Matt Johansen

46.8K posts

Matt Johansen banner
Matt Johansen

Matt Johansen

@mattjay

Helping Secure the Internet | Long Island elder emo surviving in ATX | Expect: infosec current events, DFIR, appsec & cloudsec - and me!

Join 33k+ subscribers: Katılım Haziran 2008
1.9K Takip Edilen45K Takipçiler
Sabitlenmiş Tweet
Matt Johansen
Matt Johansen@mattjay·
🚨 Exciting thing🚨 I'm getting back to my content creation roots. I've missed blogging, podcasting, and community engagement from back before I worked for big companies with scary PR teams. So... I'm launching a newsletter called Vulnerable U. vulnu.beehiiv.com
English
19
43
284
190.6K
Matt Johansen
Matt Johansen@mattjay·
You’re not allowed to do that. I’m guessing they’ll make an example out of him.
English
2
2
23
2.7K
Matt Johansen
Matt Johansen@mattjay·
woah this is insane
NIK@ns123abc

🚨BREAKING: SUPER MICRO CO-FOUNDER ARRESTED FOR SMUGGLING $2.5B IN NVIDIA GPUs TO CHINA >SMCI co-founder Yih-Shyan "Wally" Liaw arrested today >personally holds $464 MILLION in SMCI stock >charged with smuggling BILLIONS in Nvidia servers to china >used a southeast asian shell company to funnel $2.5B in servers to chinese buyers >$510 million worth shipped in just THREE WEEKS in spring 2025 >built thousands of fake dummy servers to fool U.S compliance auditors >caught on surveillance camera using a HAIR DRYER to swap serial number stickers >coordinated the whole thing over encrypted group chats >SMCI down 12% after hours >faces up to 30 years in federal prison ITS SO OVER…

English
3
5
44
8.6K
Matt Johansen
Matt Johansen@mattjay·
DOJ just announced takedown of four major botnets - Aisuru, KimWolf, JackSkid, and Mossad. This is significant scale. > The numbers here are wild: combined 3+ million infected devices globally (hundreds of thousands in US alone), and attacks hitting 30 Tbps. That's legitimately record-breaking DDoS capacity. Cybercrime-as-a-service model - operators selling access to other criminals for attacks and extortion. > Interesting technical detail: KimWolf and JackSkid specifically targeted devices that are normally firewalled from the internet. > DCIS led the US side, executing seizure warrants on domains, virtual servers, and infrastructure. Makes sense given DoD networks were among the victims. FBI Anchorage assisted. > Infrastructure disruption targeted C2 servers to cut off botnet communications. Goal is preventing further infections and killing ability to launch new attacks. Standard playbook but execution at this scale is noteworthy. > The private sector involvement list is extensive: Akamai, AWS, Cloudflare, Google, Oracle, PayPal, Shadowserver, Team Cymru, etc. > Victims reporting tens of thousands in losses and remediation costs. Extortion component means some paid before even calculating incident response expenses. > Case being prosecuted out of Alaska District, which has been increasingly active on DDoS cases. Related to previous Rapper Bot and booter service takedowns. Pattern of sustained focus on DDoS infrastructure.
Matt Johansen tweet media
English
2
9
41
3K
Matt Johansen
Matt Johansen@mattjay·
Hey @matthew_d_green - how does this factor into a lot of your comments over the last few days? Seems like a good direction but also cognizant of your point about extracting advertising signal from encrypted messages even if “private.”
Andy Greenberg (@agreenberg at the other places)@a_greenberg

It's kind of weird that Meta didn't announce this. Seems like it could be a big deal, maybe one that pressures other AI companies to follow suit. wired.com/story/signals-…

English
0
0
6
1.3K
Matt Johansen retweetledi
Troy Hunt
Troy Hunt@troyhunt·
I’m seeing so much disinformation and hyperbole around age verification, and it’s increasingly feeling like it’s conscious and coordinated. Stuff like this isn’t accidental.
vx-underground@vxunderground

I am impressed by this accounts ability to re-discover the same breaking news every couple of weeks. It is evident now they're exploiting peoples fear of identity verification for profit. Image 1. February 20 Image 2. February 25 Image 3. March 6 Image 4. March 14

English
16
12
103
19.1K
solst/ICE of Astarte
solst/ICE of Astarte@IceSolst·
‼️🚨 BREAKING: It has come to my attention that some of you are not following @noperator He has a five-digit IQ and is working on a bunch of cool projects like SiftRank and Cagent Please follow asap
ɐʞsǝs@akses_0x00

@IceSolst @noperator yes! love this and thanks for the SiftRank tip... how was I not following @noperator until now... fixed

English
13
5
78
8.6K
Matt Johansen
Matt Johansen@mattjay·
I’ve been briefed on this one from the team that found it. I interviewed them yesterday and will put out a video soon. - it’s an insane story between Darksword and Coruna.
Andy Greenberg (@agreenberg at the other places)@a_greenberg

A second iOS exploit has been spotted in use by Russian spies to infect websites and hack visitors' iPhones. This one works on iOS 18, and appeared in a very reusable form, so will likely proliferate. If you haven't updated your iPhone, now's the time. wired.com/story/hundreds…

English
3
9
115
15.1K
Matt Johansen
Matt Johansen@mattjay·
Petition to get @vxunderground on Fox News Time to really scare them in between cialis commercials.
vx-underground@vxunderground

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

English
4
3
64
3.9K
maha
maha@mahaaaay·
my dad isn’t picking me up from the airport anymore
maha tweet media
English
5
0
89
3.4K
Matt Johansen
Matt Johansen@mattjay·
Meta is joining the war against encryption - and funding the war for age verification.
English
6
60
214
12.5K
Gianni Dalerta 🔮
Gianni Dalerta 🔮@GianniDalerta·
@mattjay @mattjay Your sarcasm about enterprise security is valid - but Microsoft's Claude integration in M365 is addressing exactly that gap. Security-aware reasoning inside governance boundaries. Today's digest: x.com/GianniDalerta/…
Gianni Dalerta 🔮@GianniDalerta

📬 LARRY'S DAILY DIGEST - Monday, March 16, 2026 🦞 🔥 BIG NEWS Microsoft just dropped Claude Sonnet into M365 Copilot last week, and the enterprise AI wars are getting spicy.

English
1
0
0
52
maha
maha@mahaaaay·
you, stupid: multifactor authentication me, smart: passwordless authentication
English
3
0
40
1.9K
Matt Johansen
Matt Johansen@mattjay·
@techspence @ZackKorman Yeah that’s my stance. If you made a daily video or LinkedIn post about what you’re learning you’ll - A) learn and comprehend more because you have to be comfortable talking about it. B) have a public record to point to - bonus points if you work on a GitHub profile too.
English
1
0
2
65
spencer
spencer@techspence·
@ZackKorman @mattjay Yesss!! Many thoughts on this too. People don’t hire certs. They hire other people. People they know like and trust.
English
2
0
12
246
spencer
spencer@techspence·
Creat content about what you’re learning
Rob Terrin@RobTerrin

@techspence I'm with you, but just to play devil's advocate, how is someone supposed to turn the resources and time an AD lab takes to set up and understand into income? Certs and classes, for all their problems, have a pretty clear path.

English
2
5
24
3.3K
Matt Johansen retweetledi
Roman Helmet Guy
Roman Helmet Guy@romanhelmetguy·
Warning: Do not adopt any new code editors this month. Beware the IDEs of March.
English
118
588
7.9K
376.4K
Dave Kennedy
Dave Kennedy@HackingDave·
I still don’t understand the whole AI personal assistant thing. I’ve really tried - I don’t want to give AI access to emails, calendar.. I tried perplexity with a Mac mini - it was awful. Zero use that I can see. What am I missing? Claude is amazing - my mind to code is incredible. This whole AI personal assistant that runs your workflows… I run multiple companies and already have pulse checks on it all.. just don’t see the need or any major gain.
English
89
16
292
43.6K
Zack Korman
Zack Korman@ZackKorman·
I made a video with @pilvar222, AI pentest lead at Aikido. We talked about the future of AI pentesting and whether it replaces appsec tools like SAST and DAST. First question: "Is Anthropic going to destroy your company?" youtube.com/watch?v=aWieO5…
YouTube video
YouTube
Zack Korman tweet media
English
10
13
80
12K

Keşfet

@JakeKing @matthew_d_green @IceSolst @noperator @vxunderground @mahaaaay @GianniDalerta @elonmusk