With agentic AI, you are sharing your computer with an increasingly sophisticated and independent actor. Politely asking this actor through configs to avoid reading secrets isn’t a real solution. You need to vault these secrets to mediate access. 1password.com/blog/1password…

Polymorphic malware, manufactured crisis, crazy price increases. 2026 is here! #netsecops

RT this if you’ve seen “WIN-BUNS25TD77J” before 🧐

Security Onion 2.4.201 now available with Suricata and Zeek Updates! blog.securityonion.net/2026/01/securi…

Riddle me this CFTC how many individuals will be going to jail for financial fraud this year ?

Simon Willison curious how this ranks for you in terms of getting direct, real-world value from LLMs

2026 another year of fraud and violence...

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇

Thousands of arcane features each but neither Amazon Web Services nor Microsoft Azure nor Google Cloud have a "don't charge > $100 this month" setting. A million ways to accidentally bankrupt yourself and no way to set a limit. What a curious omission.

The big corpos probably didn’t see it coming that a community of hobbyists could build the most useful tools with AI and end up using the next gen of open source models to run all that stuff on-prem under their desk

CFTC the whole world is watching you...at some point it will matter

Incoming

Unsure what memory vendors are thinking but business will just not buy :) SK hynix

I'm pleased to announce that the CFTC is partnering with the U.S. Securities and Exchange Commission on Project Crypto—bringing coordination, coherence, and a unified approach to the federal oversight of crypto asset markets. Watch my event with Paul Atkins: cftc.gov/PressRoom/Even…

How to run claude in YOLO mode safely: Use the Trail of Bits devcontainer for full file and network isolation. github.com/trailofbits/cl…

F Watch out, it's a wild world out there

In our latest article, @niozow dives into the inner workings of #Windows access tokens, privileges, and the impact of logon rights. As these rights often constitute a blind spot for AD enumeration tools, the article describes our PRs to integrate them into BloodHound ⬇️

My only additional advice would be to use the Admiralty System to score threat actors as they emerge. The #FOR589 team (plus Freddy M) now have two blogs to help you deploy it effectively: 1. sans.org/blog/enhance-y… 2. sans.org/blog/admiralty…