Br*an

Users will click, developers will install malicious packages, someone will give up their password. Design security programs with this in mind and plan accordingly.

@JJ19334417 @BarakRavid No. Trump’s pride is going to get more troops and other innocent people killed

@BarakRavid Aren’t they negotiating with the Iranian regime?

🚨A U.S. official told me the Command element of the 82nd airborne division has been directed by the Pentagon to deploy to the Middle East together with an infantry brigade consisting of several thousand troops 🚨This is another significant troops reinforcement in the region ahead of a possible ground operation in Iran

@sentdefender Shameful

U.S. officials have told Axios’ Barak Ravid that the Headquarters of the 82nd Airborne Division, stationed at Ft. Bragg in North Carolina, has been directed by the Pentagon to deploy to the Middle East together with a Brigade Combat Team consisting of several thousand troops, ahead of possible ground operations in Iran.

@CBSNews IGs, GAP, OMB surely wouldn’t allow fraud? Is that what they’re saying?

Congress launches investigation into California hospice fraud, citing millions in taxpayer losses. cbsn.ws/4uNG4mw

@111OneMind @Skint_Eastwood1 Canada

@Skint_Eastwood1 Hey guys, what happened before the video? Does everyone enjoy loud motorcycles ripping through their neighbourhoods?

🚨NEW FULL FOOTAGE of Alan Ritchson (Reacher) in a street fight with his neighbor Ronnie Taylor in Tennessee. It captures exactly what caused Ritchson to snap and beat the crap out of Taylor.

@TrumplicanWINN @Skint_Eastwood1 Trump would disown you if he saw this

You people crack me up, saying he was with his rights? We don’t know how him and his kids were riding up and down that road. Once I heard him say I should have run you over he lost. You people always favor the actor. Why? These are people paid millions of dollars to pretend like there’s somebody else and you fall for it every time.

@Jack_Raines I tuned that crap off so fast for the same reasons

Moved my retirement accounts to Robinhood last year bc of their asset match (like 3% match on all assets or something like that?) But it’s incredibly annoying that you have to scroll past prediction markets (read: sports betting) to see portfolio positions. The forced sports betting is gross.

@supertrucker @grok No CdL if automatic

.@grok does Jay Leno have a CDL?

Turning Threat Intel Into Defense: Detection Rules for MOIS Campaign The FBI warns that Iranian Ministry of Intelligence and Security (MOIS) cyber actors are using Telegram bots as command-and-control infrastructure to deliver malware disguised as legitimate Windows applications, targeting dissidents, journalists, and opposition groups worldwide. This multi‑stage malware enables persistent access, data theft, and exfiltration of files, audio, and video, with groups like Handala Hack and Homeland Justice linked to these campaigns. The FLASH provides indicators of compromise and urges defenders to apply updates, use trusted sources, enable antivirus, and report suspicious activity to the FBI. Source: ic3.gov/CSA/2026/26032… KQL Code: github.com/SlimKQL/Detect… #Cybersecurity #DefenderXDR #MOISCampaign

Microsoft Threat Intelligence has observed threat actors actively experimenting with techniques to bypass or “jailbreak” AI safety controls. By reframing malicious requests, chaining instructions across multiple interactions, and misusing system‑ or developer‑style prompts, threat actors can coerce models into generating restricted content that bypasses built‑in safeguards. These techniques demonstrate how generative AI models are probed, shaped, and redirected to support reconnaissance, malware development, and social engineering while minimizing friction from moderation. AI guardrails have become dynamic surfaces that attackers test and manipulate to sustain operational advantage. As AI becomes more deeply embedded in enterprise workflows, understanding how attackers test and manipulate these guardrails is critical for defenders. Learn more about securing generative AI models on Azure AI Foundry: msft.it/6013Qs5oX

Two free AI security tools every security team should bookmark right now. declawed.io - SecurityScorecard's STRIKE team built this. Live dashboard tracking 390,000+ exposed OpenClaw instances globally, updated every 15 minutes. 243,000+ still live and reachable, 35.4% vulnerable to RCE. Some exposed IPs correlate with infrastructure attributed to nation-state actors including APT28 and Sandworm. radar.protectifyai.com - ShadowAI Radar tracks the broader AI attack surface most people don't know exists. Right now it's showing 1,231 exposed AI endpoints across OpenClaw, Ollama, Open WebUI, Dify, Flowise, and more - plus 720 leaked AI credentials on GitHub, 7.3% with corporate signals. It covers 216 active CVEs across the entire open-source AI tooling ecosystem with exploit status, CISA KEV tracking, and a live feed showing new unauthenticated instances appearing globally in real time. The OpenClaw deep dive alone shows 98.9% of tracked instances have no authentication and 53.5% are vulnerable to remote code execution. declawed.io shows you the OpenClaw exposure. Radar.protectifyai.com shows you the entire AI infrastructure attack surface - endpoints, credentials, CVEs, and supply chain risks in one place. Both free. Both should be on every CISO's screen this week.

A core philosophy of how I think about cybersecurity is resilience You cannot and will not stop everything Design so no ONE thing can take you out

@SenTedCruz Big, stupid, glaring “if” in there. Insanely dumb, even for you

In the next 6 months, we could see new governments in Iran, Venezuela, and Cuba. If we end up with governments in those countries that want to be friends with America, that’d be the biggest geopolitical shift since the fall of the Berlin Wall.

🚨 Think you’ve locked down MCP Server connectors in Copilot Studio? Think again. It actually requires control across two admin centers and that’s where most gaps happen. In this video, I walk through roles, setup, and a full demo to help you get it right. 🎯 What you’ll learn: The roles required (and where people often get stuck) How settings differ between MAC vs PPAC A step-by-step walkthrough A live demo showing how it all comes together 🎥 Watch here: youtu.be/ALoK0EPVDpg Watch 👀 or bookmark 🔖, learn 🧠 and share🥰. #MCP #AI #Governance #EnterpriseAI #CopilotStudio #PowerPlatformn #Microsoft365

The companies I’ve seen do the best job at security and protecting their environments are the ones that are humble and know there is a lot they don’t know…

@Wrightslake @carlquintanilla @GettyImages @CNBC He’s looking at boobs or Facebook from his phone. This isn’t TDS, just basic critical thinking lmao Be serious

@carlquintanilla @GettyImages Yea thats why they are there to roam the airports and look for things suspicious therefore freeing up TSA agents to check passengers. They took over one part of TSA duties. You really have let your TDS get out of hand. You once were a decent reporter @CNBC

Via @GettyImages defector.com/ice-agents-dep…

A threat actor is claiming to sell a major breach of OVHcloud - one of Europe's largest cloud hosting providers. 1.6 million customer records. 5.9 million active websites. Website code, databases, and server configurations. All allegedly for sale on a dark web forum. Unconfirmed. But worth watching closely. Here's why. (Thanks DarkWebinformer for flagging this) If this is real, the claimed attack vector is access through a parent account - meaning administrative-level credentials that gave the attacker visibility across the entire hosting infrastructure, not just one customer. That's the management-plane pattern we've been seeing all month. Cisco FMC. Microsoft Intune. Oracle EBS. Attackers aren't going after individual systems anymore. They're going after the platforms that manage them. Compromise one admin account and you get access to thousands of customers simultaneously. OVHcloud hosts 5.9 million websites. That's 5.9 million potential supply chain entry points. Website code and server configurations aren't just data - they're the keys to understanding how those sites work, what vulnerabilities exist, and how to compromise them downstream. For any organisation hosted on OVHcloud right now: → Rotate admin credentials immediately - don't wait for confirmation → Review access logs for unusual parent-account activity → Audit your server configurations for anything that shouldn't be public → Assume your database connection strings and API keys stored in server configs are compromised The seller hasn't set a minimum price and is offering 30% commission for referrals. That tells you something about the volume - they're trying to move this fast. This is still unconfirmed. But the claimed scope - 1.6M customers, 5.9M sites, full code and database access - would make this one of the largest cloud hosting breaches in European history. Watch this space.

@Ri0t22 @anythingElse92 @BNONews Lmfao

@anythingElse92 @BNONews

JUST IN: Explosion reported at Valero refinery in Port Arthur, Texas. Nearby residents told to shelter in place

@zerohedge How it must have felt to cite bps like a dork instead of 1.75%

The SPX is pricing a 175bps daily move every session from now until June expiry

@JoeShmoedg6q @EODHappyCaptain You must be fun at parties

@EODHappyCaptain Will police officers get purple hearts too now? Firemen? I approve honoring their brave and swift action but not with combat awards.

The Cadets from Old Dominion University who stopped an active shooter, received 8 Meritorious Service Medals. Two of them received Purple Hearts…from the Sergeant Major of the Army and the Secretary of the Army. Absolutely amazing and well deserved.