Pretty 🔥 how Sigma v2 has a modifier for base64 now 👏 blog.sigmahq.io/introducing-si…

Today RunReveal is announcing support for sigma detections and open sourcing our sigma rule evaluator, sigmalite. Read the blog, and check out the code! sigmalite.dev blog.runreveal.com/introducing-si…

The latest OCSF release has some IAM goodies. It's almost as if identity is the new perimeter 💡 * Group Management: handles subgroups now! (I helped with this one 🎉) * new IAM Analysis Finding class, and many new dictionary items related to identities github.com/ocsf/ocsf-sche…

🆕 YARA module this week: Chrome extension bundles! Would be pretty cool to add Mandiant's Permission Hash to the module's output for pivoting fun! Secure Annex exposes Permhash's in their UI/API so this would be a nice CLI format

Cursor is now using Open VSX to install code editor extensions from. You must understand the implications of this right now. There has been an attack campaign happening for more than a month with extensions that install ScreenConnect. Below is ANOTHER example.

Got prompted to use a Passkey in the Costco app, it’s a good day 👌

Some days I worry about AGI taking my job, other days I know I'm safe for a few years... Both gpt-5-codex high, and Claude Code both spun their wheels for 15+ minutes pointing to a compiler toolchain issues even given a git commit where the issue must be... this was the fix!

How many apps have a shortcut to email their CEO? 👀 I’m guessing it’s a short list with only Matter