Stacey Holleran

455 Followers
385 Following
499 Posts
Communications at AISLE. Hanging with the #infosec crew. Opinions expressed are mine unless they are yours too. Then they are ours.
#atl #dogmom #natureart #humanity #itstheguns

Google Exec: We can make our users click on pictures of busses for as long as ten minutes, just to visit a website.

LinkdIn Exec: haha that's nothing. We can get users to send their ID *and* take pictures of five different facial angles, that's how desperate they are to find work.

Zenni Exec: lol your'e both newbs. I bet I can get four-eyed nerds to play Forehead Poker with their own credit cards just to buy glasses!

AISLE Discovers 6 New CVEs in #curl, Including the Oldest Issue Ever Reported

https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported

AISLE Discovers 6 CVEs in curl, Including Oldest Issue Ever

AISLE's analyzer discovered 6 new CVEs in curl, more than 2x the nearest AI security platform and including the oldest security issue in the project.

AISLE

RE: https://mastodon.social/@bagder/116807425534711479

There is a European-owned place called https://aisle.com/ that is doing world class security bug finding. Beating Mythos even in this case. But no one in Europe likes talking up our own talent. Been trying to get them mentioned in Dutch news for ages, but all we can do apparently is promote US tech.

Remember those 2 guys who committed ransomware extortion rather than protecting clients? They each only got 4 years! https://cyberscoop.com/incident-responders-ryan-goldberg-kevin-martin-sentenced-ransomware/
Former incident responders sentenced to 4 years in prison for committing ransomware attacks

Ryan Goldberg and Kevin Martin attacked five companies in 2023 and extorted nearly $1.3 million from one of their victims.

CyberScoop
Trump proposes cutting CISA election security program in FY27 budget

The move is part of $700 million in proposed program cuts, resulting in a net funding reduction of about $360 million. The budget also projects eliminating some 860 positions.

Nextgov.com
Rapid7 MDR is monitoring an increase in phishing campaigns via #MicrosoftTeams, wherein threat actors are impersonating internal IT departments then persuading users to grant remote access. https://www.rapid7.com/blog/post/dr-guidance-on-observed-microsoft-teams-phishing-campaigns/
Rapid7 Guidance on Observed Microsoft Teams Phishing Campaigns

The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Teams. The primary objective is to persuade users to launch Quick Assist, granting the TA remote access to deploy malware, exfiltrate data, or facilitate lateral movement across the network.

Rapid7

New, by me: How AI Assistants are Moving the Security Goalposts

AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

Read more (and boost please!):

https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/

#openclaw #AI #agentic #aiagents #lethaltrifecta

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.

To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts.

Who could possibly have foreseen this? Aside from anyone paying even the slightest bit of attention?

"One of the codebases…contained 2,675 distinct licensing conflicts, indicating the complexity of managing IP has grown exponentially…the mean number of vulnerabilities in code has nearly doubled since last year. Eighty-seven percent of the codebases had at least one vulnerability, 78% had high-risk vulnerabilities, and 44% had critical-risk vulnerabilities."

https://sdtimes.com/ai/report-open-source-licensing-conflicts-hit-an-all-time-high-as-organizations-struggle-to-audit-ai-generated-code-for-ip-risks/

#OpenSource

Report: Open source licensing conflicts hit an all-time high as organizations struggle to audit AI-generated code for IP risks

In a new report, Black Duck analyzed 947 commercial codebases and found that two-thirds of them had license conflicts.

SD Times