Douglas Mun

“It is possible to unintentionally offend others, not necessarily due to an incorrect stance, but rather due to a difference in perspective.”

🚨Cyber Alert ‼️ 🇯🇵Japan - 𝗦𝗮𝘄𝗮𝘆𝗮𝗸𝗮𝗰𝗹𝘂𝗯 𝗖𝗼.,𝗟𝘁𝗱. Space Bears hacking group claims to have breached Sawayakaclub Co.,Ltd. Threat actor: Space Bears Sector: Wholesale / Retail Data exposure (claimed): Not specified Data type: Not specified Observed: Mar 19, 2026 Status: Pending verification ESIX©: 5.21 Full details and impact assessment on HackRisk.io

A timeline of MCP security breaches: Tool poisoning, RCE via mcp-remote, sandbox escapes, and 7,000+ exposed servers brightbean.xyz/blog/mcp-backd…

Shutting Down Scam Centers! The #FBI and partners are targeting scam compounds in parts of Southeast Asia that are designed to extract as much money as possible from victims thousands of miles away. Read more here: fbi.gov/news/stories/f…

DOJ issued a truly stunning indictment today, unveiling a massive AI chip smuggling operation to China--led by Wally Liaw, the Co-Founder, Board Member, and Senior Vice President of Supermicro, a Fortune 500 company and one of the largest U.S. AI server manufacturers. The operation smuggled over $2.5 billion worth of chips to China, including Hopper and Blackwell chips. It is unsurprising that China would seek to illegally obtain U.S. chips, given how much better they are than Chinese chips. But it is appalling that leadership figures in major U.S. semiconductor companies would actively enable Chinese efforts to obtain banned AI chips. Many U.S. companies have long denied that chip smuggling to China is happening. And now we know that it is not just happening, but it is pervasive--and individuals high up in some of the most important companies in the AI supply chain were actively supporting those smuggling operations. Policy changes are urgently needed to close loopholes in AI chip export controls and stop Chinese smuggling. First, we need to know where these chips are going: all AI chip exports to Southeast Asia (the nexus of Chinese smuggling operations, including this operation), and potentially globally, must require a U.S. export license. Second, Chinese companies inside the United States should not be allowed to purchase AI chips. It is absurd that the only country in which Chinese companies can buy AI chips is the United States itself, a loophole that DOJ has highlighted in past indictments that Chinese smugglers routinely exploit. And third, much tighter compliance measures are needed by U.S. companies. U.S. companies have demonstrated that they cannot be trusted to self-police. Companies must have stricter end-use reporting requirements, and/or face stricter liability. Export control enforcement must become more like financial sanctions enforcement if it is to be effective. justice.gov/opa/pr/three-c…

CISA published an advisory on endpoint hardening after Stryker. The RBAC guidance is solid. Multi Admin Approval for Intune is not a complete solution either. An attacker with Global Admin can create the second approver account themselves. That is a five minute delay, not a defense. What actually stops this: no standing GA roles, PIM with fresh FIDO2 at activation, and a session revocation circuit breaker that fires the moment bulk wipes start. We have been on Handala/Stryker since March 12. Here is what CISA got right and what they missed. threathunter.ai/blog/cisa-got-… #Stryker #Handala #CISAAlert #IdentitySecurity #MDR

At the Agents Anonymous SF meetup last night we did another 🙋 AI usage survey, here are the est. numbers: Usage stats: - 90% Claude Code - 60% Codex - 30% Cursor - 20% OpenCode - 10% Conductor - 10% Own agent/Pi 80% have prompted a coding agent from mobile 50% have not handwritten a single line of code this year 99% think they're more productive now vs. pre agentic coding agents Parallel agent usage: - 90% 3+ - 70% 4+ - 50% 5+ - 5% 10 Also want to give a ginormous thank you to our incredible speaker lineup: - @jonas_nelle & @alexirobbins from @cursor_ai - @southpolesteve from @Cloudflare - @LewisJEllis from @ycombinator - @aidandcunniffe from Git AI - 🦞 @steipete from @openclaw Hope to see you all at the next one! 🫡

bro, it's so over for designers google stitch is insane. 🤯

Introducing LiteParse - the best model-free document parsing tool for AI agents 💫 ✅ It’s completely open-source and free. ✅ No GPU required, will process ~500 pages in 2 seconds on commodity hardware ✅ More accurate than PyPDF, PyMuPDF, Markdown. Also way more readable - see below for how we parse tables!! ✅ Supports 50+ file formats, from PDFs to Office docs to images ✅ Is designed to plug and play with Claude Code, OpenClaw, and any other AI agent with a one-line skills install. Supports native screenshotting capabilities. We spent years building up LlamaParse by orchestrating state-of-the-art VLMs over the most complex documents. Along the way we realized that you could get quite far on most docs through fast and cheap text parsing. Take a look at the video below. For really complex tables within PDFs, we output them in a spatial grid that’s both AI and human-interpretable. Any other free/light parser light PyPDF will destroy the representation of this table and output a sequential list. This is not a replacement for a VLM-based OCR tool (it requires 0 GPUs and doesn’t use models), but it is shocking how good it is to parse most documents. Huge shoutout to @LoganMarkewich and @itsclelia for all the work here. Come check it out: llamaindex.ai/blog/liteparse… Repo: github.com/run-llama/lite…

Not enough people are talking about NVIDIA's new Nemotron-3-Nano (4B) model! 🤯 Hybrid Mamba + Attention architecture, designed as a unified model for reasoning and non-reasoning tasks. So small and efficient, it can run 100% locally in your web browser at 75 tokens per second.

We just released Claude Code channels, which allows you to control your Claude Code session through select MCPs, starting with Telegram and Discord. Use this to message Claude Code directly from your phone.

Perplexity Computer now connects to your health apps, wearable devices, lab results, and medical records. Build personalized tools and applications with your health data, or track everything in your health dashboard.

Don’t forget to read my article all about how to properly secure yourself from this attack, which goes more into detail then the MSFT article: mobile-jon.com/2026/03/16/how…

Three Charged with Conspiring to Unlawfully Divert Cutting Edge U.S. Artificial Intelligence Technology to China “The indictment unsealed today details alleged efforts to evade U.S. export laws through false documents, staged dummy servers to mislead inspectors, and convoluted transshipment schemes, in order to obfuscate the true destination of restricted AI technology—China,” said John A. Eisenberg, Assistant Attorney General for National Security. “These chips are the product of American ingenuity, and NSD will continue to enforce our export-control laws to protect that advantage.” 🔗: justice.gov/opa/pr/three-c…

I have no idea when Virus Bulletin uploaded our paper - but here it is: our talk from last September at VB2025, where we talked about an APT41-adjacent group started using Google Calendar C2 as part of their espionage operation. 🔗Link below for the slides and paper

We’re launching LangSmith Fleet today! There are some primitives in Fleet that I think will be very useful in a future where agents do a lot of the world’s work - Agent Identity: as more work is specified by humans but done by agents, we need identity + security models that reflect that. This means attaching credentials and connections specifically to agents that control what they can read/write and what surface areas they interact with (github, slack, etc) - Agent Self-Improvement: There’s more agents that we’ll use over week, month, year time-scales. Memory and the ability for agents to edit themselves means agents mold to your tasks over use. Because they’re hooked up to LangSmith, this also lets your team generate evals to ground your changes in metrics over time. - Integrate with the World: It’s kinda funny how hard (edge cases!!) it is to connect agents to external tools like Slack and GitHub. Part of it is auth but part is good context engineering to help agents actually use the connections to do useful work. Context engineering around external systems is tricky, Fleet does a lot to help with that process! - Sharing Agents: Memory + Shared surfaces of access means that agents improve over time with your team but also a useful agent built by one team is immediately helpful to other orgs! Coding Agents are work engines and helpful to marketing as much as engineering - Harness Engineering Agents need to adapt their tooling, prompts, memory to the task at hand. All of this is adapting the agent harness for the work. Now agents help you help them. Fleet is a tool for using agents but also building the harness around agents to make them great at the work you want to do. A lot of products exist by making this loop tailored to specific tasks Excited to see people try this, more agents to build and more work to do 🫡

Google just shipped DESIGN.md — a portable, agent-readable design system file. That's the real announcement. Everyone's covering "vibe design" and the canvas. But Stitch now has an MCP server that connects directly to Claude Code, Cursor, and Gemini CLI. Your coding agent can read your design system while it builds. Google already shipped official Claude Code skills for this. The pipeline works today. A PM describes the business objective. Stitch generates the UI. The coding agent reads DESIGN.md and builds against it. No Figma export. No spec document. No "the developer interpreted the design wrong." PRD → design → code used to be three teams and three handoffs. Now it's one loop with one context file.

🚨 FBI Seizes Handala-Linked Domain in Cyber Operation The domain handala-redwanted[.]to has been seized by the FBI following a court-authorized action by the U.S. District Court for the District of Maryland. According to the seizure notice, the infrastructure was allegedly used to conduct or support malicious cyber activities in coordination with a foreign state actor, including potential network intrusions and infrastructure targeting. The seizure is part of an ongoing effort by U.S. law enforcement to disrupt hostile cyber operations and prevent further exploitation. ⚠️ Authorities warn that individuals assisting or attempting to restore such infrastructure may face criminal prosecution under U.S. law. #CyberCrime #CyberThreatIntelligence #Infosec #CyberSecurity #ThreatIntel #DarkWeb #OSINT #FBI #CyberOperations

MiniMax just dropped M2.7 and it's approaching Claude Opus 4.6 on real engineering benchmarks. At $0.30/M input and $1.20/M output vs Opus at $5/$25. That's roughly 17x cheaper on input and 21x cheaper on output. Here's what's actually going on 🧵

🚨 A new ransomware operation, #TheGentlemen, has emerged following an affiliate split revealing how #threatactors evolve from partners to independent operators while retaining advanced tooling, infrastructure, and access pipelines. Our latest analysis explores how this group is operationalizing large-scale attacks by combining exploited network devices, #credentialharvesting, and advanced defense evasion techniques. Key highlights: 🔹 Maintains an inventory of approximately 14,700 compromised FortiGate devices exploited via CVE-2024-55591, offered to affiliates for initial access. 🔹 Separate from exploited devices, the operators maintain over 900 validated brute-forced FortiGate VPN credentials ready for attack. 🔹 Employs Bring-Your-Own-Vulnerable-Driver (BYOVD) techniques to terminate EDR/AV processes at kernel level. 🔹 Approximately 94 organizations have already been attacked by this threat group. 🔹 Active reconnaissance and exploit development targeting SonicWall VPN, Cisco ASA appliances, and Oracle E-Business Suite (EBS), attempting to replicate the Cl0p Oracle exploitation campaigns observed in 2025. 🔹 Ongoing reverse-engineering of #Babuk, #Qilin, LockBit 5.0, and Medusa ransomware samples to extract and integrate superior encryption routines, obfuscation techniques, and #EDR bypass mechanisms into The Gentlemen codebase. The case highlights how modern #ransomware groups are evolving into efficient, highly automated operations built around scalable access and modular tooling. Read the full technical analysis: link.group-ib.com/41defXc