randy kangas

Finally. This is huge, but needed to happen like 10 years ago. iPhone-Android RCS Conversations Are End-to-End Encrypted in iOS 26.5. macrumors.com/2026/05/11/ios…

I’m going to propose that you develop an uncanny ability to be selectively ignorant. Ignorance may be bliss, but it is also practical. It is imperative that you learn to ignore or redirect all information and interruptions that are irrelevant, unimportant, or unactionable. Most are all three. Lifestyle design is based on massive action—output. Increased output necessitates decreased input. Most information is time-consuming, negative, irrelevant to your goals, and outside of your influence.

Can’t trust WhatsApp

"Pass on what you have learned. Strength, mastery, hmm… but weakness, folly, failure also. Yes, failure, most of all. The greatest teacher, failure is." ~yoda

Me 5-years ago: "I can't wait for WWDC, I wonder what Apple has been cooking over the last year!" Me today in AI: "Every day is WWDC, for the love of God, slow down the releases..."

The biggest cheat code on the planet is adding muscle to your body. It improves insulin sensitivity & burns more calories at rest. It protects your joints & regulates hormones while keeping you functional as you age. The best thing you can do to an aging body is building muscle.

@HackingDave 👊👊👊

Coffee consumption study in over 130,000 people shows 18% reduction in dementia risk. SIGN ME UP! youtube.com/watch?v=zphjOo… #WeHackHealth

Simple analogy on AI and cybersecurity. Security has never been solely a technology problem - it's largely a people problem. Complexity of business integration, misconfigurations, legacy systems, business transformations, M&As, etc. are all part of this industry we call cybersecurity. I can't remember the last time I've used a zero day on a customer before. Claude security scan is awesome - augment and make code better. All for it. Security will continue to evolve with AI and integrate with it making us better and faster. Doesn't replace - will never replace. FWIW we've had source code analyzers since I joined this industry - they've gotten better over time and will continue to get better with AI. If I ask claude to do a FULL COMPREHENSIVE code analysis and find every single security bug and don't stop until you do. It will find some, fix them, and say it's good. If I run the same exact prompt, it will find a whole new set of issues. Now, what's today isn't what's tomorrow - but code analysis is only a small portion of an entire security program and it hasn't nailed that yet, and I don't see it nailing that in the future especially with complex systems and business process integration. I'm excited about today, and the future tomorrow in cybersecurity - it'll continue to evolve and honestly, we haven't had any real major breakthroughs in protecting aside from "the basics" in really 20 years. One of our biggest complaints in cybersecurity is we never have enough funding and people. This should help augment and alleviate some of that burden in the future, but doesn't replace and hits at the core of what our challenges have always been. AI is a great thing for the cybersecurity industry both for offense and defense.

amazon's internal A.I. coding assistant decided the engineers' existing code was inadequate so the bot deleted it to start from scratch that resulted in taking down a part of AWS for 13 hours and was not the first time it had happened incredible ft.com/content/00c282…

What Happens When AI Tokens Cost More Than Your Employees? @Jason: “We, with our agents, hit $300/day per agent using the Claude API, like instantly. And that was doing, maybe, 10 or 20%. That's $100k/year per agent.” @chamath: “We're getting to a place where we have to basically now say, ‘What is the token budget that we're willing to give our best devs?’” “And then if you aggregate it across all people, you can clearly see a trend where you're like, ‘Well, hold on a second, now they need to be at least 2x as productive as another employee.’” “That is actively happening inside my business, because otherwise I'll run out of money.” Jason: “Yeah. This is a very interesting trend that you're not going to hear anybody else talk about, but when do tokens outpace the salary of the employee?” “Because you're about to hit it. I'm about to hit it.”

👊

🛑 WARNING - Notepad++ confirmed state-sponsored attackers hijacked its update traffic via a compromised hosting provider. Selected users were redirected to malicious update servers. The activity ran for months. 🔗 Learn more → thehackernews.com/2026/02/notepa…

🚨 Another CVSS 10.0 n8n vulnerability disclosed. Researchers found another critical flaw (CVE-2026-21858) in n8n that lets remote attackers take full control with no authentication required. The bug abuses Content-Type handling in form webhooks to read local files, steal secrets, forge admin sessions, and achieve RCE. 🔗 Details here → thehackernews.com/2026/01/critic…

🚨 Warning - Yet another n8n vulnerability. n8n disclosed a CVSS 10.0 RCE flaw allowing authenticated users to execute untrusted code and fully compromise an instance. CVE-2026-21877 affects cloud and self-hosted deployments running versions ≥0.123.0 and <1.121.3. 🔗 Read → thehackernews.com/2026/01/n8n-wa…

⚠️ Warning: Two Chrome extensions with 900,000+ installs were found stealing ChatGPT and DeepSeek conversations, plus all open tab URLs. Researchers call this prompt poaching. 🔗 Read here → thehackernews.com/2026/01/two-ch…

GitHub - rootsecdev/Azure-Red-Team: Azure Security Resources and Notes github.com/rootsecdev/Azu…

Mourning our friend, his family, and all those lost in today’s tragedy.

🛑 WARNING: CVE-2025-20393 is rated 10.0, with no patch available. Cisco confirmed active exploitation of an AsyncOS zero-day by a China-linked APT. The flaw allows root-level command execution on affected email security appliances and enables attackers to establish persistence. 🔗 Details and mitigations → thehackernews.com/2025/12/cisco-…

CVE-2025-55182 (aka "React2Shell") continues to be exploited 🚨 Google Threat Intelligence Group has observed multiple campaigns, including China-nexus and financially motivated activity. Get the latest insights to identify and remediate this threat ➡️ bit.ly/3XYde3S