Richard Ackroyd

Ransomware we've recently analysed uses the following command to pop your machine into Safe Mode before performing encryption C:\Windows\System32\bcdedit.exe /set safeboot network Why? Because your EDR/AV might not be allowed to run in Windows Safe Mode 1/2

Something has shifted in the past few months We must position ourselves. My take on how we need to think about AI in the cyber security industry

@chooserich Honesty is the best policy

So one of my AI agents has gone completely off the rails…

Ah, yes, Okta. The vulnerability management company. 🤦‍♂️

@MattZeitlin @d0rkph0enix Is Silicon Valley going to become the Simpsons for the tech space?

this literally happened on silicon valley

@evilsocket @mariuszbit I would advise holding off on OpenClaw until there are more guardrails in place. Unless you are running on a device where your credentials are tightly scoped and you accept their risk of compromise.

1,184 malicious skills were found on OpenClaw's ClawHub marketplace - stealing SSH keys, crypto wallets, browser passwords, and opening reverse shells. One attacker uploaded 677 packages alone. The #1 ranked skill had 9 vulnerabilities and was downloaded thousands of times. awesomeagents.ai/news/openclaw-…

@TheFinPitch @claudeai Funny how the market thinks enhanced vulnerability patching affects some of these companies 😂

@claudeai Carnage in cyberspace

Introducing Claude Code Security, now in limited research preview. It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss. Learn more: anthropic.com/news/claude-co…

@Cyb3rMonk Security is generally in a good position, but we will need to adapt in some areas

For now, I'm quite happy to be a non-developer and my job do require human intelligence. When/If AI starts doing my job well, I think I'll figure something out. I've already made some preparations for it. I hope I can retire until AI starts doing my job 😅

A solution may be to prove that you use technology that avoids attributing a user to a particular VPN subscription but instead authenticates them to engage with overarching service provider. Implement the check before account creation is allowed. This is very hard to prove, however.

The UK has announced plans to fast-track legislation requiring “age verification for VPN use”. The correct term, however, is not age verification but identity verification. A law like this would require everyone to identify themselves in order to use a VPN. This would pose a risk to whistleblowers, violate human rights, and represent yet another step toward an authoritarian society.

@theragetech There is a spiralling number of age and face verification checking and the sector is only going to proliferate with AI generated faces. The thing is, a build fast mentality will lead to inevitable holes in these products - as we have observed many times before.

🚨NEW: HACKERS EXPOSE AGE-VERIFICATION SOFTWARE POWERING SURVEILLANCE WEB Three hacktivists tried to find a workaround to Discord’s age-verification software. Instead, they found its frontend exposed to the open internet, bundling financial reporting with facial recognition tech. For the first time, they lay bare what is really behind a software serving age-verification laws – and why such technology is far from harmless. We spoke with the researchers that exposed the software, who hope that their findings will serve as a wakeup call.

@vysecurity Definitely better to use the word pen-test here. Nonetheless, I wouldn't run that without considerable guardrails and scope limits. That may be built in however!

This isn't a Red Team...

I accidentally selected the breakpoint marker in my IDE. It reminded me of how much time I used to spend stepping through my code to debug issues. AI is truly reducing the amount of time I spend doing this. Do I miss it? ....Maybe.

@Richard_ISC @mattjay Yeah the issue here is that IdP logs often generate a lot of false positive ‘risk events’ which lead to actual risk events - like this - being ignored by responders or not even operationalised in the first place

@mattjay >The security system would not have flagged it as malicious as it would have looked like a normal login or password reset request from me. After that the hackers could have begun searching out access to sensitive or important BBC systems. Lol nothing "normal" about this.

This BBC reporter was offered 25% of a ransom payout if he gave hackers access to the corporate network. He played along, so we got a look inside their tactics here:

Check out the full article here on Detect FYI detect.fyi/on-confidence-…

Bottom line: confidence isn't good or bad, it's about thoughtful implementation. Clear definitions, consistent application, team alignment. Whether chasing precision in-house or managing chaos at scale, it can help if done right

My first article on Detect FYI! Been thinking about confidence scores in security alerts lately. Everyone gets severity - "how bad is this if real?" But confidence asks "how sure are we this is actually malicious?" Many teams either ignore it completely or use it wrong