They raise some interesting points. More details would be welcomed, however I maintain that at least in this instance, if their assertions are to be believed the lack of novel exploits and use of open source tools means that standard security practices would've been sufficient to protect the targets
November 16, 2025 at 4:29 PM
They raise some interesting points. More details would be welcomed, however I maintain that at least in this instance, if their assertions are to be believed the lack of novel exploits and use of open source tools means that standard security practices would've been sufficient to protect the targets
I plan to retire at the end of January. This week, I signed up for social security benefits and all the necessary Medicare plans. Plus I cleaned my house top to bottom. As a reward, I bought myself a lovely set of pans. Cooking tools are my dream gifts. I hope you get your pressure cooker.
November 16, 2025 at 4:08 PM
I plan to retire at the end of January. This week, I signed up for social security benefits and all the necessary Medicare plans. Plus I cleaned my house top to bottom. As a reward, I bought myself a lovely set of pans. Cooking tools are my dream gifts. I hope you get your pressure cooker.
The specialists didn’t disappear. Of course not.
They moved — into PR firms, media, security services, and eventually into the digital world and into the West.
Same worldview and now with new tools.
They moved — into PR firms, media, security services, and eventually into the digital world and into the West.
Same worldview and now with new tools.
November 16, 2025 at 3:41 PM
The specialists didn’t disappear. Of course not.
They moved — into PR firms, media, security services, and eventually into the digital world and into the West.
Same worldview and now with new tools.
They moved — into PR firms, media, security services, and eventually into the digital world and into the West.
Same worldview and now with new tools.
"I Found These Sensitive Corporate Docs Online in Seconds Using This Search Prompt"
https://uk.pcmag.com/security/161223/i-found-these-sensitive-corporate-docs-online-in-seconds-using-this-search-prompt
More than 40% of employees share sensitive company information with AI tools, including […]
https://uk.pcmag.com/security/161223/i-found-these-sensitive-corporate-docs-online-in-seconds-using-this-search-prompt
More than 40% of employees share sensitive company information with AI tools, including […]
Original post on mastodon.scot
mastodon.scot
November 16, 2025 at 3:29 PM
"I Found These Sensitive Corporate Docs Online in Seconds Using This Search Prompt"
https://uk.pcmag.com/security/161223/i-found-these-sensitive-corporate-docs-online-in-seconds-using-this-search-prompt
More than 40% of employees share sensitive company information with AI tools, including […]
https://uk.pcmag.com/security/161223/i-found-these-sensitive-corporate-docs-online-in-seconds-using-this-search-prompt
More than 40% of employees share sensitive company information with AI tools, including […]
Leadership simplified:
Hire good people.
Give them the tools to succeed.
Provide them the security to take calculated risks.
Get out of their way.
Let go of over-controlling.
Trust them to do their job.
Hire good people.
Give them the tools to succeed.
Provide them the security to take calculated risks.
Get out of their way.
Let go of over-controlling.
Trust them to do their job.
November 16, 2025 at 2:38 PM
Leadership simplified:
Hire good people.
Give them the tools to succeed.
Provide them the security to take calculated risks.
Get out of their way.
Let go of over-controlling.
Trust them to do their job.
Hire good people.
Give them the tools to succeed.
Provide them the security to take calculated risks.
Get out of their way.
Let go of over-controlling.
Trust them to do their job.
It's concerning to see such vulnerabilities coming to light, especially with AI agent tokens at stake. This highlights the importance of regular security audits and updates for development tools like YouTrack. Let's hope JetBrains addresses this swiftly to protect users.
November 16, 2025 at 1:12 PM
It's concerning to see such vulnerabilities coming to light, especially with AI agent tokens at stake. This highlights the importance of regular security audits and updates for development tools like YouTrack. Let's hope JetBrains addresses this swiftly to protect users.
"vibe coding" is absolute trash…allowing those without any knowledge of security requirements build applications that don't conform to standards and practices almost ensures a breach of your company's assets. It's like handing a loaded weapon to a toddler.
November 16, 2025 at 12:59 PM
"vibe coding" is absolute trash…allowing those without any knowledge of security requirements build applications that don't conform to standards and practices almost ensures a breach of your company's assets. It's like handing a loaded weapon to a toddler.
5 Must-Have Threat Hunting Tools You Should Consider in 2024 https://www.businesstechweekly.com/cybersecurity/network-security/5-must-have-threat-hunting-tools/
5 Must-Have Threat Hunting Tools You Should Consider in 2024
Discover the top 5 threat hunting tools for 2024, expertly curated to enhance your cybersecurity strategy and stay ahead of threats.
www.businesstechweekly.com
November 16, 2025 at 11:14 AM
5 Must-Have Threat Hunting Tools You Should Consider in 2024 https://www.businesstechweekly.com/cybersecurity/network-security/5-must-have-threat-hunting-tools/
Employees are quietly becoming their own IT department by using unauthorised generative AI tools, boosting productivity but risking security. Organisations must develop governed frameworks to harness AI's potential while managing risks.
The Invisible Workforce: When Employees Become Their Own IT Department
Every morning across corporate offices worldwide, a familiar digital routine unfolds. Company email, check. Slack, check. Salesforce, c...
smarterarticles.co.uk
November 16, 2025 at 11:00 AM
Employees are quietly becoming their own IT department by using unauthorised generative AI tools, boosting productivity but risking security. Organisations must develop governed frameworks to harness AI's potential while managing risks.
「hacking week security」に関する記事です: https://www.wired.com/story/major-leak-spills-chinese-hacking-contractor-tools-targets/
A Major Leak Spills a Chinese Hacking Contractor’s Tools and Targets
Plus: State-sponsored AI hacking is here, Google hosts a CBP face recognition app, and more of the week’s top security news.
www.wired.com
November 16, 2025 at 10:34 AM
「hacking week security」に関する記事です: https://www.wired.com/story/major-leak-spills-chinese-hacking-contractor-tools-targets/
November 16, 2025 at 9:59 AM
Check out the dozens of AI and other digital security tools on the Journalist's Toolbox:
Journalist'sToolbox.AI: Digital security | safety
Look at journalism's future, not its past.
journaliststoolbox.ai
November 16, 2025 at 9:02 AM
Check out the dozens of AI and other digital security tools on the Journalist's Toolbox:
The Active Directory Privilege Escalation Masterclass: How PowerUp Exposes Critical Windows Misconfigurations
Introduction: In the realm of cybersecurity, offensive security tools are invaluable for defenders to understand their own vulnerabilities. PowerUp, a renowned PowerShell script part of…
Introduction: In the realm of cybersecurity, offensive security tools are invaluable for defenders to understand their own vulnerabilities. PowerUp, a renowned PowerShell script part of…
The Active Directory Privilege Escalation Masterclass: How PowerUp Exposes Critical Windows Misconfigurations
Introduction: In the realm of cybersecurity, offensive security tools are invaluable for defenders to understand their own vulnerabilities. PowerUp, a renowned PowerShell script part of the PowerSploit framework, is designed to identify common misconfigurations on Windows systems that could lead to privilege escalation. Successfully executing this script, as demonstrated in a recent penetration testing engagement, reveals the stark reality of how seemingly minor oversights can grant attackers domain admin-level access, compromising an entire corporate network.
undercodetesting.com
November 16, 2025 at 8:32 AM
The Active Directory Privilege Escalation Masterclass: How PowerUp Exposes Critical Windows Misconfigurations
Introduction: In the realm of cybersecurity, offensive security tools are invaluable for defenders to understand their own vulnerabilities. PowerUp, a renowned PowerShell script part of…
Introduction: In the realm of cybersecurity, offensive security tools are invaluable for defenders to understand their own vulnerabilities. PowerUp, a renowned PowerShell script part of…
Users highlighted tools like security header scanners and TLS verifiers, but cautioned against blindly implementing security headers. Context is crucial; a "secure" setting for one site might break another. #WebSecurity 2/6
November 16, 2025 at 8:00 AM
Users highlighted tools like security header scanners and TLS verifiers, but cautioned against blindly implementing security headers. Context is crucial; a "secure" setting for one site might break another. #WebSecurity 2/6
Hacker News debated Mozilla's SSL Config Generator, exploring alternative tools, the "SSL" vs "TLS" terminology, and the intricate complexities of secure configurations. Key insights emerged on balancing security with compatibility. #HackerNews 1/6
November 16, 2025 at 8:00 AM
Hacker News debated Mozilla's SSL Config Generator, exploring alternative tools, the "SSL" vs "TLS" terminology, and the intricate complexities of secure configurations. Key insights emerged on balancing security with compatibility. #HackerNews 1/6
Only the state can set society's goals, mobilise idle resources, and tax to free capacity for essential work. Keynes used these tools to direct the British war economies. We can use them now for housing, care, education, climate transition and energy security.
November 16, 2025 at 7:41 AM
Only the state can set society's goals, mobilise idle resources, and tax to free capacity for essential work. Keynes used these tools to direct the British war economies. We can use them now for housing, care, education, climate transition and energy security.
I admit that there are various skill levels out there but look at the number of online security tools, AI programs, fact checking programs, etc. How can most of the industry not know? Facial recognition programs can be defeated and yet people are told that it is impossible.
November 16, 2025 at 5:37 AM
I admit that there are various skill levels out there but look at the number of online security tools, AI programs, fact checking programs, etc. How can most of the industry not know? Facial recognition programs can be defeated and yet people are told that it is impossible.
Security News This Week: A Major Leak Spills a my ex-wife's Hacking Contractor’s Tools and Targets - WIRED
November 16, 2025 at 4:42 AM
Security News This Week: A Major Leak Spills a my ex-wife's Hacking Contractor’s Tools and Targets - WIRED
From Student Project to Security Nightmare: The Hidden Vulnerabilities in Your React Frontend
Introduction: The modern web development landscape, dominated by frameworks like React and build tools like Vite, empowers developers to create stunning applications with unprecedented speed. However,…
Introduction: The modern web development landscape, dominated by frameworks like React and build tools like Vite, empowers developers to create stunning applications with unprecedented speed. However,…
From Student Project to Security Nightmare: The Hidden Vulnerabilities in Your React Frontend
Introduction: The modern web development landscape, dominated by frameworks like React and build tools like Vite, empowers developers to create stunning applications with unprecedented speed. However, this velocity often comes at the cost of security, turning a seemingly innocent student portfolio project into a potential attack vector. Understanding the security posture of your frontend code is no longer optional; it is a fundamental requirement for full-stack resilience.
undercodetesting.com
November 16, 2025 at 12:04 AM
From Student Project to Security Nightmare: The Hidden Vulnerabilities in Your React Frontend
Introduction: The modern web development landscape, dominated by frameworks like React and build tools like Vite, empowers developers to create stunning applications with unprecedented speed. However,…
Introduction: The modern web development landscape, dominated by frameworks like React and build tools like Vite, empowers developers to create stunning applications with unprecedented speed. However,…
3️⃣ Establish a process for requesting new tools: Employees will continue to find new apps. Create a safe, efficient path for approval.
✅ Action: Create a lightweight, time-bound review process. This gives teams a path to get tools approved quickly and helps security teams stay ahead of demand.
✅ Action: Create a lightweight, time-bound review process. This gives teams a path to get tools approved quickly and helps security teams stay ahead of demand.
November 15, 2025 at 9:02 PM
3️⃣ Establish a process for requesting new tools: Employees will continue to find new apps. Create a safe, efficient path for approval.
✅ Action: Create a lightweight, time-bound review process. This gives teams a path to get tools approved quickly and helps security teams stay ahead of demand.
✅ Action: Create a lightweight, time-bound review process. This gives teams a path to get tools approved quickly and helps security teams stay ahead of demand.
Shadow AI is the unmanaged adoption of generative AI tools by employees, often without IT approval. While the goal is efficiency, this creates security blind spots, risking data leakage, regulatory noncompliance, and attack surface expansion.
Here are 3 essential steps for responsible AI use👇
Here are 3 essential steps for responsible AI use👇
November 15, 2025 at 9:02 PM
Shadow AI is the unmanaged adoption of generative AI tools by employees, often without IT approval. While the goal is efficiency, this creates security blind spots, risking data leakage, regulatory noncompliance, and attack surface expansion.
Here are 3 essential steps for responsible AI use👇
Here are 3 essential steps for responsible AI use👇
I saw some people talking about moving away from KeepassXC because of AI written code - at this point, AI code is in almost everything (of any complexity), including security tools.
If anyone thinks that they can avoid AI generated code, they are in for a surprise.
If anyone thinks that they can avoid AI generated code, they are in for a surprise.
November 15, 2025 at 8:59 PM
I saw some people talking about moving away from KeepassXC because of AI written code - at this point, AI code is in almost everything (of any complexity), including security tools.
If anyone thinks that they can avoid AI generated code, they are in for a surprise.
If anyone thinks that they can avoid AI generated code, they are in for a surprise.
I’m excited to share one of the most overlooked tools for long-term retirement security — housing wealth.
Join us Wednesday’s Webinar — 12 PM CST!
Register Today: Linktree.com/PearlLewis
Join us Wednesday’s Webinar — 12 PM CST!
Register Today: Linktree.com/PearlLewis
November 15, 2025 at 8:53 PM
I’m excited to share one of the most overlooked tools for long-term retirement security — housing wealth.
Join us Wednesday’s Webinar — 12 PM CST!
Register Today: Linktree.com/PearlLewis
Join us Wednesday’s Webinar — 12 PM CST!
Register Today: Linktree.com/PearlLewis
MADKING Exposed: The AWS Persistence Tool Red-Teams Use and Blue-Teams Fear
Introduction: Cloud security faces a new frontier of threats with the emergence of advanced penetration testing tools like MADKING. This proof-of-concept platform, built on serverless frameworks and techniques popularized…
Introduction: Cloud security faces a new frontier of threats with the emergence of advanced penetration testing tools like MADKING. This proof-of-concept platform, built on serverless frameworks and techniques popularized…
MADKING Exposed: The AWS Persistence Tool Red-Teams Use and Blue-Teams Fear
Introduction: Cloud security faces a new frontier of threats with the emergence of advanced penetration testing tools like MADKING. This proof-of-concept platform, built on serverless frameworks and techniques popularized by researcher Daniel Grzelak, demonstrates sophisticated methods for achieving persistent, nearly undetectable access within Amazon Web Services (AWS) environments. Understanding its mechanics is no longer optional for cybersecurity professionals tasked with defending modern cloud infrastructure.
undercodetesting.com
November 15, 2025 at 8:47 PM
MADKING Exposed: The AWS Persistence Tool Red-Teams Use and Blue-Teams Fear
Introduction: Cloud security faces a new frontier of threats with the emergence of advanced penetration testing tools like MADKING. This proof-of-concept platform, built on serverless frameworks and techniques popularized…
Introduction: Cloud security faces a new frontier of threats with the emergence of advanced penetration testing tools like MADKING. This proof-of-concept platform, built on serverless frameworks and techniques popularized…
Testing Your Secure API
Tools like Postman or cURL help validate API routes and responses.
Always test with both valid and invalid requests to ensure your security rules work as expected.
> 🧠 Test like an attacker, not just a user.
Tools like Postman or cURL help validate API routes and responses.
Always test with both valid and invalid requests to ensure your security rules work as expected.
> 🧠 Test like an attacker, not just a user.
November 15, 2025 at 8:01 PM
Testing Your Secure API
Tools like Postman or cURL help validate API routes and responses.
Always test with both valid and invalid requests to ensure your security rules work as expected.
> 🧠 Test like an attacker, not just a user.
Tools like Postman or cURL help validate API routes and responses.
Always test with both valid and invalid requests to ensure your security rules work as expected.
> 🧠 Test like an attacker, not just a user.