An organization with mature, AI-driven security tooling stalled because ownership disputes and misaligned perceptions of risk prevented decisive action. Reframing technical findings into business impact, benchmarking against peers, and empowering trusted advisors restored accountability and drove remediation. #Sygnia #IsraelNationalCyberDirectorate
Category: Interesting Stuff
Attackers abuse misconfigured Unconstrained Delegation and NTLM reflection/relay to coerce high-value systems into authenticating to attacker-controlled hosts, allowing capture of Kerberos TGTs and escalation from a low-privileged user to full domain compromise without any software zero-day. Effective mitigations include enforcing SMB signing, disabling unconstrained delegation, restricting NTLM, and monitoring Kerberos/DCSync activity. #UnconstrainedDelegation #NTLMRelay
This roundup summarizes recent national and subnational laws and regulatory guidance shaping data, AI, and communications security across Germany, the UK, Poland, multiple U.S. states, and the FCC. Key developments include Germanyās Data Act Implementation (DADG) with BNetzA enforcement, updated ICO ADM guidance, Polandās KRiBSI AI supervision draft, Californiaās Executive Order Nā5ā26 on AI procurement, Utahās SB 73 ageāverification and SEDI initiatives, New Yorkās S8828 frontier model rules, and the FCCās addition of foreignāmade consumer routers to its Covered List. #DADG #ICO
AI coding models frequently insert hardcoded credentials into generated code because they learned “working” patterns from public repositories, which puts secrets into source files, git history, and client-side bundles. Prevent with a fast pre-commit scanner and deep-history verificationāGitleaks blocks commits while TruffleHog scans history and verifies live credentials to prioritize rotation. #Gitleaks #TruffleHog
This article documents multiple Living-off-the-Land techniques for loading a reverse-TCP DLL payload on Windows by abusing signed system binaries and subsystems to evade EDR. It covers msfvenom payload creation, listener setup, MITRE ATT&CK mappings, and practical detection and hardening guidance. #msfvenom #mavinject
This issue of The Cybersecurity Pulse details a massive software supply-chain campaign by TeamPCP that poisoned widely used open-source security and runtime tools, triggering cascading compromises and exposing sensitive data from downstream victims. It also summarizes RSAC 2026ās focus on agentic AIādozens of product launches and large funding roundsāwhile highlighting high-impact incidents like the Mercor breach, Codex command-injection, Handalaās Gmail compromise, and Intoxalockās outage. #TeamPCP #Mercor
Google now allows users to change their primary Gmail username while keeping the underlying account intact and turning the original address into an alias. While convenient, this change could let spammers and phishers bypass personal blocks and resume campaigns unless mitigated by Google’s renaming limits. #Google #Gmail
This article provides a step-by-step technical walkthrough of abusing Kerberos Constrained Delegation (KCD) with Protocol Transition (S4U2Self + S4U2Proxy) in Active Directory to impersonate high-privilege users and access a SQL Server. It demonstrates exploiting a misconfigured service account (kavish) using tools like Impacket and outlines detection strategies and mitigations for defenders. #KerberosConstrainedDelegation #Impacket
The Artemis II mission successfully launched today, marking a major milestone in returning humans to the Moon and showcasing a world-class team’s management of immense risks. Cybersecurity can learn from this achievement by adopting strategic capabilitiesāprediction, prevention, detection, and responseāwith clear objectives, resources, accountability, and continuous feedback to build an enduring defense. #ArtemisII #NASA
![[2/3] Security+ Domains Explained: What to Study (and What to Ignore)](https://substackcdn.com/image/fetch/$s_!kGbq!,w_140,h_140,c_fill,f_auto,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7d28a3af-e2a1-407a-9594-496f056ae4fe_1536x1024.png "[2/3] Security+ Domains Explained: What to Study (and What to Ignore)")
Most candidates fail CompTIA Security+ because they try to cover everything instead of focusing on what actually matters for the exam. This article breaks down the SY0-701 exam into five domains, highlights the core topics to prioritize, and points to Decoded Security resources to help you build a focused four-week study plan. #SY0-701 #CompTIA
Semgrep’s Remediation at Scale report analyzed remediation patterns across 50,000+ repositories in 2025 and found large, category-specific fix-rate gaps between high-performing “leaders” and the rest (“field”). The biggest gaps are in OWASP categories that require architectural changesāespecially Authentication Failures and Cryptographic Failuresāand leaders close more issues by using PR-level scanning, blocking rules, reachability analysis, and a 90-day escalation policy. #Semgrep #OWASPTop10
Vulnerability management has evolved from periodic scanning to a continuous, threat-aware process that prioritizes exploit activity, asset criticality, and real-time detection. Wazuh enables this proactive model by unifying vulnerability visibility, threat intelligence, and telemetry to detect exploitation attempts and validate remediation. #Wazuh #CVE-2025-55182
The Cybersecurity Club hosted a global workshop led by Ross Young to introduce OWASP’s Threat and Safeguard Matrix (TaSM), a practical framework that maps material threats to safeguards aligned with the NIST Cybersecurity Framework. Attendees worked through phishing, ransomware, web application attacks, thirdāparty data loss, and AI dataāleak scenarios involving ChatGPT and Google Gemini to identify coverage gaps, prioritize investments, and explore AI automation from Clear Capabilities. #OWASP #TaSM #RossYoung #ClearCapabilities #ChatGPT #GoogleGemini #NIST
ARC-AGI-3 is an interactive benchmark that drops agents into novel 64×64 grid environments with no instructions, exposing that frontier models score below 1% while humans solve 100% of the tasks. Anthropicās Claude Dispatch ships the ability for a phone to control a live desktop Claude session with full filesystem reach, amplifying prompt-injection risk and highlighting that these models lack the abstract reasoning needed to safely interpret adversarial context. #ARC-AGI-3 #ClaudeDispatch
Darwin Salazar of The Cybersecurity Pulse summarizes RSAC/BSidesSF takeaways on AI security, covering build-vs-buy tradeoffs, MCP-enabled agents, data lakes, and shifting SOC architectures. He highlights rising attack velocity, data security concerns, and recent supply chain compromises that underscore the need for composable, data-aware defenses. #TeamPCP #LiteLLM