Xavier «X» Santolaria  

@[email protected]
1.9K Followers
656 Following
301 Posts

👨‍👩‍👧‍👦 Husband. Proud Father. He/Him.


👁️ 🐝 Ⓜ️ IBM Inventor and Cloud Security Solution Architect | Open Innovation Community.

Member of the IBM Academy of Technology (AoT).

 ex-#OpenBSD (xsa@). Hacker. Open Source Advocate.


💬 My Own Views. Always.

#ibm #infosec #cloudsecurity #fedi22 #wehackhealth #crossfit #emtb #fieldhockey #porsche #nobot

📍 Location🇧🇪🇪🇸 @ 🇨🇭
🌍 Websitehttps://0x58.santolaria.net
:github: GitHubhttps://github.com/xsa
🔑 Keybasehttps://xsa.keybase.pub/mastodon.html
📨 Newsletterhttps://infosec-mashup.santolaria.net/?utm_source=mastodon&utm_medium=social
🗓️ {Cyber,Info}Sec Eventshttps://xsa.github.io/infosec-events/
Show threadXavier «X» Santolaria  19h ago
@krypt3ia Based on the simple supply & demand concept, even free, I don't think there's still any demand.
Xavier «X» Santolaria  21h ago

RSA Conference was in full swing in San Francisco this week — booths, buzzwords, and billion-dollar pitches as far as the eye can see. Meanwhile, out in the real world, threat actors didn't get the memo. Iran-linked hackers are using Telegram to hunt down dissidents and journalists, while TeamPCP's supply chain worm is deploying Kubernetes wipers that specifically target Iranian clusters. Two sides of the same geopolitical coin, playing out in parallel — and neither one is buying a vendor badge.

→ Week #13/2026 also covers:

🪱 TeamPCP's worm ;

🇮🇱 🇮🇷 Iran's hacked cameras ;

🆙 ✅ A Tycoon 2FA that just won't die ;

❌ 🇺🇸 The FCC has banned the sale of new consumer routers made outside the USA;

💰️ #OpenAI launched a public safety bug bounty for #AI-specific abuse and safety risks;

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-13-2026-rsa-week-real-world-problems

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

🕵🏻‍♂️ [InfoSec MASHUP] 13/2026 - RSA Week, Real World Problems

Plus: TeamPCP's worm, Iran's hacked cameras, and a Tycoon 2FA that just won't die. The real RSA keynotes.

X’s InfoSec Newsletter
Show threadXavier «X» Santolaria  1d ago
@jerry Ones that spans over an extended period of time, e.g. months or years, but never managed to get to it.
Xavier «X» Santolaria  1d ago

Why did it take them so long?  

https://www.theregister.com/2026/03/26/github_ai_training_policy_changes/

#infosec #cybersecurity #data #ai #tech #github

GitHub hits CTRL-Z, decides it will train its AI with user data after all

: As of April 24 you'll be feeding the Octocat unless you opt out

The Register
Xavier «X» Santolaria  1d ago

Iran-linked hacking group Handala says it breached FBI director Kash Patel’s personal Gmail .. 😵

#infosec #cybersecurity #iran

Xavier «X» Santolaria  3d ago
Dan Goodin4d ago

Wow, TeamPCP is hacking open-source developers faster than we can report on them. The latest (that I'm aware of, anyway) is LiteLLM. They worked with Trivy but didn't bother to change their credentials after Trivy was hacked, despite an ample amount of advice to do so.

Folks, if any of you used LiteLLM, now is the time to change your credentials, in an atomic way. Now, as in immediately.

https://news.ycombinator.com/item?id=47501729

LiteLLM Python package compromised by supply-chain attack | Hacker News

Xavier «X» Santolaria  4d ago
The Cyber Unc4d ago

New by me: As a Cybersecurity Professional, I Think Proton’s Born Private Campaign is a Smart Move

We talk a lot about keeping kids safe online, but not enough about protecting their privacy before platforms start building a profile around them.

I wrote about why @protonprivacy Born Private campaign stood out to me from a cybersecurity perspective, and why a child’s future digital identity deserves more care from the start.

https://www.kylereddoch.me/blog/as-a-cybersecurity-professional-i-think-protons-born-private-campaign-is-a-smart-move/

#Cybersecurity #Privacy #InfoSec #ProtonMail #DigitalPrivacy #OnlineSafety

As a Cybersecurity Professional, I Think Proton’s Born Private Campaign is a Smart Move

Proton’s new Born Private campaign is a strong reminder that a child’s digital life should begin with privacy, not profiling.

CybersecKyle
Show threadXavier «X» Santolaria  4d ago
@accidentalciso Can't go wrong with Herman Miller.
Xavier «X» Santolaria  5d ago
Xavier «X» Santolaria  Mar 21

👋 Writing this from San Diego 🇺🇸 — about as far from my Swiss desk as a timezone can stretch. But the news didn't care about my travel schedule.

If there's one thread running through this week, it's Iran: Boggy Serpens refining its AI-enhanced espionage playbook, an attempted intrusion at Poland's nuclear research center with Iranian fingerprints, the EU hitting Iranian entities with fresh sanctions — and Iran's own population cut off from the internet for over two weeks now. Stryker is still cleaning up from last week's Handala attack too. A lot of activity from a lot of pro-Iran actors in one week.

→ Week #12/2026 also covers:

🪱 GlassWorm escalates its supply chain campaign,

🇪🇺 🗳️ EU votes to ban mass message scanning,

🤓 🇬🇧 A witness blamed ChatGPT for his smartglasses

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-12-2026-iran-is-everywhere-this-week

If you find it useful, subscribe to get it in your inbox every weekend 📨

#infosecMASHUP #cybersecurity #infosec #threatintel

🕵🏻‍♂️ [InfoSec MASHUP] 12/2026 - Iran Is Everywhere This Week

Plus: GlassWorm escalates its supply chain campaign, EU votes to ban mass message scanning, a witness blamed ChatGPT for his smartglasses

X’s InfoSec Newsletter
Xavier «X» Santolaria  6d ago
Markus EiseleMar 22

The Quarkus team recently published new performance benchmarks.

The interesting part isn’t just the results.
It’s the engineering work that went into making them reproducible and transparent.

• why benchmarking Java frameworks is harder than it looks
• why laptop benchmarks often mislead developers
• what these results actually mean

https://www.the-main-thread.com/p/quarkus-performance-benchmarks-java-developers

#Java #Quarkus #Benchmarking #Performance