secGene

Apne Aasman Se Meri Zameen Dekhlo..... Tum Khwab Aaaj Koi Haseen Dekhlo..... Agar Aazmana Hai Aitbar Ko Mere To...... Ek Jhoot Tum Bolo Or Mera Yaqeeen Dekh Lo..

AI Integrity: Defending Against Backdoors and Secret Loyalties - static1.squarespace.com/static/64edf8e… The rapid integration of AI systems across government operations increases exposure to AI integrity threats. As adversaries develop both the capability and motivation to compromise frontier AI systems, establishing robust defenses becomes increasingly important. The four recommendations outlined in this report provide a strategy that leverages the government's unique strengths without imposing regulatory burdens on industry. By organizing government-led red team exercises, developing voluntary NIST security frameworks, creating formal threat intelligence sharing partnerships, and launching new ARPA research programs, the government can significantly strengthen AI integrity across both public and private sectors. The path forward requires partnership between government and industry, combining the government's counterintelligence expertise with industry's technical innovation. By implementing these recommendations, the United States can maintain its leadership in AI while ensuring that the systems underpinning critical national functions remain trustworthy and aligned with American interests. Many open questions remain about how best to tackle the problem of AI integrity, and we therefore encourage the research community to contribute to this nascent field.

Kali Linux Introduces AI-Driven Penetration Testing Through Claude Integration linkedin.com/pulse/kali-lin…

Applying for IT Audit, Information Security, or GRC Roles? Don’t Limit Your Job Search to Just One Title. Updated! One mistake I see many candidates make is searching only for job titles like IT Auditor or GRC Analyst. In reality, many organizations use different titles for roles that require the same core skills —risk assessment, controls testing, compliance, and security governance. If you’re trying to break into or grow within IT Audit, Information Security, or GRC, expand your search to include related titles such as: Related Job Titles to Look Out For >> IT Risk Analyst >> Information Security Analyst >> Cybersecurity Governance Analyst >> Compliance Analyst (IT / Technology Risk) >> Internal Control Analyst >> Technology Risk Consultant >> SOC Analyst (especially Governance or Compliance-focused roles) >> Third-Party Risk Analyst / Vendor Risk Analyst >> Data Privacy Analyst >> IT Control Analyst >> Audit & Assurance Associate (Technology) Many of these roles cover ITGC, risk management, control reviews, policy implementation, and regulatory compliance —the same foundation used in IT Audit and GRC. Industries You Should Also Target (Beyond Consulting & Banks) >> FinTech & Digital Banks >> Telecommunications >> Aviation & Logistics >> Energy (Oil & Gas, Power) >> HealthTech & Healthcare >> E-commerce & Digital Platforms >> Insurance >> Manufacturing Industry >> Government & Public Sector >€ SaaS / Cloud Companies Different industries often have stronger compliance requirements, which increases demand for IT Audit and GRC professionals. Pro Tip: When searching on job platforms, don’t search only by job title—search by skills such as: ITGC ISO 27001 Risk Assessment Internal Controls SOC 2 Data Privacy Cloud Security Governance Sometimes the right opportunity is hidden behind a different job title.

A password like G7$kL9#mQ2&xP4!w looks strong. Every password checker rates it "excellent." But researchers at Irregular just published something worth knowing: that exact string appeared 18 out of 50 times when Claude was asked to generate a password. The reason: LLMs are prediction engines. They're optimized for plausibility, not randomness. Claude's passwords had ~27 bits of entropy. A truly random password has ~98. Password checkers can't detect this. They see character variety. They can't see statistical distribution. It gets worse for developers: Irregular also found AI coding agents hardcoding these patterns directly into Docker configs and .env files — without the developer knowing. They found the patterns on GitHub. Are you auditing AI-generated codebases for hardcoded credentials? #CyberSecurity #PasswordSecurity #DevSecOps #AppSec Author: T.O. Mercer

@forsan87 What about Android app

✨ Siraj 1.3 is here 🔒 Next Prayer on Lock Screen See the upcoming salah with a live countdown. 🔔 Custom Prayer Sounds Set a different adhan or takbeer for each prayer. ⚡ Time-Sensitive Alerts Break through Focus & Do Not Disturb. 📿 One-Tap Streak Track fasting days instantly. 🛠️ Major Fixes Widgets, Live Activity, streak sync & more. Ramadan Mubarak 🌙Your light shines on.

1000%

@forsan87 Android app

If Siraj had one superpower… what should it be? 🌙✨ Tell me the feature you wish existed. I might build it next. 👇 Drop it below

@yusufk611 @Al_Quraankareem @grok @grok urdu translation

@Al_Quraankareem @grok what is the dua?

The best Dua ever...

“Overthinking kills your happiness, leave the matter to Allah.”

Microsoft Defender was able to confirm a small but noticeable uptick in installations of OpenClaw initiated by Cline CLI installation script during the supply chain compromise of their NPM package that lasted approximately eight hours on February 17, 2026 between 11:26 and 19:30 UTC. Organizations using Cline CLI should urgently check environments for unexpected OpenClaw installations. Cline is an open-source AI coding agent. On February 17, 2026, Cline published an advisory that an unauthorized party had used a compromised npm publish token to publish an update to Cline CLI on the npm registry: msft.it/6012QnRMC. The altered npm package (cline@2.3.0) was modified to perform the installation of OpenClaw as post-install script, as initially discovered and demonstrated by a security researcher: msft.it/6013QnRMh. A corrected version has since been released. For more information on the risk arising from self-hosted agent runtimes like OpenClaw, including monitoring and hunting guidance, read this blog: msft.it/6014QnR36

Cybersecurity is growing fast. $PANW Platform consolidator. Converging network, cloud, SOC into one integrated stack. Forcing vendor rationalization across large enterprises. $CRWD Endpoint + identity fabric. Single lightweight agent feeds telemetry across endpoint, cloud, identity. Data scale drives expansion. $ZS Zero Trust Exchange. Removes users from corporate network entirely. Cloud proxy replaces VPN-era architecture. $NET Connectivity Cloud at the edge. Secures apps, users, APIs in front of the internet. Network scale is the moat. $MSFT Embedded security baseline. Protection bundled across Azure, M365, Windows. Distribution advantage few can match. $FTNT ASIC-driven performance edge. High-throughput firewalls + SASE at strong price-performance. Hardware roots, platform evolution. $CHKP Prevention-first focus. Infinity architecture spans network, cloud, workspace. Stability and margin discipline define strategy. $NTSK Data-centric SASE. Deep DLP visibility controls how data moves across SaaS and AI apps, not just who accesses it. $S Autonomous defense model. AI-driven Singularity platform automates detection and response across domains. $OKTA Neutral identity layer. Connects any user to any stack across multi-cloud environments. Governance expanding beyond SSO. $SAIL Identity governance depth. Defines who gets access and why. Focused on compliance-heavy enterprise environments. $CYBR Privileged access vault. Secures admin credentials attackers target first. Now core identity layer inside PANW. $WIZ Agentless cloud visibility. Snapshot-based risk detection across AWS, Azure, GCP. Now embedded into Google Cloud. $DDOG Observability meets security. Uses logs, metrics, traces to detect threats inside live applications. $RBRK Cyber resilience layer. Immutable backups + clean recovery. Designed for breach assumption, not breach prevention.

Ramadan mubarak y'all! 🌙 and as per tradition, i have released v6 of my ramadan-cli, which also comes with agent skills and --json mode. $ npx ramadan-cli RAMADAN CLI 🌙 Focus: Sehar + Iftar 📍 Setup: auto city/country/timezone 🧭 Fiqh: method + school recommendations 🗓 Modes: today, month (-a), specific roza (-n) 🤖 Mode: JSON for scripts/agents if installed globally, use ramadan-cli or roza instead of npx ramadan-cli. → today view ramadan-cli → full ramadan month ramadan-cli -a → specific roza 10 ramadan-cli -n 10 → one-off city lookup ramadan-cli vancouver → save defaults (non-interactive) ramadan-cli config --city "San Francisco" --country "United States" --method 2 --school 0 --timezone "America/Los_Angeles" → show or clear saved config ramadan-cli config --show ramadan-cli config --clear → reset everything ramadan-cli reset zero-config: - first-run guided setup (TTY) - auto location + timezone detection fallback - works with npx (no install) - clean terminal output + JSON output works with AI agents via skills $ npx skills add ahmadawais/ramadan-cli then ask your agent for city timings, full-month tables, or automation-friendly JSON. happy ramadan!

How to calculate Subnet

Networking basics: Virtual Area Networks (VLANs)

You're negotiating your salary. They ask: "What are your salary expectations?" You give a number. You just lost $18,000. Here is the script to flip the question and get their budget first:

AWS Core Architecture - Simplified Account ↓ Region ↓ VPC (network boundary) ↓ Subnets (public / private) ↓ Route Tables (traffic rules) ↓ Internet Gateway (internet access) ↓ NAT Gateway (outbound only) ↓ Security Groups (access control) ↓ Load Balancer (ALB / NLB) ↓ Target Groups ↓ Auto Scaling Group ↓ Compute (EC2 / Containers / Lambda) ↓ Application Code ↓ Datastores (RDS / DynamoDB / S3) ↓ IAM (access control) ↓ Logs (CloudWatch) ↓ Metrics (CloudWatch) ↓ Alarms ↓ Multi-AZ ↓ Backups ↓ Infrastructure as Code ↓ Cost Controls ↓ Operations ↓ Failures & recovery 🎯 If you understand this flow, AWS stops feeling random. It becomes predictable. #AWS

You got this! Have a good week. #itsupportspecialist #desktopsupport #desktopsupporttechnician #desktopengineer #helpdesk #motivation

S3 Security Checklist Production-Grade 🔒 Before you call your S3 bucket “secure”, check these 👇 1️⃣ Block Public Access - ALWAYS → BlockPublicAcls = ON → IgnorePublicAcls = ON → BlockPublicPolicy = ON → RestrictPublicBuckets = ON Public access should be an exception, not a default. 2️⃣ Bucket Policies vs IAM - know the boundary → IAM policies = WHO can access → Bucket policies = WHAT can be accessed Use bucket policies for: → Cross-account access → Prefix-level control → Network-based restrictions 3️⃣ Object Ownership - avoid ACL chaos → Object Ownership: Bucket owner enforced → ACLs disabled Result: → Single ownership model → No canonical IDs → No per-object permission drift 4️⃣ Encryption - don’t trust humans → SSE-S3 or SSE-KMS enabled by default → Enforce encryption via bucket policy → Deny unencrypted PutObject Security should be enforced, not “recommended”. 5️⃣ Access Analyzer - your silent auditor → Detects unintended public access → Flags cross-account exposure → Works continuously If you’re not reviewing it, you’re guessing. Golden rule 👇 If your S3 security depends on “people doing the right thing”, it’s already broken. Design like it’s production.

If you’re serious about PYTHON, This is all you need!!

Final interview. They ask: “When can you start?” Your mind blanks. You say: “I have a 3-month notice period.” Interview ends. No offer. Here’s what they actually want…