๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณ

@[email protected]
12 Followers
77 Following
97 Posts
Military roots, cyber nerd, tinkerer, thinker. Frequently found reading and occasionally writing about Tech & babbling about cybersecurity.
๐Ÿ›ก๏ธ What I Share HereThoughts on cybersecurity trends & real-world defense strategies Insights from open source projects and community engagement Notes on programming (learning Python & tackling The Odin Project) Reflections from Stoicism & philosophy applied to daily life
๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณMay 16

Most developers are trained to write code โ€” but senior engineers are defined by how well they can read and understand it.

The infographic breaks down why code comprehension is becoming the real differentiator in modern software systems.

Cross posted in LinkedIn:
https://www.linkedin.com/feed/update/activity:7461389515111170048

#SecureCoding #CodeReview #AIinSoftware #EngineeringLeadership

๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณMay 9

๐ŸฆŠ Firefox Hardening: The AI Breakthrough

Mozilla just revealed how they patched 423 vulnerabilities in a single monthโ€”more than the previous 15 months combined. Here is the "too long; didn't read" on their new security strategy:

The Tool: Mozilla built an "agentic harness" using Claude Mythos Preview. It doesn't just scan code; it acts like a security researcher to find, reproduce, and verify bugs.

The "Cold Cases": The AI unearthed bugs that survived for 20 years, including deep-rooted flaws in XSLT and legacy HTML elements that traditional tools missed.

Sandbox Safety: A huge win for privacyโ€”the system focused on "sec-high" issues to prevent attackers from escaping the browser sandbox to access your OS.

The Verdict: This isn't just hype. Mozilla is now integrating this AI-driven auditing directly into their daily build process to catch bugs before they ever reach a user.

The Bottom Line: Firefox just got significantly harder to hack, thanks to a massive AI-led cleanup of two decades of legacy code.

Read the full technical breakdown: ๐Ÿ”— https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox

#Firefox #CyberSecurity #Mozilla #InfoSec #AI #ClaudeMythos #OpenSource #WebDev

Behind the Scenes Hardening Firefox with Claude Mythos Preview โ€“ Mozilla Hacks - the Web developer blog

New details about what we found, and how agentic harnesses are now able to reproduce real bugs and dismiss false positives.

Mozilla Hacks โ€“ the Web developer blog
Show thread๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณMay 9
Here's more details https://copy.fail/
Copy Fail โ€” 732 Bytes to Root

CVE-2026-31431. 100% Reliable Linux LPE โ€” no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

Xint
๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณMay 9

A kernel bug sat in plain sight for 8 years. AI found it in an hour.

Wrong takeaway: AI is making attackers faster.

Better takeaway: our security model assumes too much about patching.

Assume latent flaws exist.
Design around containment, isolation, and resilience.

AI isnโ€™t changing vulnerability physics.
Itโ€™s exposing reality faster.

More thoughts here:
LinkedIn: ๐Ÿ”— https://www.linkedin.com/posts/dinesh-mr_73-sounds-impressive-until-you-ask-what-activity-7458128840872349696-kpVc

#CyberSecurity #Linux #AISecurity #SecurityEngineering

๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณMay 9

Cyber governance is not solved by hiring one โ€œboard cyber expert.โ€

The bigger shift: โ†’ executive accountability
โ†’ AI security by design
โ†’ resilience over checkbox compliance

Boards shouldnโ€™t ask, โ€œAre we compliant?โ€
They should ask, โ€œCan we take a hit and keep operating?โ€

Extract from๐Ÿ”— https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity

#CyberSecurity #AISecurity #Governance #Resilience #CISO

Boards Are Falling Short on Cybersecurity

Despite boards placing greater emphasis on cyber risk, their ability to mitigate it is improving slowly and marginally. There are three prominent factors driving this problem: 1) thereโ€™s a lack of cybersecurity expertise; 2) board-level conversations about AI ignore security; and 3) boards mistake regulatory compliance for security. There are concrete steps boards can take to address each factor. First, rather than increasing the number of directors with cybersecurity expertise, boards should concentrate their cybersecurity responsibilities on selecting and overseeing effective cybersecurity executives. Second, boards must treat AI as both a strategic opportunity as well as a cybersecurity and governance risk. Finally, boards should view cybersecurity less as a compliance-driven regulatory issue and more as a competitive, operational resilience issue, where market incentives and organizational accountability drive stronger security outcomes than government-imposed rules.

Harvard Business Review
๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณMay 7

73% sounds impressive โ€” until you ask what it measures.

UK AISI tested Claude Mythos Preview on cyber tasks. Headline: 73% on expert CTFs. But CTFs are puzzles, not networks.

The real test โ€” a 32-step simulated attack โ€” was solved 3/10 times against an undefended range, with operator direction and heavy compute.

Four questions the report doesn't answer: noise, cost, operator guidance, OT pivot.

Full breakdown: [https://www.linkedin.com/posts/dinesh-mr_73-sounds-impressive-until-you-ask-what-activity-7458128840872349696-kpVc]

#Infosec #AISafety #CyberSecurity #RedTeam #ThreatIntel

๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณApr 29
Google's 'advanced flow' for sideloading is a deterrence mechanism, not an escape hatch. 9 steps and a 24-hour wait for software you own? No thanks. @keepandroidopen #KeepAndroidOpen https://keepandroidopen.org
Keep Android Open

Your phone is about to stop being yours. In September 2026, Google will block every Android app whose developer hasn't registered with them.

๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณApr 27
Built a personal mindfulness check-in tool, three questions, four times a day: how's your breath, what's your mental state, one small shift you can make.

Runs on Cloudflare Workers + D1. Single HTML file served inline from the worker, localStorage for offline-first saves, D1 for stats and streaks.

Just added a few things:
- "Now" slot for anytime check-ins outside the four fixed windows
- Shareable read-only stats link (opt-in, no feelings exposed, just patterns)
- Daily rotating tip from Verbal Judo by George Thompson
- Weekly practice screen ? one chapter snippet + one exercise per week, rotates by ISO week number

Public stats: ๐Ÿ”— https://mindful.mrdinesh.workers.dev/public=1

The sharpest bug I hit: inside a JS template literal, \' collapses to ' your own app's string delimiters become invalid tokens in the browser. Fixed with
data-* attributes instead of inline string args.

Code + writeup: mrdee.in

#javascript #cloudflare #mindfulness #vibecoding
๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณApr 26

Bad Connection
Uncovering Global Telecom Exploitation by Covert Surveillance Actors https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/

An investigation by the Citizen Lab Team, which uncovers two sophisticated telecom surveillance campaigns and, for the first time, directly links real-world attack traffic to mobile operator signalling infrastructure.

#CyberSecurity #ThreatIntelligence #Surveillance #TelecomSecurity #MobileSecurity #SS7 #NetworkSecurity #CyberEspionage #CitizenLab #Infosec #Privacy #DigitalRights #CyberResearch #SignalInfrastructure #Telecom

๐•ฏ๐–Ž๐–“๐–Š๐–˜๐– ๐Ÿ‡ฎ๐Ÿ‡ณApr 23

โ€œSignal Liveโ€ โ€” a live social feed concept I explored as part of my VibeCoding series.

Idea: real-time, lightweight sharing.

Question: does this actually add utility, or just accelerate noise?

Curious how others think about this trade-off.

Signal/live is at ๐Ÿ”—: https://signal-feed-8pl.pages.dev/

Blog post:
๐Ÿ”—https://mrdee.in/vibecoding/vibecoding-021-signal-live/

#VibeCoding #ProductThinking #SocialMedia

SIGNAL // live social feed