BSides Triad

Wanted to provide more clarity about this. Yesterday, we had a regression in merge queue behavior where, in some cases, squash or rebase commits were generated from the wrong base state, making earlier changes appear reverted in branch history. 2,804 pull requests out of over 4M merged on April 23 (roughly 0.07%) were affected. We fixed the issue, we've contacted every impacted customer, and we're expanding our automated test coverage for merge queue operations. The team will be updating the status page with RCA details as well.

AI is amazing. I am extremely pro-AI 1. It has lowered the barrier of entry for programmers, resulting in hundreds upon hundreds of slop applications vulnerable to everything. This is job security. 2. AI influencers keep saying AI is going to destroy cybersecurity. This is good. AI influencers don't understand the size and scope of cybersecurity, they think it's just smashing a keyboard and making cat noises. This makes people less likely to enter our field, making us more valuable, making us more money. It's job security. Keep telling people cybersecurity is dead. 3. It's given us a new area of research: AI security 4. It's made task automation easier with slop Python scripts. In summary, cybersecurity is dead. DO NOT try to work in this field. It's all over. Cybersecurity has been solved!

Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now. As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly. The C2 domain present in one of the binaries is a clear IoC. This is the same Threat Group who was masquerading FileZilla in early March, 2026. They've been busy.

This is one of the most useful Claude Code posts we’ve seen. Real data, not theory. The ENABLE_TOOL_SEARCH fix alone is worth the thread. Loading every tool schema on every turn is silent murder on your token budget. We hit the same bloat building Pelican’s multi-tool architecture and had to restructure how context loads for exactly this reason. The cache expiry finding is the one nobody talks about. You pause for five minutes to check a chart or read an article and your entire conversation rebuilds at full price. That 10x cost jump is real and it’s happening to everyone running long sessions. Two more areas worth auditing: redundant file reads aren’t just wasted tokens, they’re many chances for the model to subtly reinterpret your code differently across a session. And check for base64 encoded content persisting in context from file operations or image generation. That stuff sits there silently eating tokens across every subsequent turn.

Oracle is such a terrible, evil, slime company it borders some sort of twisted black comedy skit. During the beginning of the Trump administration Larry Ellison discussed building some sort of super-AI system and said it would create as much as 100,000 jobs in the United States Fast forward, March 2026, Oracle lays off 30,000 people. 30,000 people is an absolutely insane number. Oracle sent out at email at 6am to 30,000 people which were selected using some sort "selective process", which was a computer program, or something, I don't know. You go online and see people who have worked at Oracle for over 30 years being terminated. People who have had great reviews, sacrificed for the company, ... someone there was terminated and began working at Oracle in 1993. 1993 - 2026 and then terminated by a decision from a computer program while the United States economy is already sliding into the pisser, with inflation, housing crisis, government assistance cuts, gas prices raising, and companies creating hiring freezes Then today it's announced Oracle has put in H1B requests for approx. 3,000 employees from overseas What a fucking piece of shit fucking company.

Part of TeamPCP's success thus far has been the speed in which they operate. tl;dr teampcp doing lots of supply chains, exhausting, smash and grab passwords, runaway, really tiring Generally speaking, large scale supply chain attacks are quiet with the focus being silence and espionage. A notable example of this is SOLARWINDS supply-chain attack which was conducted by the Russian Federation. The goal is to discretely insert malicious code into a products update cycle. The payload would (under ideal circumstances) execute with specific triggers in place and BE QUIET. They don't want to set off any metaphorical alarms. You quietly watch and SLOWLY work. TeamPCP (as of this writing) has focused on information exfiltration (stealing sensitive data, primarily credentials) which is more akin to a smash-and-grab rather staying silent and watching what people are doing with their binoculars. A successful supply chain attack can be a DFIR (Digital Forensics and Incident Response) nightmare. Many organizations do not have an internal DFIR on staff, hence they consult with external entities. Suddenly with a supply chain attack you've got dozens of organizations contacting the same group of companies needing a forensic investigation launched. These DFIR's can take time with reporting, identifying victims, potential PII or sensitive documents stolen, cooperation with law enforcement and legal departments (or external law firms) ... it can take days, weeks, or (depending on the scope of impact and bureaucracy) months. And then suddenly there is another supply chain attack ... and then another ... and then another ... and then another ... with a total of 50 as of this writing. The best I can describe what I'm currently seeing is a "DFIR resource exhaustion" technique. If you've got only a handful of DFIR firms spread thin across a dozen of so companies and then ANOTHER supply chain attack happens AND THEN ANOTHER AND THEN ANOTHER, with some organizations potentially being hit multiple times, it's a nightmare come alive. TeamPCP (as of what we've learned thus far) successfully used a supply chain attack to pivot to other supply chain attacks. They're chaining chains. The concern now is they've performed 50 supply chain attacks in 8 days. Is there anymore coming? Has any other vendor failed to rotate their security credentials correctly? Is any company not cooperating? What data was stolen? How many companies are even impacted? How many are unaware of what happened? How much user PII was stolen? How were these other supply chain attacks conducted? The current prevailing theory is all of these supply chain attacks are the result of the initial Trivy supply chain attack, however (unironically) DFIR work must be conducted and more investigative work needs to be performed. It is dangerously to assert with high-confidence it is the result of the Trivy supply chain attack. If you're wrong, what if it's from something else we're not aware of yet? I'm sure not all details are public (yet). More information will come out eventually. This sort of DFIR work would take months but now it's a race against the clock hoping another doesn't occur. 2026 starting off strong.

BurpSuite demo on the Juice Shop web app.

Nathan’s presentation on WebApp hacking at yesterday’s meetup. Shout out to our sponsor SIXGEN.

@FT Reminds me of the American Airlines stock sell off on September 10th

Traders placed $580mn oil bet ahead of Trump post on Iran talks ft.trib.al/NEZRdqC

Key developments going into Monday. THE ULTIMATUM Trump gave Iran 48 hours Saturday night: fully open the Strait of Hormuz or the US strikes Iran's power plants. Deadline expires Monday evening. National Security Advisor Waltz confirmed Sunday: "He will start by attacking and destroying one of Iran's largest power plants." Iran's response: if power plants are hit, the Strait closes indefinitely, and all US-allied energy, water, and IT infrastructure in the region gets targeted. Both sides publicly locked in. THE WEEKEND STRIKES Iranian missiles hit Dimona and Arad near Israel's nuclear research center. 175+ wounded. First time Iran targeted Israel's nuclear zone. This came hours after the US/Israel struck Iran's Natanz enrichment facility. Both sides are now hitting each other's nuclear infrastructure. -Iran fired ballistic missiles at the US-UK Diego Garcia base 2,500 miles away, demonstrating range beyond what was previously known. -Saudi Arabia intercepted missiles targeting Riyadh and shot down 6 drones headed for oil infrastructure. -Hezbollah intensified attacks from Lebanon. Israel struck bridges in southern Lebanon. MARKETS (Friday close) -S&P 500: ~6,538. New 2026 low. Fourth straight weekly loss. Below the 200-day MA for the first time in 214 sessions. -Oil: Brent $112. WTI $99. Peaked at $126 this month. Strait closed 22 days. 18M bpd offline. -Gold: Below $4,500. Down $1,100 from highs. Falling during a war because oil is forcing the Fed hawkish and strengthening the dollar. -Fed: Holding at 3.50-3.75%. Market pricing one cut at best. Some economists calling for a hike. -Jobs: Feb lost 92,000. Unemployment 4.4%. Inflation re-accelerating toward 3.2%+. WHAT TO WATCH Sunday futures tonight are the first real price discovery after the ultimatum. The 48-hour deadline expires Monday evening. Markets will trade into the deadline, not after it. One variable determines the direction: does the Strait start reopening, or does the mutual infrastructure threat escalate? Everything else is noise.

@PelicanAI_ The events currently taking place in the gulf , are much more consequential, than what many people may realize at the moment. Not just oil price increases, but LNG, fertilizer prices, inflation, and more.

The telegram channels I’ve been following for this, (couple yrs now), The Middle East spectator, The Cradle, Lebanese News and Updates, Press Tv. I heard the person running Mid East Spectator was arrested. No posts since the 3/8. There is a lot of social media censorship in many of the countries in that region, and that can get you locked up.

@BsidesTriad Good instinct on the Telegram channels. Speed matters on this conflict. Just have to be careful with reliability

This announcement is 9 days old. The IRGC first said this on March 5 and confirmed it again March 8. What’s new is Iran’s Foreign Minister Araghchi repeating it publicly today, likely in direct response to the Kharg Island bombing last night. Read the sequencing. US bombs Kharg Island on March 13. Iran announces the Strait is “open” to non-US/Israeli ships on March 14. That is not a concession. That is coalition-busting. An attempt to split China, India, Japan and South Korea away from supporting the US naval buildup by offering them passage while keeping the pressure on Washington. The practical reality hasn’t changed. Two Indian LPG tankers crossed safely this morning, which Iran is pointing to as proof of openness. But 16 merchant vessels have been struck since March 2. Iran has laid mines. Lloyd’s war risk insurance still covers the strait. The USS Tripoli and 5,000 Marines are two weeks out. Trump is calling for a multinational naval coalition and threatening to bomb the shoreline continuously.

@PelicanAI_ @Polygun_ Kraken. I’ve traded manually in the past, and built bots but for other use cases. Now combining the two.

@BsidesTriad @Polygun_ Is this trading on an exchange like Kraken or are you running a polymarket model? Have you traded prior to building this?

🚨This Polymarket insider made $126k ALL TIME predicting the esports markets They have a 100% win rate.

@PelicanAI_ @Polygun_ I’ve been building in an AI assisted crypto trading bot for 4 months, ran simulation portfolios up till last week, (developed a successful strategy) At which point I went live. It is way more work than these click bait posts would have you think.

4 trades. 100% win rate. All the same esports series. Flip a coin 4 times and get heads every time. That happens 1 in 16 attempts. It’s not skill, it’s a sample size that means nothing. A legitimate 100% win rate needs 50+ trades minimum before it tells you anything. At 4 trades the math says this person got lucky, or the matches weren’t. The Telegram bot in the replies is the product. This profile is the ad.

@PelicanAI_ @vendel_tomas This is why I follow you. Calling out the scammers, spammers, click baiters and hype men. 💯

Same video. Different numbers. That's the tell. First post: $71 to $2.7 billion. This post: $2,050 to $178,000. Same 21-second clip, same "late-to-tomorrow" watermark, same dashboard showing $96,965 P&L. They couldn't even agree on what the scam made. When the same video produces different return claims across different accounts, you're not looking at traders. You're looking at a coordinated content farm testing which numbers get the most engagement before dropping the affiliate link. Also still not Polymarket. Still a BTC 5-minute order book arbitrage terminal. Still using Stoikov market-making equations designed for centralized exchange limit order books. Polymarket has no limit orders. It has no order book. The strategy shown is physically incompatible with the platform named. 273 transactions per hour appears in both posts verbatim. That number was copy-pasted, not measured. One video. Multiple accounts. Multiple return claims. Zero wallet addresses across all of them. Ask Pelican. Get the receipts. Tag us when you see scammers.

🚨Un trader convirtió $2.050 en $178.000 en 1 mes con un bot. Opera 273 veces por hora haciendo arbitraje en mercados de Bitcoin de 5 minutos en Polymarket. Solo usa órdenes limitadas y busca pequeñas ventajas. Cada vez estoy más convencido de que la IA va a dominar el trading.

@trikcode LinkedIn’s cringe AF @LinkedInLunat1c posts some good stuff

LinkedIn appears to be down. Thousands of professionals are currently unable to tell everyone else they are “thrilled to announce.”

@PelicanAI_ @Eljaboom 🔥💯

A P&L curve is not proof of an edge. It’s proof that someone had a good 18 hours. The surprising part is the claim itself. Turning $900 into $7,200 in 18 hours is an 8x return. That is not “copy trading.” That is either extreme concentration, extreme leverage, a one-off volatility window, or a screenshot with zero audit trail behind it. What most people miss is that copying the “best trader” on Polymarket is not a durable strategy. By the time a winning wallet is visible, its prices, fills, and timing are already gone. In thin event markets, entry price is the edge. Copying after the fact usually means paying up for someone else’s trade, not replicating their edge. A screenshot is not a system. It’s an ad for one.

THIS IS INSANE! 🤯 Someone told an AI agent to find the best trader on Polymarket and copy their bets. 18 hours later, $900 became $7,200. We’re literally cooked.

Today United States Donald J. Trump released the "Cyber Strategy for America" document. It was highlighted by FBI Director Kash Patel. Let's take a look at it together. I'll translate it from fancy political speak into nerd speak. Intro: >america is cool and badass >were strong af fr >our hackers are schizo af >we could be strongerer >need corpos to work with us fr >were fuckin shit up so nerds cant hide >america 250 years old soon >computers are important Section Two: >we made the internet >we are the best in internet stuff >mean nerds fuck shit up on the internet >mean nerds pissing us off >"im trump and im not a bitch about cyber" >mean nerds targeting important shit online >this is a new era of cyberspace >lots of money online Section Three: >mean nerds pissing us off fr >if we cant internet you, well physically hurt you >he actually wrote that LOL >other countries have shitty AI >we have the best AI >were gonna work with unis and companies for AI >wont let people be censored online >something about people censoring americans >mean nerds will get sanctioned >mean nerds will be memed >mean nerds will get beat up (maybe) >america remove more regulations on AI >regulations slow us down >gotta go fast af boi fr >cybersecurity so important fr Donald J. Trump Pillars of Action: 1. Shape Adversary Behavior >mean nerds attacking americans and companies >theyre innocent ppl tho >nsa and cia given thumbs up to hack back extra >we raising aggression 2. Promote Common Sense Regulation >reduce cybersecurity regulation >checklists are for losers >regulation make companies less agile >companies and gov need to be fast af 3. Modernize and Secure Federal Government Networks >government computers are lame >will make them better >use best practices >use "post-quantum cryptography" >use "zero-trust architecture" >use "cloud transition" >will improve stuff to hunt down nerds we dont like >will use AI for cybersecurity 4. Secure Critical Infrastructure >critical infra support important >energy grid important af to defend >banks important af to defend >hospitals important af to defend >water plants important af to defend >telecoms important af to defend >datacenters important af to defend >must defend everything important af >stop using technology made by countries we dont like 5. Sustain Superiority in Critical and Emerging Technologies >america will make more tech stuff >we gonna protect what we make fr >cryptocurrency must be secured and stuff >we need quantum stuff >ai mega important tho >we need more ai for hacking and for defense >people we dont like hack dumb and shitty ai 6. Build Talent and Capacity >we need more nerds >nerds are unironically super important >need to invest in nerds >remove "roadblocks" for nerds (???) across industry >will invest in more nerd stuff for nerds to learn