bill requiring US agencies to share custom source code with each other becomes law
President Joe Biden signed the bipartisan legislation into law Dec. 23.
fedscoop.com
December 27, 2024 at 10:53 PM
This is a good idea, however I doubt that this code on average is getting proper security testing/updates. As a result there may be a surge in agencies adopting vulnerable code and increasing their attack surface fedscoop.com/agencies-mus...
Reposted by Robert Auger
An attacker successfully phished a Cyberhaven employee.
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign
An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension
www.vulnu.com
December 27, 2024 at 3:20 AM
An attacker successfully phished a Cyberhaven employee.
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
You know what one of the best uses for #AI is going to be that nobody is talking about? When you're arguing with an internet stranger about a point and you need to find facts to 'teach them', you can ask the AI to summarize the best sources and paste it back. Soon arguing will be automated. ;)
December 17, 2024 at 7:22 AM
You know what one of the best uses for #AI is going to be that nobody is talking about? When you're arguing with an internet stranger about a point and you need to find facts to 'teach them', you can ask the AI to summarize the best sources and paste it back. Soon arguing will be automated. ;)
These Jersey drones are worrying. Feeling more and more like they are searching for something that has the possibility of a very negative outcome. #drones
December 15, 2024 at 12:05 AM
These Jersey drones are worrying. Feeling more and more like they are searching for something that has the possibility of a very negative outcome. #drones
Is there a known pattern for training LLMs with tenant specific data, that allows for solid separation to avoid cross tenant exposure?
December 12, 2024 at 9:54 PM
Is there a known pattern for training LLMs with tenant specific data, that allows for solid separation to avoid cross tenant exposure?
Reposted by Robert Auger
The only good Christmas song youtu.be/OR07r0ZMFb8?...
RUN DMC - Christmas In Hollis (Official HD Video)
YouTube video by RUNDMCVEVO
youtu.be
December 9, 2024 at 8:10 PM
The only good Christmas song youtu.be/OR07r0ZMFb8?...
Reposted by Robert Auger
We've witnessed a significant lack of OSINT nerds discussing the Brian Thompson assassination.
This could be your moment to ChatGPT your way to over 10,000 likes by armchair experting gun ballistics, criminal psychology, and healthcare policy
This could be your moment to ChatGPT your way to over 10,000 likes by armchair experting gun ballistics, criminal psychology, and healthcare policy
December 7, 2024 at 11:23 PM
We've witnessed a significant lack of OSINT nerds discussing the Brian Thompson assassination.
This could be your moment to ChatGPT your way to over 10,000 likes by armchair experting gun ballistics, criminal psychology, and healthcare policy
This could be your moment to ChatGPT your way to over 10,000 likes by armchair experting gun ballistics, criminal psychology, and healthcare policy
A lot of people in tech need to listen to this, especially the parts where he calls out common flaws of intelligent people. www.youtube.com/watch?v=C3fy...
Jordan Peterson: Advice for Hyper-Intellectual People
YouTube video by PhilosophyInsights
www.youtube.com
December 7, 2024 at 7:06 AM
A lot of people in tech need to listen to this, especially the parts where he calls out common flaws of intelligent people. www.youtube.com/watch?v=C3fy...