Mark Davis

@vxunderground The clawdbot thing is especially dangerous for defenders. @CoryKennedy built a cool new tool called declawed.io which paints a vivid picture of this threat (and how big it is) in real time. x.com/corykennedy/st…

The past couple of months I've personally witnessed a few changes in malware that are so significant that it blatantly sticks out. 1. Malware written in more esoteric languages. I've witnessed a shift away from languages like C/C++ to languages that are heavily abstracted, most notably NodeJS with Electron. 2. A MASSIVE shift toward targeting open source solutions. While this isn't new, the past couple of months its been every single day someone is targeting a supply chain via masquerading or directly targeting the open source provider. 3. AI has assisted with the shift in the malware landscape ... toward higher level languages. I've witnessed a spike in multi staged malware using a lot of LOLBIN-like methods. Again, this isn't anything new, but I've witnessed such a dramatic spike I believe it is the result of AI making it much easier to create and use high level languages 4. The introduction of new threat landscapes: Clawdbot (or whatever it's called now). This has resulted in a shift toward MacOS malware which is referencing bulletin point 3. Heavy usage of ClickFix with high level multi staged languages (bash script to Js) 5. AI being used for social engineering. Historically I've seen really crappy malware lures and phishing pages. I suspect AI is helping polish pages and making them look more realistic, possess no typos, use good grammar, etc.

@ayampolskiy Hahaha

Top: “Me at seed stage: ‘We’re going to change the world!’” Bottom: “Me at $150M ARR: ‘Please just update Salesforce correctly.’ 😂

@mmeJen @paulg and he shorts entrepreneurs who actually do

@paulg Ackman makes money through financial manipulation. He creates nothing.

I don't like Bill Ackman or Tucker Carlson, but Carlson is mistaken if he thinks Ackman is a useless person with no actual skills. If a useless person with no actual skills could make as much money as Ackman has, there would be millions of billionaires in America.

@I_Am_Jakoby Nice! As a fellow cyber nerd, I really love mowing the lawn, because it’s a simple thing and once it’s done, you can see how good it looks — and get that sense of satisfaction and feel good about it 🙂

I know this might seem small and kind of dumb But I bought a lawn mower and cut my grass today Its been a while since my house has looked like a home from the outside I've been putting a lot of effort into improving myself and my surroundings lately I know I havent posted as much hacking stuff recently but I've really been needing to work on my mental and I finally am

🌐 Sorry to see some widespread Internet outages impacting the tech ecosystem today. ✅ SecurityScorecard is fully operational — no service disruption, and our platform continues to deliver 99.99% availability. We’re proud to lead from the front when it comes to resilience, reliability, and trust. Transparency matters. That’s why we publicly share our live uptime metrics and the accuracy of our ratings on our Trust Portal: 🔗 securityscorecard.com/trust/ #Trust #CyberResilience #SecurityScorecard #Transparency #Availability #Cybersecurity

The kangaroo doesn’t resonate with me in the US. As a longtime follower and fan of your work , I understand that you are in Australia. But if I get powned, it almost certainly has nothing to do with Australia, so therefore isn’t relatable to me (and maybe other folks also not in Australia).

Working on the @haveibeenpwned challenge coin, are we on the right track? Other side would be much more formal (new logo), what would you like to see?

@TheWho @grok what is this about?

News Flash! Who Backs Zak! He's not being asked to step down from The Who. There have been some communication issues, personal and private on all sides, that needed to be dealt with, and these have been aired happily. Roger and I would like Zak to tighten up his latest evolved drumming style to accommodate our non-orchestral line up and he has readily agreed. I take responsibility for some of the confusion. Our TCT shows at the Royal Albert Hall were a little tricky for me. I thought that four and a half weeks would be enough time to recover completely from having a complete knee replacement. (Why did I ever think I could land on my knees?) Wrong! Maybe we didn’t put enough time into sound checks, giving us problems on stage. The sound in the centre of the stage is always the most difficult to work with. Roger did nothing wrong but fiddle with his in-ear monitors. Zak made a few mistakes and he has apologised. Albeit with a rubber duck drummer. We are a family, this blew up very quickly and got too much oxygen. It’s over. We move forward now with optimism and fire in our bellies. As for Roger, fans can enjoy his forthcoming solo shows with his fabulous drummer, Scott Devours, who it was rumoured might replace Zak in The Who and has always been supportive of the band. I owe Scott an apology for not crushing that rumour before it spread. He has been hurt by this. I promise to buy him a very long drink and give him a hug. Pete Townshend 19 April 2025

@jasonfried @grok no violence or gore

Idea for @grok and X… let me describe what I don’t want to see in my timeline. Simple plain English. “No AI, no politics, no someone telling everyone else that what they do for a living is about to be replaced, no advice from people who haven’t done the thing they’re advising people to do, no multi-post threads with the little 🧵 at the end…”

Sounds right

@AlexHormozi #3 is the key But they have to truly believe in the vision

I dont hire people who say they want “work life balance” for 3 reasons: 1) They won’t be happy with me 2) Other places will hire them 3) I want people who work because they can’t help themselves, not because working harder is a negotiation chip Nothing wrong, just not a fit.

@RGB_Lights Is there a way to watch your testimony?

Looking forward to testifying this morning about the significant, and growing, cyber threat from the CCP.

I’m a big fan of George (enjoy his livestreams and huge respect as an entrepreneur) but this project is a bad idea. As a cyber person (blue team) using deep seek locally is a serious vulnerability, opening up an obvious supply chain attack vector from our biggest APT that we are fighting off every day (and losing).

If you are serious about cost effective LLM at home, how about a 25 tok/s full 8-bit DeepSeek-R1 Box. Dual 16 core EPYC Turin (AVX-512) 768GB RAM (6x Framework/DIGITS) 1152 GB/s (4x Framework/DIGITS) $10,000 Are you buying?

@DarkWebInformer why spend time building a front end like that when you could just use a bootstrap template? I have used this one to build lots of websites quickly, including subnav menus: themeforest.net/item/canvas-th…

I am playing around with the navigation bar, trying to get sub menus showing and "looking" OK. Sub menu links probably won't work. This will eventually save some clicks and show features that shouldn't be buried.

@Jhaddix Are you worried about a possible APT putting a back door in Deepseek that's installed locally? I don't see many cyber people talking about this, but it seems like such an obvious attack vector for a supply chain attack.

I think Salesforce is doing the most innovative work in agentic AI (Marc Benioff is killing it right now) but the cyber world isn't far behind I bet we see these agents being created in 2025: - SOC analyst - supply chain defense analyst The cyber agents will be created by startups and/or established SaaS companies with large data lakes that they can leverage These agents could save lots of money for lots of companies (globally) while helping them become more secure

What are some cool 'agentic startups' solving problems in cyber-security? I saw Twine Security and think it's pretty cool. Are there any others ?

Snowflake CEO Frank Slootman telling the hard truths.

@Sofia_Rani34 Happy birthday!

@DarkWebInformer securityscorecard.readme.io/reference/intr…

❓Any API recommendations or pages that provide statistics in Cybercrime? This can be Ransomware, Breach Count, Threat Actor Breach Count, Attacks by Group, etc. This can be free or paid. I would like to use some services to build live charts that don't require manual updates.

This speech from Cardi B is 💪 wow

Just another leadership meeting at @security_score