Maarten van Dantzig

@cyb3rops @nextronsystems Congrats Florian!

Big moment for Nextron, and for me personally The first version of our scanner ran in December 2012. Back then it was still a tool for consulting and incident response cases. We founded @nextronsystems in 2017 with around 35 customers. Today it’s more than 550. Most of that growth happened organically. Word of mouth, customer trust, posts on Twitter, and a lot of steady work on the product. Maybe a fairly German way to build a company: spend what you earn, focus on the substance, care more about what’s inside the box than the box itself. We were not always great at explaining that box, though. Sometimes we were probably a bit clumsy in how we communicated what the products can do and where they fit best 🙂 That also means there is still a lot we can improve around the product: clearer communication, better channels, better integrations, better support and a more professional setup for international growth. That’s why I’m genuinely happy that Eurazeo / Elevate is joining us for the next phase. Nextron has always been strongest where standard tools have blind spots: forensic scanning, compromise assessment, unusual systems, backup data, forensic images and environments where you cannot just install another agent. Thanks to the Nextron team, our customers, partners and everyone who helped us get here. Now we keep building. linkedin.com/posts/nextron-…

This is one of the more fascinating malware write-ups I've read in a while. Sentinel LABS covered fast16, a 2005 sabotage framework that was doing things most people associate with much later operations. The malware used a driver to tamper with calculation software, but it also had automated methods to propagate through the network. It looked for the right applications, used Windows-native mechanisms, and took advantage of shared drives with weak passwords or no passwords. This is a good takeaway because the sabotage only works well if the corrupted results become consistent across systems, so if one workstation gives bad results, someone may spot it. Having the testing and validation documents in the same flat network makes tampering easier. Also, the mechanisms used to tamper with research are fascinating. A chain of operations starting from a filesystem driver, and very specific software targeting. Sentinel really nailed this one, connecting everything together. Just goes to show that trying something different can take you somewhere unexpected. You never know what’s out there, and there are definitely more, newer samples like this. Full report: sentinelone.com/labs/fast16-my…

Exploit dev for complex software like browsers is no easy task, it's supply constrained. There are very few people finding bugs and writing exploits for them. Even if Mythos is a bust, scaling curves aren't hitting a wall. And the problem with future models getting better at exploit dev is that any patch published on git can now be exploited faster. There's no constraint on the supply of skilled hackers anymore. One good operator managing multiple exploit dev sessions in parallel, throwing tokens at the problem, and models will generate the exploits. Take this bug as an example, the fix landed on V8 main on March 26, merged to release branches March 31, and Chrome 147 shipped April 7. That's a 12-day window where the fix was public but no one had it. A future model could weaponize that in days

Technical report released: The AI-Assisted Breach of Mexico’s Government Infrastructure gambit.security/blog-post/a-si…

NEWS: Anthropic's new model, Claude Mythos, is so powerful that it is not releasing it to the public. Instead, it is starting a 40-company coalition, Project Glasswing, to allow cybersecurity defenders a head start in locking down critical software. nytimes.com/2026/04/07/tec…

Guy using AI+ Gene Sequencing to treat his dog's tumor with a personalized vaccine is inspiring. I also see the impending hot take that ethics reviews are a pro-forma red tape exercise. The truth...complicated. Medical ethics laws around things like vaccine trials are written in blood, deaths & complications. They are designed to protect regular people & creatures from big companies with bad incentives. In many cases, ethics protocols are one of the few tools available to pump the brakes on big pharma companies' incentives to exploit desperate people & do morally appalling stuff. Ethics protocols, when done well, also force research & drug trials to be more efficient & do better quality, more reproducible science. You see it reflected in the quality of scientific output once labs were forced to be very intentional around procedures & harms. Now, on the flip side, most medical ethics review laws & procedures were really not intended for what feels like a dawning era of n=1 medicine. Better pathways & compassionate use are needed. But that's probably a separate problem from the guardrails that restrain the institutional power of big companies over people in medical need... or financial dire straits.

OpenAI now requires government ID verification to use GPT-5.3-Codex for cybersecurity work. - openai.com/index/trusted-… GPT-5.3 and Opus 4.6... AI cybersecurity capabilities have reached the critical point where they need to be properly safeguarded. OpenAI built a tiered trust system with automated classifiers monitoring for suspicious cyber activity in real-time, an invite-only tier for researchers, and $10M in API credits for defensive teams. Prediction: 1️⃣ Google DeepMind and Anthropic will follow and implement KYC to access the risky capabilities of their frontier models. 2️⃣ Today's frontier models will become just a model in 6 months, with open access to everyone. But they won't become less capable. 3️⃣ The labs will continue doubling down on safety guardrails and making AI able to protect from AI Source: Ilya Kabanov

.@SIGKITTEN is running LLM agent battle royales ("Clanker Games"): identical vulnerable Docker containers where agents compete to pwn & kill each other (PID 1) in real time. Latest runs show Gemini crushing it by scanning its own container first. x.com/sigkitten/stat…

@wol "Cut the videos in chunks of X and add metadata about each chunk in the prompt"

Tekst en video met dank Gemini 3 Pro - de rest work in progress

Vibecoden want waarom niet #X

Anthropic: "This marks the first documented case of agentic AI successfully obtaining access to confirmed high-value targets for intelligence collection, including major technology corporations and government agencies."

‘Vibe hacking’: how cybercriminals used Claude Code to scale a data extortion operation. Claude Code was used to automate reconnaissance, harvesting victims’ credentials, and penetrating networks. anthropic.com/news/detecting…

New from our security teams: Our AI agent Big Sleep helped us detect and foil an imminent exploit. We believe this is a first for an AI agent - definitely not the last - giving cybersecurity defenders new tools to stop threats before they’re widespread.

Using Timesketch for timeline analysis? We recently added a new feature: LLM summaries of up to 500 events in view. Example below uses Gemini Flash, but you can just as easily use a local Ollama model. Setup guide: timesketch.org/guides/user/ll…

@joshwoodward @petergyang @GeminiApp I do this frequently as well: Deep Research --> Upload to NotebookLM --> join Audio Overview to ask questions about the report. Incredibly useful.

@petergyang @GeminiApp Interesting idea, just forwarded to the team! Thanks Peter!

There should be a way to start a NotebookLM podcast conversation (where I can dial in and ask questions) straight from a Deep Research @GeminiApp report. Because I don't actually want to read the 48-page report that Deep Research came up with 😅 @joshwoodward wdyt?

We’re seeing a clear trend: attackers are bypassing the endpoint entirely. Not just avoiding traditional EDR-monitored systems by pivoting to embedded and edge devices, but now also operating purely in the cloud. No shell, no malware, no persistence on the endpoint. Just an OAuth token and full access to whatever’s in the victim’s Microsoft 365, Google Workspace, or AWS console. It’s a complete inversion of how things used to be. The endpoint, once the weakest link, is now usually the most monitored, most policy-enforced part of the infrastructure. You’ve got EDRs, SIEM integration, automation, threat hunting - the full stack. But attackers don’t need to touch it anymore. Instead, they go after the new soft spots: - Cloud platforms, where logging is limited, expensive, or off by default - Network devices and appliances, which are practically blind spots - obscure OSes, no EDRs, hard to monitor, hard to forensicate. - Embedded systems and IoT junk that no one really knows how to secure, but that sit in critical network paths. Cloud especially is a mess: - Logging tiers cost extra and the good stuff is behind paywalls. - Detection content is lacking, both from vendors and the community. - You don’t get memory dumps or full control like you do on endpoints. - You’re at the mercy of the provider when it comes to visibility and response. And that’s the shift: attackers aren’t hacking computers anymore. They’re hacking trust relationships, identities, and APIs. The whole idea of detection and response needs to evolve with that. Otherwise, we’re securing the hell out of endpoints while attackers happily fish through mailboxes and cloud shares from halfway across the planet.

Evil Corp: Behind the Screens nationalcrimeagency.gov.uk/who-we-are/pub…

New from 404 Media: someone put facial recognition on Meta's smart glasses to instantly dox strangers. You look at them, sends face to a facial recognition tool. LLM infers name, sends to people site. Gets phone number, address. I've seen it in action 404media.co/someone-put-fa…

@fr0gger_ This was a great read 👍

Analyzing data leaks is a very interesting Intel challenge, especially when you’re dealing with a foreign language 🤓 The I-SOON leak, which contains mostly PNG files of screenshots of documents, is a good example 🔎 Last night, I created a Notebook to automatically process and analyze the data to speed up your investigation. Here is my process 👇 🧵 If you don't want to read the thread, you can directly jump to the notebook here: jupyter.securitybreak.io/ISOON_DataLeak… #infosec #isoon #leak #threatintel #llm #python #jupyter

The NCA reveals details of an international disruption campaign targeting the world’s most harmful cyber crime group, Lockbit. Watch our video and read on to learn more about Lockbit and why this is a huge step in our collective fight against cyber crime.