Mr A.

3 fellowships. Father of Astronomy in Nigeria. UN Consultant for Space Science. UN/NASA award. Generations impacted. No national honour.

Entra Hardening Tip #2: Require MFA for device join & device registration using 'User Action' If you don’t enforce a Conditional Access policy for “Register or join devices”, you’re leaving a gap. Attackers can take advantage of this and register new devices without MFA. Once they’re in, they can: 🚩 Stay persistent 🚩 Bypass controls that rely on trusted devices From there, it opens the door to: 🚩 Data exfiltration 🚩Dropping malicious apps 🚩 Moving laterally across your environment 🚩Recon of your device configuration and compliance policies The fix: Create a CA policy → Include: All users → Target: User Action = Register or join devices → Grant access: Require authentication strength - MFA

“All addictions are a low level search for God.” - Carl Jung

There's a grief spreading through the diaspora right now that most people don't have words for. It shows up as burnout. Loneliness. A quiet voice asking — I did everything right. Why do I feel so empty? It's not a personal failing. It's a wound. And it has a name. I wrote a letter for the brilliant ones who are quietly disappearing. This is for you.

I am a Vulnerability Analyst at the National Institute of Standards and Technology (NIST). There were 28,961 new CVEs published last year. I processed eleven per week. I need to explain what enrichment is because, without it, the rest of this does not matter. A CVE is a numeric identifier that catalogs a new software vulnerability. A CVE without enrichment is a number. CVE-2026-XXXXX. The number tells you a vulnerability exists. It does not tell you the severity. It does not tell you which products are affected. It does not tell you the attack vector. It doesn't indicate whether to patch on Tuesday or now. Every CISO in the country builds their patch-priority list using our enrichment data. We are the triage. Without us, the number is a fire alarm with no address. 28,961 alarms. I got to 572. Every morning I open the queue. The queue is a spreadsheet. It was a spreadsheet when I started, and it is a spreadsheet now. Monday's queue has between 70 and 130 new entries, depending on whether someone found a batch of WordPress plugins over the weekend. I scroll to the top. I pick two. Sometimes three, if one is straightforward. I assign them to myself. I open the enrichment template. I begin. The other 70 stay in the queue. Tuesday, they will be joined by 70 more. I will pick two. The page looks the same. I want to say that clearly. The NVD website, the one bookmarked on every security team's browser in every hospital and bank and water treatment plant and power utility in the country, loads the same way it loaded in 2023. Same interface. Same search. Same logo. There is no banner that says "this data is no longer current." There is no warning. There is no asterisk. The security team at a hospital in Ohio who checks NVD at 7 AM to decide which of their 340 unpatched systems to prioritize today is making life-and-death triage decisions using a database that stopped being maintained. They do not know it stopped being maintained. The page looks the same. We have not been defunded. I want to be precise about that. We have been "deprioritized." Our headcount has been "reallocated to other initiatives." Four analysts were moved to the AI Safety Measurement Initiative in January. AI safety measurement is the initiative that has funding. CVE enrichment is the initiative that protects the hospitals. The hospitals do not have an initiative. My manager told me in February that we are "transitioning to a community-driven enrichment model." Community-driven means that vendors whose products have vulnerabilities will self-report the severity of those vulnerabilities. I sat in that meeting. I wrote it down. Oracle will now assess the criticality of its vulnerabilities. Microsoft will now assess how urgent it is to patch Microsoft. The fox will now audit the henhouse and submit the findings in JSON. I still have my badge. I still have my login. I still open the spreadsheet. I still pick two. The queue has 9,247 unenriched CVEs as of this morning. Some of them are critical. I do not know which ones because they have not been enriched. That is what unenriched means. It means we do not know how dangerous they are because we stopped analyzing how dangerous they are. The page looks the same. The system that catalogs broken systems is itself broken. I catalog the brokenness. I have been cataloging it at a rate of two per day. At this rate, I will finish the current backlog in twelve years and seven months, not accounting for the 80 new entries that will arrive tomorrow, and the 80 after that, and the 80 after that. I am a Vulnerability Analyst at the National Institute of Standards and Technology. The page looks the same. The data doesn't. Nobody told the hospitals. That is my job. I am also not doing that.

‼️🇳🇬 Chartered Institute of Bankers of Nigeria (CIBN) Database Breached: 250GB Including Member PII, Source Code, and ID Documents Leaked darkwebinformer.com/chartered-inst…

@DarkWebInformer Nigeria wey we dey call Giant of Africa don turn to Giant Data Leak 😂😂 CIBN — the apex body training our bankers — just gifted 250GB of members’ PII, scanned IDs, certificates & source code to Rabid on the dark web. Next level: fake bankers with real certificates.

Certifications expiring😅

@rapid7 @grok is there a patch available? If not what’s the best compensating control for this?

🚨 On 3/30/26, a security advisory was published for CVE-2026-33032 – a critical vulnerability affecting #NginxUI. This is a missing authentication bug with a CVSS score of 9.8, and exploitation in the wild has begun. More from Rapid7: r-7.co/4mzAr7G

Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew. github.com/Nightmare-Ecli…

Windows defender has been compromised. right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on thread

OAuth consent phishing is the M365 attack path most orgs aren't watching. The attacker doesn't steal a password. They get the user to grant permissions to a malicious application. "Sign in with Microsoft" — the user clicks approve — and now the attacker's app has a refresh token with persistent access to their mail, files, and calendar until revoked. No password compromised. MFA was satisfied by the legitimate user. Conditional Access passed because the user authenticated normally. The malicious action happens at the consent layer — above authentication — where none of these controls apply. The app now reads mail via Graph API. No interactive sign-in anomalies. No anomalous location. The non-interactive and service principal sign-in logs show token activity, but most SOCs never scrutinise them — and even when they do, the API calls are structurally identical to legitimate application behaviour. Default M365 detections don't catch this reliably. Microsoft has added some — Defender for Cloud Apps flags unusual OAuth credential additions and suspicious mail access — but they're inconsistent, often delayed, and miss consent grants to newly registered external apps without a risk profile. You need to monitor application consent grants in Entra ID audit logs ("Consent to application" under ApplicationManagement) and alert on any app requesting Mail.Read, Files.ReadWrite, User.Read.All, or offline_access from a non-approved publisher. Better still, disable user consent entirely in Entra ID and enforce an admin consent workflow — shifting the attack surface from "any user can be phished" to "only admins can approve apps." This is the gap between "we have MFA" and "we have security." Start here: training.ridgelinecyber.com/courses/

The CIA attack against Samsung smart TVs was developed in cooperation with the MI5. Weeping Angel places TVs in a 'Fake-Off' mode, so the owner believes the TV is off. In this mode the TV records conversations in the room and sends them over the Internet to a covert CIA server.

“I got 8 reps last week, let me go for 9 today” The first rep:

I’ve just decided to put myself through unnecessary pain today 😂😂😂

A Gmail address can be a goldmine for investigators 📧 GHunt extracts publicly linked data from Google accounts - Maps reviews, YouTube activity, and more - all from a single email address. A powerful first step in any people-focused investigation. tools.osintnewsletter.com/osint-tools/gh…

🚨 PHISHING ALERT: "Anonymous Feedback" — The HR Trap KnowBe4 ThreatLabs is tracking a highly personalized phishing campaign targeting organizations across all sectors. Attackers are weaponizing the anxiety of "Peer Feedback" to harvest Microsoft 365 credentials through sophisticated social engineering. The Attack Vector This campaign stands out due to its high level of personalization. By using the victim's full name, employer, and location, the attackers create a sense of legitimacy that bypasses traditional skepticism. The Attack Chain The Hook: A "Confidential Feedback" email claiming an anonymous colleague has submitted a report regarding your recent workplace interactions. The Filter: The CTA "View Confidential Feedback" leads to a page protected by Cloudflare Turnstile. This isn't just for security; it’s a psychological trick to make the site appear "safe" and "official." The Payload: Once the CAPTCHA is cleared, the user is presented with a pixel-perfect M365 credential harvesting page. The Goal: Full account takeover to pivot deeper into the corporate network. 🛡️ IOCs TO MONITOR AND BLOCK: Subject Pattern: [Company Name]: Anonymous Peer Feedback Received for [Username] Sender: todd[@]jccmarineexports[.]com URLs: Automatedhrsolutionsfeedback[.]carrd[.]co dashboardhremployeepanelmstcopilot[.]clearbrandmessage[.]de u60904143[.]ct[.]sendgrid[.]net #CyberSecurity #Phishing #M365 #KnowBe4 #ThreatIntel #HumanRisk

This has to be THE MOST senseless crime I have ever seen. A man was about to bun bossman over burger sauce 😭

Pray God answers my heart desires mehn.,. Cuz this shit is harddddd

The entire gift-card industry in Nigeria was built on fraud