Maybe people need to load keywords on their resumes to pass human and/or automated gatekeepers

But personally I wouldn't include YAML on my resume unless I co-authored the specification

My thoughts on Mythos have started to coalesce:

- 90% of the vulnerabilities it will find will be vulnerabilities you could already find with existing tools. But orgs aren't using those tools consistently or well. Get ahead of this by using existing tools.

- A lot of exploits are going to be chained, so addressing known vulnerabilities and implementing security controls now can help break links in the anticipated exploit chains.

- Organizations should be prepared for expedited patching for vendor and open source software, and prepared to put resources into detecting and remediating vulnerabilities in internal tools.

Alma Linux had updated kernel packages to address Copy Fail (CVE-2026-31431) before RedHat did:

https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/

https://access.redhat.com/security/cve/cve-2026-31431

One of my colleagues is currently trolling co-workers with CVE-2025-71263 (a vulnerability found in the recently rediscovered UNIX V4 source)

I kind of want to let people in on the joke, but quite not enough

Search tools now try to second-guess what I'm searching for. I'm searching for "tree" and it's returning results "three" and "true"

I mean if Levenshtein distance is considered relevance, "trash" is right there

I received an email inviting me to a webinar/talk by Chrys Heard and I thought it was a joke or an AI hallucination based on my name, but there really is someone by that name in infosec

Howdy, Chrys!

Glad to see Flickr has their priorities straight, sending out their "happy birthday to us!" message before notifying me of their data security incident

(I get it, they need to fully understand the scope of the incident before sending out notifications, and the marketing message has probably been in the queue for a month already)