Bill

@[email protected]
1.4K Followers
481 Following
18K Posts
I break software.
Bloghttps://sempf.net
OWASPhttps://owasp.org/www-chapter-columbus/
Githubhttps://github.com/sempf
Amateur RadioKE8PCT
POINThttps://pointweb.net
HeaderMedeco Biaxial
Bill2h ago

More on these AIBOMs. Not gonna be long before companies start requiring these before buying products.

https://www.darkreading.com/cyber-risk/how-cisos-should-prep-for-agentic-ready-ai-boms

#ai #sbom

Bill2h ago

Here's an honestly interesting possibility for AI use - they are looking at your company's incoming mail for baddies. I might use that, if I could prevent email from inside the company from being scanned.

https://www.securityweek.com/ocean-emerges-from-stealth-with-28m-for-agentic-email-security-platform/

#email #ai

Ocean Emerges From Stealth With $28M for Agentic Email Security Platform

Ocean emerged from stealth mode this week with $28 million in funding for its agentic email security platform.

SecurityWeek
Bill9h ago
People keep saying the Democratic Paty is falling apart. While that is true, I do believe that the entire political system of the United States has more or less dissolved into irrelevancy. It's the democrats, the GOP, the people in the middle. We, the citizenry for whom this political system is supposed to be, is left with bupkis.
Bill18h ago
Catalin Cimpanu18h ago

The Nx Dev Tools CEO confirms that his company's Nx Console VS Code extension served as the initial entry point for the GitHub repo hack: https://x.com/jeffbcross/status/2057236396658811020

Nx incident: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w

Step Security report: https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised

Jeff Cross (@jeffbcross) on X

GitHub’s report today confirms that the compromised Nx Console extension was used as the initial access vector in this attack. This is a difficult thing to read as the CEO of Nx, and I want to be direct about it: we take responsibility for the role our software played in this

X (formerly Twitter)
Bill1d ago

The GitHub breach last night was worse than reported. 4000 or so private repos for sale on Tor. LAPSUS$ is claiming it's for sale already but it isn't on their release site.

https://thehackernews.com/2026/05/github-investigating-teampcp-claimed.html?m=1

#github #breach

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub is investigating unauthorized access to internal repositories after TeamPCP listed alleged source code and internal organizations for sale.

The Hacker News
Bill1d ago
Man. Life is a lot.
Bill1d ago
First Apple harvest! #gardening
Bill2d ago

Oh yeah. Drupal has a bug.

https://www.securityweek.com/drupal-to-patch-highly-critical-vulnerability-at-risk-of-quick-exploitation/

#drupal #vulnerability

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Drupal is warning users that it’s preparing a patch for a ‘highly critical’ vulnerability that may be exploited shortly after its disclosure.

SecurityWeek
Bill2d ago

CycloneDX has already added AI enhancements to their SBOM toolset, though I've found that it is easy to just ask the cli to make an SBOM for me when done.

https://www.darkreading.com/cybersecurity-analytics/what-make-ai-bom-real

#supplychain #vibecoding

Bill2d ago
Viss2d ago

Phobos Group has a new offering!
Airlock:
a practical container architecture for teams using claude code, codex, and other tui-based, npm-heavy toolsets for agentic development, workflows and pipelines.

It's an incus-based security architecture and design created to directly address the ceaseless supply chain attacks which have been ramping up since mid 2024 or so.

If you can think of someone who would find this useful, please send them my way!
#phobosgroup #airlock