When we fight, we win
https://www.theregister.com/2026/03/30/github_copilot_ads_pull_requests
A thing being repeated across businesses worldwide, including at Microsoft, is C level execs struggling to know why most staff aren’t using Copilot for M365, despite how much it costs.
Because most staff don’t spend all day in Teams meetings reading out PowerPoint slides to people who pretend to care. They have actual jobs. Doing work. Which they know how to do. Because it is their job.
NEW RESEARCH - I'm pretty proud we were able to pound out and ship a piece on this within 3 days. But its importance may get lost in the news cycle.
While we continue to struggle with things like keeping private keys secret, we're also busy introducing autonomous, nondeterministic agents into every place possible that are subject both to all the problems we still struggle with *AND* largely interminable new problems that can't be easily guardrailed-away.
Sure, this is a Chinese company so it's difficult for many folks to envision the same thing happening in the US, but we are 100% setting ourselves up for it, and companies and professionals not gleefully joining in the regressions are being continually punished.
This is a warning sign, and unfortunately, we will fail to heed it.
Your UEFI firmware can inject a PE binary into Windows on every boot via WPBT (Windows Platform Binary Table). smss.exe extracts it to disk and runs it as SYSTEM. OEMs use this to survive OS reinstalls. Attackers use it the same way.
One registry key tells Windows to ignore the table entirely:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v DisableWpbtExecution /d 1 /t REG_DWORD /f
Won't stop real firmware implants, but kills a whole class of cheap persistence for free.
With the recent integration of CERT-VDE’s CSAF advisories, it becomes even clearer why diverse vulnerability data sources are essential.
CSAF delivers direct vendor remediation information, and when correlated with the CVE Program , it highlights how important federation and data correlation are for remediation efforts and vulnerability management as a whole. (See example below)
🔗 https://db.gcve.eu/vuln/vde-2025-066
#gcve #cve #vulnerabilitymanagement #cybersecurity #opensource
I suspect most people outside of the UK won't have heard about the post office scandal, but it seems highly relevant to learn about now (given *waves* this):
For over 15 years, the software post offices in the UK had to use contained severe bugs, particular in accounting, that everyone at Fujitsu/horizon and the post blissfully ignored. Over 900 (!!!) postmasters were sentenced for alleged theft and fraud, some went to jail, some committed suicide. All because the software was shit and everyone who could do something about it didn't care and swept it under the rug.
Everything, including how it was uncovered, about this seems bizarre and Kafkaesque, but we better prepare for it to happen more often.
systemd goes AI agent slopware https://github.com/systemd/systemd/blob/c1d4d5fd9ae56dc07377ef63417f461a0f4a4346/AGENTS.md
has slop documentation now too
Got an AI-written reply from a vendor we pay tens of millions of dollars a year to, and it doesn't feel good.
Three people spent enormous
deliberative effort for a whole day in very expensive company time to make every word of that.
You put it in an answer shredder and spit it at me with some editing.
Feels bad.
Taggart
Kevin Beaumont
David Huser
Ian Campbell 🏴
dragosr
Alexandre Dulaunoy
Raimo (he/him)
Christine Lemmer-Webber
SwiftOnSecurity