Mastodawn

If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld

Maxime Thiebaut Feb 27

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 Feb 27

21 of the world's best intelligence and security agencies cannot be wrong... right?
https://netresec.com/?b=26233f4

Maxime Thiebaut Feb 26

Cat 🐈🥗 (D.Burch)

⁠

Feb 26

Maxime Thiebaut Feb 13

watchTowr Feb 13

2026, the year of the AI-driven attacker that could do back flips, they said.

Meanwhile, there's a magic number that allows Auth Bypass against Ivanti EPM (CVE-2026-1603)

something about a pledge 🙄

Maxime Thiebaut Jan 31

wr Jan 31

History repeats itself... not a single pre-event mention of #FOSDEM 2026 in the Belgian mainstream media.
Wake-up Belgium! You're hosting the largest Free Software and OpenSource related conference in the f#####g World!

Maxime Thiebaut Jan 30

watchTowr Jan 30

Someone knows Bash disgustingly well, and we love it.

Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340.

This research fuels our technology, enabling our clients to accurately determine their exposure.

https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340

Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)

When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - actively exploited pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule - every January. Welcome back to another

watchTowr Labs

Maxime Thiebaut Jan 15

@hrbrmstr fast traveling or typo ;) ? https://www.labs.greynoise.io/grimoire/2026-01-13-smartermail-version-enumeration/#:~:text=a%20continuance%20of%20the%20trend%20we%E2%80%99ve%20been%20observing%20throughout%20the%20latter%20half%20of%202026

Maxime Thiebaut Nov 14

BrianKrebs Nov 14

Best quote I've seen all day so far, from an Ars piece by @dangoodin on skepticism around OpenAI's breathless claim that a Chinese hacking group used Claude code to automate 90 percent of their attack:

“I continue to refuse to believe that attackers are somehow able to get these models to jump through hoops that nobody else can,” Dan Tentler, executive founder of Phobos Group and a researcher with expertise in complex security breaches, told Ars. “Why do the models give these attackers what they want 90% of the time but the rest of us have to deal with ass-kissing, stonewalling, and acid trips?”

https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Researchers question Anthropic claim that AI-assisted attack was 90% autonomous

The results of AI-assisted hacking aren’t as impressive as many might have us believe.

Ars Technica

Maxime Thiebaut Nov 5

Fresh from our press 👀 "Decoding VShell: Insights into a Chinese-Language Cyber Espionage Tool". If you're in #threatintel I hope you'll enjoy it, we share our efforts on tracking, clustering, some protocol reversing & interesting findings.

https://www.nviso.eu/blog/nviso-analyzes-vshell-post-exploitation-tool

NVISO analyzes VShell post-exploitation tool

NVISO has actively tracked VShell for months, a Chinese-language intrusion tool used in espionage campaigns. NVISO has actively tracked VShell for months, a Chinese-language intrusion tool used in espionage campaigns. We share global infrastructure tracking techniques, tools to decrypt VShell communications, and insights into attacker behaviors.

NVISO

Maxime Thiebaut Nov 4

daniel:// stenberg://Nov 4

"Secure Software Lifecycle for Open Source Software" according to the German Federal Office for Information Security (BSI)

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03185/BSI-TR-03185-2.pdf

Blog	https://thiebaut.dev
GitHub	https://github.com/0xThiebaut