Securely Built
@securelybuilt.bsky.social
Securely Built is on the hunt for insecurity in the world where we can leverage our decades of experience in cyber and engineering to banish insecure technology from whence it came. Find out more at: securelybuilt.com
Attackers are using Gemini to develop a "Thinking Robot" that can adapt and evolve like a living organism and can potentially be used for spying purposes or even to create a data processing agent.
This highlights the potential for AI-powered threats to bypass traditional security measures.
This highlights the potential for AI-powered threats to bypass traditional security measures.
Here's how spies and crooks abuse Gemini AI
: Meanwhile, others tried to social-engineer the chatbot itself
go.theregister.com
November 5, 2025 at 8:40 PM
Attackers are using Gemini to develop a "Thinking Robot" that can adapt and evolve like a living organism and can potentially be used for spying purposes or even to create a data processing agent.
This highlights the potential for AI-powered threats to bypass traditional security measures.
This highlights the potential for AI-powered threats to bypass traditional security measures.
New #book release on #threatmodeling. See link below:
October 31, 2025 at 3:50 PM
New #book release on #threatmodeling. See link below:
October 29, 2025 at 2:32 PM
Unlike traditional AI tools that just process input and give output, agents operate autonomously in an ecosystem.
Read more below for a practical roadmap for what you can actually implement with AI Agents:
securelybuilt.substack.com/p/from-react...
Read more below for a practical roadmap for what you can actually implement with AI Agents:
securelybuilt.substack.com/p/from-react...
From Reactive to Proactive
How AI Agents Are Transforming Security Operations
securelybuilt.substack.com
October 3, 2025 at 7:26 PM
Unlike traditional AI tools that just process input and give output, agents operate autonomously in an ecosystem.
Read more below for a practical roadmap for what you can actually implement with AI Agents:
securelybuilt.substack.com/p/from-react...
Read more below for a practical roadmap for what you can actually implement with AI Agents:
securelybuilt.substack.com/p/from-react...
Saw this on another platform:
"Companies think AI will deliver senior level impact for junior level costs. Which means they will not pay senior salaries nor hire juniors."
Is this yet another pressure on the market or possibly just anecdotal?
"Companies think AI will deliver senior level impact for junior level costs. Which means they will not pay senior salaries nor hire juniors."
Is this yet another pressure on the market or possibly just anecdotal?
October 1, 2025 at 12:28 AM
Saw this on another platform:
"Companies think AI will deliver senior level impact for junior level costs. Which means they will not pay senior salaries nor hire juniors."
Is this yet another pressure on the market or possibly just anecdotal?
"Companies think AI will deliver senior level impact for junior level costs. Which means they will not pay senior salaries nor hire juniors."
Is this yet another pressure on the market or possibly just anecdotal?
Hammer's can be used to build a house....or destroy it.
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns reconbee.com/ai-powered-v...
#AI #ArtificialIntelligence #villagerpentestingtool #PyPI #cyberattack #pentesting #cybersecurity
#AI #ArtificialIntelligence #villagerpentestingtool #PyPI #cyberattack #pentesting #cybersecurity
AI-Powered Villager Pen Testing Tool Hits 11000 PyPI Downloads Amid Abuse Concerns
AI-assisted offensive security solution read more about AI-Powered Villager Pen Testing Tool Hits 11000 PyPI Downloads Amid Abuse Concerns
reconbee.com
September 15, 2025 at 11:19 AM
Hammer's can be used to build a house....or destroy it.
Reposted by Securely Built
Watch out as hackers are using dual-threat attacks combining phishing, Muck Stealer, Info Stealer, ConnectWise RAT, and SimpleHelp RAT to steal data and bypass security.
Read: hackread.com/muck-stealer...
#CyberSecurity #Malware #Phishing #Scam #InfoSec
Read: hackread.com/muck-stealer...
#CyberSecurity #Malware #Phishing #Scam #InfoSec
Muck Stealer Malware Used Alongside Phishing in New Attack Waves
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
September 12, 2025 at 11:17 AM
Watch out as hackers are using dual-threat attacks combining phishing, Muck Stealer, Info Stealer, ConnectWise RAT, and SimpleHelp RAT to steal data and bypass security.
Read: hackread.com/muck-stealer...
#CyberSecurity #Malware #Phishing #Scam #InfoSec
Read: hackread.com/muck-stealer...
#CyberSecurity #Malware #Phishing #Scam #InfoSec
While I'm bummed that Sir David Attenborough didn't narrate this, I'm thrilled to announce that this book has been provided in audio format!
You can use the "laappsec40" code at checkout to get 40%
Learn everything from tooling and pipeline development to setting up a #security program.
#appsec
You can use the "laappsec40" code at checkout to get 40%
Learn everything from tooling and pipeline development to setting up a #security program.
#appsec
September 11, 2025 at 10:50 AM
Reposted by Securely Built
⚠️ Blood center hit by ransomware, data theft confirmed
The New York Blood Center experienced a #ransomware attack in January, where hackers accessed and stolen personal info (names, SSNs, driver IDs, financial data, and clinical records).
#ransomNews #NYBloodCenter #databreach
The New York Blood Center experienced a #ransomware attack in January, where hackers accessed and stolen personal info (names, SSNs, driver IDs, financial data, and clinical records).
#ransomNews #NYBloodCenter #databreach
September 11, 2025 at 10:02 AM
⚠️ Blood center hit by ransomware, data theft confirmed
The New York Blood Center experienced a #ransomware attack in January, where hackers accessed and stolen personal info (names, SSNs, driver IDs, financial data, and clinical records).
#ransomNews #NYBloodCenter #databreach
The New York Blood Center experienced a #ransomware attack in January, where hackers accessed and stolen personal info (names, SSNs, driver IDs, financial data, and clinical records).
#ransomNews #NYBloodCenter #databreach
Feels like a low bar, but we have to start somewhere.
Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says cyberscoop.com/alexei-bulaz...
Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says
The top cyber official at the National Security Council said Tuesday that he’s dismayed by the lag in security technology embedded in critical infrastructure, saying it pales in comparison to the tech...
cyberscoop.com
September 10, 2025 at 10:47 AM
Feels like a low bar, but we have to start somewhere.
Reposted by Securely Built
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure.
Read more in my article on the Exponential-e blog: vhttps://www.exponential-e.com/blog/germany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure
Read more in my article on the Exponential-e blog: vhttps://www.exponential-e.com/blog/germany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure
September 5, 2025 at 2:10 PM
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure.
Read more in my article on the Exponential-e blog: vhttps://www.exponential-e.com/blog/germany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure
Read more in my article on the Exponential-e blog: vhttps://www.exponential-e.com/blog/germany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure
“AI is coming for my job” is a common refrain from many tech workers today.
We’ve all heard that AI is increasingly taking over entry-level and low-skill tech jobs, either fully automating them or augmenting workflows to reduce staffing needs.
So are we all doomed?
#ai #jobs #cybersecurity
We’ve all heard that AI is increasingly taking over entry-level and low-skill tech jobs, either fully automating them or augmenting workflows to reduce staffing needs.
So are we all doomed?
#ai #jobs #cybersecurity
AI Is Taking My Job
How Artificial Intelligence is Reshaping Cybersecurity Careers
open.substack.com
September 5, 2025 at 6:35 PM
“AI is coming for my job” is a common refrain from many tech workers today.
We’ve all heard that AI is increasingly taking over entry-level and low-skill tech jobs, either fully automating them or augmenting workflows to reduce staffing needs.
So are we all doomed?
#ai #jobs #cybersecurity
We’ve all heard that AI is increasingly taking over entry-level and low-skill tech jobs, either fully automating them or augmenting workflows to reduce staffing needs.
So are we all doomed?
#ai #jobs #cybersecurity
And now, for something completely different
🚨 *Scattered Lapsus$ Hunters threaten Google with data leak*
On September 1, 2025, the “Scattered Lapsus$ Hunters” group demanded Google fire two security analysts (one from Threat Intelligence, one from Mandiant), or they’d leak alleged internal data.
#ransomNews #threatactor #infosecintel
On September 1, 2025, the “Scattered Lapsus$ Hunters” group demanded Google fire two security analysts (one from Threat Intelligence, one from Mandiant), or they’d leak alleged internal data.
#ransomNews #threatactor #infosecintel
September 5, 2025 at 12:56 PM
And now, for something completely different
Are we over the hype yet about AI replacing jobs?
Has the reality set in on the actual efficacy and cost (financial and ecological) of AI.
Have the constraints and concerns finally risen to a level where we realize that AI will perhaps not be used to replace all workers?
Has the reality set in on the actual efficacy and cost (financial and ecological) of AI.
Have the constraints and concerns finally risen to a level where we realize that AI will perhaps not be used to replace all workers?
September 3, 2025 at 7:27 PM
Are we over the hype yet about AI replacing jobs?
Has the reality set in on the actual efficacy and cost (financial and ecological) of AI.
Have the constraints and concerns finally risen to a level where we realize that AI will perhaps not be used to replace all workers?
Has the reality set in on the actual efficacy and cost (financial and ecological) of AI.
Have the constraints and concerns finally risen to a level where we realize that AI will perhaps not be used to replace all workers?
Sometimes the devil is in the details:
SquareX Passkeys Pwned attack actually relies on malware to hijack the creation of a new passkey, not to steal existing ones.
This falls outside the FIDO threat model, which assumes a trusted browser/OS environment.
SquareX Passkeys Pwned attack actually relies on malware to hijack the creation of a new passkey, not to steal existing ones.
This falls outside the FIDO threat model, which assumes a trusted browser/OS environment.
I'm here for @dangoodin.bsky.social debunking some wild claims about apparent passkey insecurity made from the Defcon stage, the TL;DR of which is that if your endpoint is compromised, all bets are off arstechnica.com/security/202...
Unpacking Passkeys Pwned: Possibly the most specious research in decades
Researchers take note: When the endpoint is compromised, all bets are off.
arstechnica.com
September 2, 2025 at 11:38 AM
Sometimes the devil is in the details:
SquareX Passkeys Pwned attack actually relies on malware to hijack the creation of a new passkey, not to steal existing ones.
This falls outside the FIDO threat model, which assumes a trusted browser/OS environment.
SquareX Passkeys Pwned attack actually relies on malware to hijack the creation of a new passkey, not to steal existing ones.
This falls outside the FIDO threat model, which assumes a trusted browser/OS environment.
Today's job market.
August 26, 2025 at 11:10 AM
Today's job market.
These attacks are only valid on an attacker created site. Stick to your normal beaten path online and this shouldn't be an issue.
Still a little disheartening that some of the listed pw managers haven't addressed the issue yet.
Still a little disheartening that some of the listed pw managers haven't addressed the issue yet.
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against ...
thehackernews.com
August 25, 2025 at 12:28 PM
These attacks are only valid on an attacker created site. Stick to your normal beaten path online and this shouldn't be an issue.
Still a little disheartening that some of the listed pw managers haven't addressed the issue yet.
Still a little disheartening that some of the listed pw managers haven't addressed the issue yet.
Back-to-school time!
If you have young kids in your friends and family circle pick up a copy of Alicia Connected - The Big Gift that helps parents and kids learn how to stay safe and secure online!
#cybersecurity #privacy #backtoschool
www.amazon.com/gp/product/0...
If you have young kids in your friends and family circle pick up a copy of Alicia Connected - The Big Gift that helps parents and kids learn how to stay safe and secure online!
#cybersecurity #privacy #backtoschool
www.amazon.com/gp/product/0...
The Big Gift (Alicia Connected)
The Big Gift (Alicia Connected) [Fisher, Derek, Burger, Kim, Workman, Heather] on Amazon.com. *FREE* shipping on qualifying offers. The Big Gift (Alicia Connected)
www.amazon.com
August 23, 2025 at 6:10 PM
Back-to-school time!
If you have young kids in your friends and family circle pick up a copy of Alicia Connected - The Big Gift that helps parents and kids learn how to stay safe and secure online!
#cybersecurity #privacy #backtoschool
www.amazon.com/gp/product/0...
If you have young kids in your friends and family circle pick up a copy of Alicia Connected - The Big Gift that helps parents and kids learn how to stay safe and secure online!
#cybersecurity #privacy #backtoschool
www.amazon.com/gp/product/0...
Just finished reading "Nexus" by Yuval Noah Harari. If you're not worried about AI fueled surveillance and how it makes policing more efficient and terrifying for populace....you should be.
This is why we created the Atlas of Surveillance: so journalists and other community members could easily discover what kinds of technology local police are using to spy on them. Kudos to @forwardky.bsky.social for shining a light on it! forwardky.com/are-you-bei...
Are you being watched by your local police?
The “Atlas of Surveillance” has the info – or at least, some of it.
forwardky.com
August 22, 2025 at 11:48 AM
Just finished reading "Nexus" by Yuval Noah Harari. If you're not worried about AI fueled surveillance and how it makes policing more efficient and terrifying for populace....you should be.
Poland has said that its role as a hub for aid to Ukraine makes it a target for Russian cyberattacks and acts of sabotage.
www.reuters.com/en/poland-fo...
www.reuters.com/en/poland-fo...
Poland foiled cyberattack on big city's water supply, deputy PM says
A large Polish city could have had its water supply cut off on Wednesday as a result of a cyberattack, a deputy prime minister said after the intrusion was foiled.
www.reuters.com
August 17, 2025 at 1:15 PM
Poland has said that its role as a hub for aid to Ukraine makes it a target for Russian cyberattacks and acts of sabotage.
www.reuters.com/en/poland-fo...
www.reuters.com/en/poland-fo...
The new school year is upon us and if you have kids in your family you might be wondering how to keep them safe online during this time. Take a look at the Alicia Connected Series that introduces parents and children (6-9 year olds) to staying safer online!
www.amazon.com/dp/B08LDS151M
www.amazon.com/dp/B08LDS151M
Alicia Connected
Visit Amazon's Alicia Connected Page and shop for all Alicia Connected books. Check out pictures, author information, and reviews of Alicia Connected
www.amazon.com
August 11, 2025 at 2:37 PM
The new school year is upon us and if you have kids in your family you might be wondering how to keep them safe online during this time. Take a look at the Alicia Connected Series that introduces parents and children (6-9 year olds) to staying safer online!
www.amazon.com/dp/B08LDS151M
www.amazon.com/dp/B08LDS151M
Reposted by Securely Built
Surveillance tech companies like Flock “are serving their investors first, their customers second and members of the public third,” EFF’s @maassive.bsky.social told @bloomberg.com. “Their primary goal is not to make it safer, it’s to make money.”
Controversial Surveillance Startup Flock Adds AI to Police Tech
Flock Safety said Thursday it will add artificial intelligence to its surveillance products used by US police departments, an update the company said will help make society safer and that privacy advo...
www.bloomberg.com
August 7, 2025 at 8:32 PM
Surveillance tech companies like Flock “are serving their investors first, their customers second and members of the public third,” EFF’s @maassive.bsky.social told @bloomberg.com. “Their primary goal is not to make it safer, it’s to make money.”
At this rate, is the same data being stolen twice?
🔎 Already breached twice in 3 years
McKenzie Health System, a rural Michigan hospital, suffered two massive #databreaches:
- AvosLocker in 2022 (51K+ patients)
- a silent attack in 2025 (54K+ affected)
🔗 read more: www.suspectfile.com/two-data-bre...
#ransomNews #CyberSecurity #Infosec
McKenzie Health System, a rural Michigan hospital, suffered two massive #databreaches:
- AvosLocker in 2022 (51K+ patients)
- a silent attack in 2025 (54K+ affected)
🔗 read more: www.suspectfile.com/two-data-bre...
#ransomNews #CyberSecurity #Infosec
August 8, 2025 at 11:43 AM
At this rate, is the same data being stolen twice?
🚨 3CX supply chain attack was a security matryoshka doll where attackers compromised one vendor to compromise another! Orgs following best practices got hit first. Every npm install invites strangers into your code.
#cybersecurity #oss #supplychain
#cybersecurity #oss #supplychain
Using PaC in the Supply Chain
Holding the chains together with policies
securelybuilt.substack.com
August 6, 2025 at 1:04 PM
🚨 3CX supply chain attack was a security matryoshka doll where attackers compromised one vendor to compromise another! Orgs following best practices got hit first. Every npm install invites strangers into your code.
#cybersecurity #oss #supplychain
#cybersecurity #oss #supplychain
Quick roundup of some of the top stories from last week:
1. Unpatched Flaw in LG Security Cameras
2. #Data Sovereignty & the Cloud Act
3. French Naval Group #Breach via SharePoint
4. Scattered Spider & Youth-Fueled #Hacking Groups
5. #Software #SupplyChain Attacks
#cybersecurity
1. Unpatched Flaw in LG Security Cameras
2. #Data Sovereignty & the Cloud Act
3. French Naval Group #Breach via SharePoint
4. Scattered Spider & Youth-Fueled #Hacking Groups
5. #Software #SupplyChain Attacks
#cybersecurity
Cyber Security Headlines: Week in Review (July 28 - August 1, 2025)
YouTube video by CISO Series
www.youtube.com
August 4, 2025 at 11:28 AM
Quick roundup of some of the top stories from last week:
1. Unpatched Flaw in LG Security Cameras
2. #Data Sovereignty & the Cloud Act
3. French Naval Group #Breach via SharePoint
4. Scattered Spider & Youth-Fueled #Hacking Groups
5. #Software #SupplyChain Attacks
#cybersecurity
1. Unpatched Flaw in LG Security Cameras
2. #Data Sovereignty & the Cloud Act
3. French Naval Group #Breach via SharePoint
4. Scattered Spider & Youth-Fueled #Hacking Groups
5. #Software #SupplyChain Attacks
#cybersecurity