| Website | https://roguesecurity.dev |
| BlueSky | https://bsky.app/profile/roguesecurity.dev |
| GitHub | https://github.com/starkzarn |
| XMPP | [email protected] |
RE: https://infosec.exchange/@briankrebs/116619211861422630
Ayrey said CISA still hadn’t invalidated an RSA private key exposed in the Private-CISA repo that granted access to a GitHub app which is owned by the CISA enterprise account and installed on the CISA-IT GitHub organization with full access to all code repositories.
Pure. Unadulterated. Incompetence.
The Flipper team has been cooking up something new and exciting, but they need all the help they can get to make it happen. Get to it, people!
RE: https://infosec.exchange/@cR0w/116613203901479791
When I saw this this morning, I thought oh neat I'm going to see what it takes to submit a KEV, now that they're crowdsourcing it. When it got a connection failure I looked up and saw qualtrics... I shouldn't be surprised at this point but man, talk about adding insult to injury...
I heard* that the next Red Hat will have 'AI Command Line Assistance' (whatever that is) and, F* that S* I am out.
Seriously, I am out. Red Hat and ANY OTHER Linux distro that tries that stunt can effing go to hell. I was going to post something funny here, but this is last nail in the coffin of a once great open source company.
Either you are selling a bash-completion++ package or you are polluting an OS with an LLM. Either way, not a good look.
(* h/t to Slashdot: https://linux.slashdot.org/story/26/05/20/203252/rhel-102-released-with-new-ai-command-line-assistance)
Red Hat has released RHEL 10.2 and 9.8 with new AI-assisted command-line tools. The releases also add updated developer toolchains such as Go 1.26, LLVM 21, Rust 1.92, Python 3.14, and PHP 8.4. Phoronix reports: Red Hat Enterprise Linux has introduced the goose command for power users. Goose is an ...
So let me get this straight:
in a 48-hour period, Microsoft-owned Github got compromised due to a malicious extension in Microsoft-owned VScode
and Microsoft-owned Windows has a system-integral RCE vulnerability thanks to Microsoft-owned Windows Defender... scanning a file.
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
Dear threat research firms,
A modest proposal for your threat intel blog posts:
A single table of Indicators of Compromise.
3 columns: Value, Type, Description.
The same format. Every time.
Easier for you, easier for your readers, easier for us.
XOXO IFIN
RE: https://infosec.exchange/@thezdi/116573788334426611
Mythos will help Anthropic find all their zero days.
/s
artful modder
a high doom
Parade du Grotesque 💀
Ian Campbell 🏴
BrianKrebs
IFIN - The Independent Federated Intelligence Network
Jerry 🦙💝🦙
Kevin Beaumont