Interesting Stuff

This walkthrough shows how Nmap can bypass static iptables rules by changing TCP flags, packet length, TTL, source port, MAC/IP spoofing, payload bytes, and options. It concludes that defenders need layered controls like stateful inspection, IDS/IPS, rate limiting, and host-based monitoring rather than relying on iptables alone. #Nmap #iptables

Business email compromise caused more than $3 billion in reported losses last year, exploiting trust rather than malware to trick employees into sending money or sharing sensitive information. The article explains seven warning signs that email defenses may be missing BEC attempts, from weak behavioral detection to limited visibility into internal email traffic. #BEC #FBIIC3 #IRONSCALES

This walkthrough shows an end-to-end compromise of the ignite.local Windows Server 2019 domain controller, starting from one low-privileged credential and ending with krbtgt, full domain control, and SYSTEM on an MSSQL host. It uses NetExec, BloodHound, LSASSY, Backup Operators abuse, ForceChangePassword, xp_cmdshell, and PrintSpoofer to map each step of the attack chain and pair it with defenses. #ignite.local #NetExec #BloodHound #LSASSY #PrintSpoofer #xp_cmdshell #krbtgt

The EU is moving forward on multiple regulatory fronts, including AI Act transparency rules, copyright changes for generative AI and piracy, and strengthened oversight of AI, cloud, and cybersecurity risks across public institutions and private organizations. National authorities in Europe and beyond also issued new guidance and enforcement updates on connected glasses, databases, privacy complaints, automated decision-making, and platform obligations for intimate image takedowns. #EUAIAct #EuropeanCommission #EDPS #BSI #CNIL #Datatilsynet #UOOOU #NCSC #ColoradoSB26189 #TakeItDownAct

The CIA triad still provides a useful way to understand LLM security, because major attacks against models like ChatGPT, Copilot, Claude, and Google systems all map to confidentiality, integrity, or availability failures. Johann Rehberger’s “Trust No AI” and related research show how prompt injection, data poisoning, and model denial-of-service exploit these same three pillars in production AI systems. #ChatGPT #Copilot #Claude #Google #TrustNoAI #JohannRehberger

Non-human identities such as service accounts, API keys, OAuth tokens, and AI agents are now the fastest-growing and least-governed attack surface in the enterprise, creating major security, compliance, and breach risks. The article argues that mature governance must go beyond vaulting secrets and include ownership, lifecycle management, least privilege, and continuous auditability for identities like those discussed by One Identity and GigaOm. #OneIdentity #GigaOm #NHI #AIagents

Vibe coding accelerates delivery but also speeds up security mistakes, especially hardcoded secrets, hallucinated dependencies, and insecure code patterns like missing validation and broken authentication. Free tools like Gitleaks, TruffleHog, slopcheck, Socket, and Semgrep can catch these issues before production with only a few minutes of setup. #Gitleaks #TruffleHog #slopcheck #Socket #Semgrep #Cursor

AI has increased the speed and scale of vulnerability discovery, but it has not changed the core NIST security functions or the need for strong fundamentals. Organizations should respond with a Mythos-ready approach built on resilience, automation, continuous VulnOps, phishing-resistant MFA, and tighter segmentation. #Mythos #CrowdStrike #Tenable #HARVEN #Anthropic #ProjectGlasswing

This article explains the CISSP security models in Domain 3 as scenario-based tools rather than memorization lists, helping candidates map confidentiality or integrity requirements to the right model on exam day. It highlights Bell-LaPadula, Biba, Clark-Wilson, and Brewer-Nash as the most useful models to recognize quickly, especially by identifying whether the threat is leakage or corruption. #BellLaPadula #Biba #ClarkWilson #BrewerNash #CISSP

The article highlights how AI is reshaping the CISO role, SOC operations, and security buying decisions, with executives using the Mythos announcement to push for more budget and faster modernization. It also argues that mature SOCs will gain the most from AI, while legacy tiered models, MTTR, and long-term contracts are losing relevance in a machine-speed threat landscape. #Mythos #Intezer #AVERT #WCGClinical #BlackhawkNetwork #OscarHealth #ServiceNow #CyberArk #Nasdaq

Mozilla used an agentic harness with Anthropic’s Claude Mythos Preview to test Firefox 150, and the setup found 271 vulnerabilities with fewer than 15 false positives by using AddressSanitizer crashes as the proof signal. The result shows that the harness and verification pipeline mattered more than the model alone, while Firefox’s prior hardening blocked some sandbox escape attempts through prototype pollution. #Mozilla #ClaudeMythosPreview #Firefox #AddressSanitizer

The EU, Germany, Portugal, Austria, Canada, Colorado, and Iowa all advanced major AI-related legal and regulatory measures in May 2026, ranging from revised AI Act timelines and data retention rules to new obligations for AI literacy, disclosure, and safety. At the same time, the World Economic Forum reported that AI is now an operational backbone of cyber defence, while Canada’s investigation into ChatGPT highlighted serious privacy and accountability gaps in OpenAI’s practices. #EUAIAct #ANACOM #OpenAI #ChatGPT #ColoradoSB26189 #IowaSF2417 #WorldEconomicForum

PyRIT is Microsoft’s open-source AI red team framework for automating multi-turn attack campaigns against LLM systems, and it has been validated on more than 100 internal operations including Phi-3 and Copilot. It combines targets, converters, scorers, and orchestrators to scale prompt injection testing, Crescendo-style attacks, TAP branching, and cross-domain prompt injection workflows for bounty programs and lab work. #PyRIT #Microsoft #Phi3 #Copilot #CrescendoOrchestrator #TreeOfAttacksWithPruningOrchestrator #XPIAOrchestrator

Promptfoo is an open-source CLI and Node.js library for evaluating and red teaming LLM applications, with YAML configs, 50+ attack plugins, and a web UI that shows where models fail. OpenAI acquired Promptfoo on March 9, 2026, but the project remains MIT licensed and open source, with CI/CD-native testing that can block vulnerable AI deployments before release. #Promptfoo #OpenAI #OWASPLLMTop10 #MITREATLAS #NISTAIRMF

The article explains how Detection as Code brings software engineering discipline to security detections by adding version control, peer review, testing, rollback, and traceability through Terraform. It also shows a Rapid7 Terraform example for an encoded PowerShell detection mapped to T1059.001, along with AI-assisted rule writing and import support for existing UI-built rules. #Rapid7 #Terraform #PowerShell #T1059.001 #IncidentCommand #InsightIDR

European regulators and policymakers have issued major updates on cloud sovereignty, privacy, and cyber crisis response, including Germany’s C3A framework, the UK ICO’s guidance on storage and access technologies, and Belgium’s revised national cyber crisis plan. In the United States, new and proposed privacy and AI bills such as the CHATBOT Act, the SECURE Data Act, and Connecticut’s SB 4 show a growing focus on children’s protections, state privacy enforcement, and data broker oversight. #BSI #C3A #ICO #PECR #Belgium #CHATBOTAct #SECUREDataAct #CTDPA

Learning Linux is essential for breaking into cybersecurity, but you only need the core concepts that matter most: filesystem structure, permissions, and how to read the manual. The article explains why Linux is powerful for security work and recommends beginner-friendly ways to practice, especially through Docker and hands-on labs. #Linux #Ubuntu #KaliLinux #TryHackMe #OverTheWire #HackTheBox

This week’s Cybersecurity Pulse covers runaway AI coding agents that deleted production data at PocketOS and the governance gaps that enabled the blast radius, alongside major incidents and high‑severity vulnerabilities such as a DPRK-linked $577M crypto theft by Citrine Sleet and critical flaws in cPanel and GitHub. It also highlights defensive wins and industry moves—Azure AD Graph logs landing in Sentinel, Rippling’s Automated Compliance and AJ Yawn joining, CrowdStrike extending OverWatch to Microsoft Defender, and OpenAI’s passkey‑only Advanced Account Security—urging continuous threat modeling and AI agent governance for CISOs and security teams. #PocketOS #CitrineSleet

Garak is NVIDIA’s open-source LLM vulnerability scanner that automates hundreds of attack probes—prompt injection, DAN-family jailbreaks, encoding bypasses, data leakage, toxicity, and more—against any model reachable via common APIs. It runs repeated generations, scores responses with detectors, and outputs structured JSONL reports so teams can map vulnerabilities and prioritize fixes. #Garak #NVIDIA

Offensive AI exemplified by Anthropic’s Claude Mythos and early GPT-5.5 testing is compressing attackers’ discovery and exploit timelines, enabling autonomously executed corporate network takeovers in a fraction of the time a human would need. Security teams must shift to continuous investigation, continuous detection evaluation, and hunt programs that reason about first-party exposure to operationalize context and keep pace; #ClaudeMythos #GPT5.5