Nick Percoco

If you are exploring #nostr, you can find me there: npub1xmp08ww7fku05qwhy3ldgshevq368qjzas628ukpqs4wunuec0gqwgqfpf

I put a prompt injection into my LinkedIn bio and recruiters are messaging me in Old English and calling me Lord.

@IntCyberDigest 27 years in cybersecurity and I looked like that during COVID.

"I've been working in cybersecurity for 3 years and I feel great!" - Dave, 24

@TSA @Jaku @J0hnnyXm4s ^

Protein shakes? 3.4 oz or less, but rotisserie chickens??? As many as you can fit in your carry-on.

@brockpierson Older

Are you this old?

@AnthropicAI $10k for criticals

Our security bug bounty program is now public on HackerOne. We've run the program privately within the security research community, and their findings have strengthened our products. Now anyone can report vulnerabilities and get rewarded. Read more: hackerone.com/anthropic

Hey @krakenfx customers 👋 Here’s how to turn crypto into cash.

Anyone remember this? This unit plays the “Thundering Turbo” game. Came out in 1983. Was the closest to VR at the time for kids. It was great for road trips in the 80s.

@Ky1eKatarn That’s Vulptex Mulder.

Am I having a stroke or did they give top 3 placement to a character I have literally never seen before

@tmuxvim It’s usually fraud when it’s the other way around

Stripe just stopped a Nigerian from giving me $80 because it was classified "highest" fraud risk, and suddenly I'm like idk fraud isn't that bad man

@simranrambles Curser

wonder how will Elon rename cursor, considering both xcode and codex are taken

@Sdh2355 @KarineSueQc Agreed, it would be great, but they really don’t know this for some reason.

@c7five @KarineSueQc People should know by now that government agencies do not ask for gift cards.

A scam blowing up this year that nobody warns you about: the recovery scam. Here’s how it works. You get scammed once. Crypto, romance, fake invoice. Doesn’t matter. You realize, you panic, maybe you tell the scammer “I’m calling the cops.” They record that call. Then they wait 4 to 8 weeks. Then a “police officer” calls. Or a “lawyer.” Or someone from a “consumer recovery agency.” They know specific details about your scam. Because they ARE the people who scammed you. They offer to help recover your money. Just need an upfront fee. Gift cards work great, apparently. Or more crypto as a “recovery bond.” Rule: Anyone who contacts YOU first about money you lost is the scammer. Government agencies and law enforcement do not work this way. Ever. Share this. Send it to anyone who might be vulnerable to getting scammed TWICE.

@osint_based Yes, definitely - also sometimes one scam group hacks another scam group.

Also, sometimes “first line” scammers resell victim data to other groups after draining everything, so a second group comes in with a fake recovery attempt They usually claim the original scammers were caught or that your funds were found/frozen somewhere, and you just need to pay taxes, AML fees, or other charges to recover them Because it’s easier story than upfront payment They already know your name and details, and may even show your documents - since victims often provided them to the initial scammers Overall, it’s often the same ecosystem of scam groups or call centers trying to extract more money

@beausecurity I recently had a family friend get scammed and they told people about it on Facebook. They then told us they were working with the “FBI” and when we asked if they reported the scam to them, they said “No, they called me”. 😬

@c7five 100% Happens here on X a lot too. I often tell scam victims that it’s not worth publicly posting about your scam because you’ll attract more attention from the bad guys!

@MalwareJake @SANSInstitute I’d imagine that a very good portion of their annual revenue comes from training and certification of DHS (and other US Gov agencies) employees. The choice was probably to stay in business rather than pick a fight with the US Gov over politics.

Sad to see an org I was so involved with for so many years taking nearly $500k in blood money from ICE. Seriously disappointed with @SANSInstitute today. I get that the economy is bad and sales are hurting. But taking money from ICE is *a choice*. sam.gov/workspace/cont…

Kraken Security Update We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors. Kraken identified and shut down two instances of inappropriate access to limited client support data. In February 2025, we received a tip from a trusted source regarding a video shared on a criminal forum that appeared to show access to our client support systems. We immediately launched an investigation and quickly identified the individual involved as a member of our support team. Their access was revoked immediately, a full investigation was conducted, additional security controls were put in place and a limited number of affected clients were notified. Since then, we have been collaborating with industry partners and law enforcement to investigate and disrupt insider recruitment efforts targeting not only crypto companies, but also gaming and telecommunications organizations. More recently, we received another tip, along with a new video showing similar activity. We quickly identified the individual involved and terminated their access. As before, we acted immediately to revoke access, conduct a full investigation, and notify the small number of affected clients. Across both incidents, only a very small number of client accounts were potentially viewed - approximately 2,000 in total (0.02% of clients). Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals. Based on intelligence gathered across both incidents, along with extensive ongoing analysis, we believe there is sufficient evidence to support the identification and arrest of those responsible. We are actively working with federal law enforcement across multiple jurisdictions to pursue all individuals involved and bring them to justice. Due to the ongoing investigation, we cannot share additional details at this time. However, anyone with relevant information is encouraged to contact us directly. The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats. Note: If you are a client potentially affected by this, you've already been notified.

Every security flaw discovered by AI was there before AI, waiting to be discovered either by people or by AI. The world has never been good at securing computer systems; finally with AI we are going to get good.

@tmuxvim Just took it. Almost as smart as that clanker.

ran out of time. fuck Mensa 😭

@elonmusk Any plans to open a few more across the county?

The Tesla Diner is obviously not something that matters financially to Tesla, but it is one of those small delights that bring joy to life

Scammers ruin lives for a living. It's time to ruin their day. We're sponsoring @Kitboga's Creation Jam. Build unskippable ads scammers can't escape, get them tested live on stream, and win prizes! Deadline: April 30 👇 kitboga.com/codejam26