PyRIT is Microsoft’s open-source AI red team framework for automating multi-turn attack campaigns against LLM systems, and it has been validated on more than 100 internal operations including Phi-3 and Copilot. It combines targets, converters, scorers, and orchestrators to scale prompt injection testing, Crescendo-style attacks, TAP branching, and cross-domain prompt injection workflows for bounty programs and lab work. #PyRIT #Microsoft #Phi3 #Copilot #CrescendoOrchestrator #TreeOfAttacksWithPruningOrchestrator #XPIAOrchestrator
Category: Interesting Stuff
Promptfoo is an open-source CLI and Node.js library for evaluating and red teaming LLM applications, with YAML configs, 50+ attack plugins, and a web UI that shows where models fail. OpenAI acquired Promptfoo on March 9, 2026, but the project remains MIT licensed and open source, with CI/CD-native testing that can block vulnerable AI deployments before release. #Promptfoo #OpenAI #OWASPLLMTop10 #MITREATLAS #NISTAIRMF
The article explains how Detection as Code brings software engineering discipline to security detections by adding version control, peer review, testing, rollback, and traceability through Terraform. It also shows a Rapid7 Terraform example for an encoded PowerShell detection mapped to T1059.001, along with AI-assisted rule writing and import support for existing UI-built rules. #Rapid7 #Terraform #PowerShell #T1059.001 #IncidentCommand #InsightIDR
European regulators and policymakers have issued major updates on cloud sovereignty, privacy, and cyber crisis response, including Germany’s C3A framework, the UK ICO’s guidance on storage and access technologies, and Belgium’s revised national cyber crisis plan. In the United States, new and proposed privacy and AI bills such as the CHATBOT Act, the SECURE Data Act, and Connecticut’s SB 4 show a growing focus on children’s protections, state privacy enforcement, and data broker oversight. #BSI #C3A #ICO #PECR #Belgium #CHATBOTAct #SECUREDataAct #CTDPA
Learning Linux is essential for breaking into cybersecurity, but you only need the core concepts that matter most: filesystem structure, permissions, and how to read the manual. The article explains why Linux is powerful for security work and recommends beginner-friendly ways to practice, especially through Docker and hands-on labs. #Linux #Ubuntu #KaliLinux #TryHackMe #OverTheWire #HackTheBox
This week’s Cybersecurity Pulse covers runaway AI coding agents that deleted production data at PocketOS and the governance gaps that enabled the blast radius, alongside major incidents and high‑severity vulnerabilities such as a DPRK-linked $577M crypto theft by Citrine Sleet and critical flaws in cPanel and GitHub. It also highlights defensive wins and industry moves—Azure AD Graph logs landing in Sentinel, Rippling’s Automated Compliance and AJ Yawn joining, CrowdStrike extending OverWatch to Microsoft Defender, and OpenAI’s passkey‑only Advanced Account Security—urging continuous threat modeling and AI agent governance for CISOs and security teams. #PocketOS #CitrineSleet
Garak is NVIDIA’s open-source LLM vulnerability scanner that automates hundreds of attack probes—prompt injection, DAN-family jailbreaks, encoding bypasses, data leakage, toxicity, and more—against any model reachable via common APIs. It runs repeated generations, scores responses with detectors, and outputs structured JSONL reports so teams can map vulnerabilities and prioritize fixes. #Garak #NVIDIA
Offensive AI exemplified by Anthropic’s Claude Mythos and early GPT-5.5 testing is compressing attackers’ discovery and exploit timelines, enabling autonomously executed corporate network takeovers in a fraction of the time a human would need. Security teams must shift to continuous investigation, continuous detection evaluation, and hunt programs that reason about first-party exposure to operationalize context and keep pace; #ClaudeMythos #GPT5.5
Having the right cybersecurity skills won’t get you hired if your resume fails to communicate them clearly. A hiring Cybersecurity Manager explains that four specific resume mistakes routinely push qualified candidates into the reject pile—one of those is a surprising habit that applicants often think makes them look more qualified. #Resume #CybersecurityManager
Anthropic’s Mythos AI has rapidly discovered and enabled exploits for thousands of vulnerabilities across major operating systems and browsers, revealing risk at a scale far beyond current discovery processes. Its combination of fast vulnerability discovery, automated exploit creation, and vulnerability chaining threatens to overwhelm defenders and critical infrastructures unless organizations rapidly adopt AI-driven defensive measures. #Mythos #Anthropic
This article provides an end-to-end Metasploit-based walkthrough showing how an attacker can chain thirteen Active Directory attack phases to escalate from a low-privileged user to full domain compromise on a Windows Server 2019 environment. Each phase includes exact Metasploit commands, module output, and a mapped mitigation playbook that defenders can use to neutralize primitives like certificate template abuse, RBCD, Kerberos ticket forging, and Golden Ticket attacks. #Metasploit #GoldenTicket
Phishing has matured to the point where it can deceive both users and legacy email defenses, often acting as the initial access vector for longer ransomware campaigns that move laterally before triggering disruption. Stopping these attacks requires modern email security that detects malicious intent and a strong BCDR strategy to restore operations without paying attackers. #GoogleDrive #Datto
This article argues that choosing the right cybersecurity career path matters far more than accumulating certifications, and that certifications should support the path, not define it. It recommends practical, path-aligned credentials—like eJPT → PenTest+ → OSCP for offensive roles, Security+ → CySA+ for SOC, cloud-specific certs for cloud roles, CRISC/CISM/CISA for GRC, and CISSP for management—and emphasizes building the skills and experience to back them up. #OSCP #CISSP
Anthropic’s new AI model, Mythos, is changing vulnerability management by identifying security flaws in hours or days and uncovering thousands of sensitive defects across every major operating system and web browser. It can generate precise exploits and chain vulnerabilities at machine speed—making traditional patching windows obsolete and threatening critical infrastructure, so defenders must move to continuous, real-time defenses #Mythos #PowerGrid
This issue of The Cybersecurity Pulse summarizes major supply-chain and data-exfiltration incidents—most notably Lapsus$ dumping a 96GB archive from Checkmarx via credentials stolen in the TeamPCP/Trivy compromise—and covers new AI-driven security tooling and vendor developments from Google, Wiz, and Amazon. It also highlights critical vulnerabilities and breaches, including the Copy Fail Linux LPE, ShinyHunters’ claims on Medtronic and Carnival, and insurer data showing misconfigured MFA as a significant loss driver. #Lapsus #Checkmarx