Our research team at @horizon3ai.bsky.social discovered CVE-2026-28414 an unauthenticated file read vulnerability in Gradio apps running on Windows with Python 3.13+ — and it’s deceptively simple.
www.linkedin.com/feed/update/...
This was inevitable: Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
I remember using Claude Code to scan some source code and it found stuff that other mature, established SAST platforms failed to find.
thehackernews.com/2026/02/anth...
AI coding assistant Cline compromised to create more OpenClaw chaos
www.theregister.com/2026/02/20/o...
Mac users, be careful when you install HomeBrew.
"The attack starts with typosquatted domains that closely mimic the official Homebrew site, including homabrews[.]org and other lookalike hostnames served from shared infrastructure at 5.255.123[.]244. "
gbhackers.com/clickfix-exp...
Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely.
www.bleepingcomputer.com/news/securit...
I've been looking forward to @zephrfish.yxz.red's new course, Malwareless Adversarial Emulation. Just by looking at the course syllabus, I'm confident I'm going to learn a ton and become a better operator. And the price to value is more than reasonable.
The course is at lms.zsec.red
I've been looking forward to @zephrfish.yxz.red's new course, Malwareless Adversarial Emulation. Just by looking at the course syllabus, I'm confident I'm going to learn a ton and become a better operator. And the price to value is more than reasonable.
The course is at lms.zsec.red
I feel like @benjedwards.com has written one of the best explanations of how AI coding agents work. The article breaks it down into easy to understand terms that developers new to agents can really grok.
arstechnica.com/information-...
ALWAYS validate proof-of-concept exploit code before you use it.
"The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities."
www.bleepingcomputer.com/news/securit...
I hate scammers.
What do I do on the weekend? I install Game of Active Directory Ninja Hacker Academy on AWS of course! 😂
I'm running through the install so I can learn more about the range deployment on cloud services. Always be learning something new. @orangecyberdefense.bsky.social
github.com/Orange-Cyber...
Glad to help shine more light on the great work you're doing to help bring affordable security education to folks. ❤️
Always a pleasure. Keep providing great learning materials and making these important tools accessible. It's appreciated.
Black Friday and Cyber Monday deals are out! I review some of them and link to a community GitHub page for you all to get discounts on courses, tools and services!
Deals from
@rastamouse.me, OffSec, EvilGinx, @antisyphontraining.bsky.social
and a whole lot more.
youtu.be/hkJfhM1T5bI
Seeking video camera advice for content creation.
I've gotten back to creating tutorial & teaching videos on YouTube. Currently using a Brio MX but interested in the @elgato Facecam 4K. It looks to offer a lot more software features.
Has anyone used it & can give their thoughts?
After getting a scam email saying someone tried to access my Twitter account, I decided to look into it a little. The first of many new videos to come as I work to share more information with the community.
youtu.be/IFy_96Dg__E?...
The end of an era. For so many people, AOL was the internet.
arstechnica.com/gadgets/2025...
RubyGems & PyPI under attack:
🔸 60 fake RubyGems stole social media logins (275K+ downloads)
🔸 PyPI fakes hijacked crypto staking wallets
Both hide credential-stealing code in legit-looking packages. #CyberAlerts thehackernews.com/2025/08/ruby...
A black-and-white satirical cartoon on a plain white background, depicting the progressive decay of the Apple company logo as it transforms into a silhouette of Donald Trump’s head, symbolizing Apple’s “fall” or moral compromise due to a gift from Tim Cook to Trump that many critics viewed as resembling a bribe to secure tariff exemptions. 2 0 1 Five solid black silhouettes of apples are arranged in a diagonal line descending from top-left to bottom-right, each showing increasing damage as if being eaten or rotting away: the first is the intact Apple logo with a small bite on the right side and a leaf on top; the second has a larger bite; the third is more eroded; the fourth appears partially exploded or flowered open; and the fifth is heavily disintegrated into petal-like fragments that form a caricatured profile of Trump, complete with his distinctive comb-over hairstyle. In the top-right corner, handwritten text reads “The Buffalo News Adam Zyglis Cartoonist /2023/ something,” suggesting a commentary on decline or downfall tied to this controversial gesture—a commemorative glass plaque with a 24k gold base, engraved as a memento of the first US-made Mac Pro, offered amid discussions on trade policies.
Hi @defcon.bsky.social
Picked up this very cool @crowdstrike.com t-shirt for my son and the action figure that goes with it. He’s going to love it.
@crowdstrike.com says they’re seeing threat actors are targeting GenAI workloads to try poison the models. The inherent trust being built as we continue to use AI systems will lead to threat actors becoming an insider threat.
Walking back to my room I passed the Google Cloud Security party at Blackhat and it looked jumping. Almost considered social engineering my way in. 😈😈
Great analysis by @SentinelOne on a threat actor working out of Vietnam to target users in 62 countries.
Starts with a phishing campaign that leads to DLL sideloading of legitimate and signed software, including Office 2013, for persistence.
www.sentinelone.com/labs/ghost-i...
😂😂kerberoasting 4eva amirite @timmedin.bsky.social
Hashcat v7.0.0 released with speed and GPU support improvements
hashcat.net/forum/thread...
theonion.com/trump-still-...
The Onion just straight-up reporting real news, again.
Unfortunately @broadcom.bsky.social still hasn't fixed the VMWare Workstation update server link so be sure to upgrade to 17.6.4 to fix a security issue found at Berlin Pwn2own
www.bleepingcomputer.com/news/securit...
"Wo unto you rich men, that will not give your substance to the poor, for your riches will canker your souls; and this shall be your lamentation in the day of visitation, and of judgment, and of indignation: The harvest is past, the summer is ended, and my soul is not saved!"
