Ludus 2 (@badsectorlabs), new GOAD lab (@M4yFly), 🍪 hack (@XeEaton), DPAPI + Nemesis (@harmj0y + @tifkin_), iOS exploit kit found (@Mandiant), and more!

https://blog.badsectorlabs.com/last-week-in-security-lwis-2026-03-09.html

There's a lot of discourse on Twitter about people using LLMs to solve CTF challenges. I used to write CTF challenges in a past life, so I threw a couple of my hardest ones at it.

We're screwed.

At least with text-file style challenges ("source code provided" etc), Claude Opus solves them quickly. For the "simpler" of the two, it just very quickly ran through the steps to solve it. For the more "ridiculous" challenge, it took a long while, and in fact as I type this it's still burning tokens "verifying" the flag even though it very obviously found the flag and it knows it (it's leetspeak and it identified that and that it's plausible). LLMs are, indeed, still completely unintelligent, because no human would waste time verifying a flag and second-guessing itself when it very obviously is correct. (Also you could just run it...)

But that doesn't matter, because it found it.

The thing is, CTF challenges aren't about inventing the next great invention or having a rare spark of genius. CTF challenges are about learning things by doing. You're supposed to enjoy the process. The whole point of a well-designed CTF challenge is that anyone, given enough time and effort and self-improvement and learning, can solve it. The goal isn't actually to get the flag, otherwise you'd just ask another team for the flag (which is against the rules of course). The goal is to get the flag by yourself. If you ask an LLM to get the flag for you, you aren't doing that.

(Continued)

Datadog 🤝 Okta: "The enhanced logic developed by Datadog’s own Security Research team during this collaboration has been contributed back to the public Okta Security Detection Catalog, ensuring that the broader security community benefits from this joint research regardless of their tooling"

Read more here: https://sec.okta.com/articles/2026/03/datadog-okta-collaboration/

52% of RCE attempts came from IPs with no prior GreyNoise history. New research on where edge defenses fall short + what to do about it: https://www.greynoise.io/resources/2026-state-of-the-edge-report

#ThreatIntel #Cybersecurity #GreyNoise

Dependabot security alerts have terrible signal-to-noise ratio, especially for Go vulnerabilities. That hurts security!

Just turn it off and set up a pair of scheduled GitHub Actions, one running govulncheck, and the other running CI against the latest version of your dependencies.

Less work, less risk, better results!

https://words.filippo.io/dependabot/?source=Mastodon

Introducing SafeUpdater by Michael Pastor - A security-first update framework for Electron apps, built around explicit threat models, integrity and authenticity guarantees, and real attack mitigations. Check it out today!

https://blog.doyensec.com/2026/02/16/electron-safe-updater.html

#AppSec #Electron #doyensec #security

Posted my thoughts on Matrix over on Bluesky in a thread:

https://bsky.app/profile/lina.yt/post/3memjfjwzzs26
https://bsky.app/profile/lina.yt/post/3memmudkm3k26

TL;DR no, it's not going to replace Discord. Matrix is too full of jank due to early poor design decisions to be widely usable by non-technical people.

The Fediverse and Bluesky are different takes on federated Twitter with different pros/cons, and federated Twitter is a much harder problem (because it's "global"), but Matrix is basically just all cons. It's a failed experiment, and you can simply do much better starting over rather than trying to fix it. Just because it's relatively widely used in FOSS spaces doesn't mean it's the way to go. Sunk cost fallacy etc.

RE: https://mastodon.social/@verge/116041069446538092

We’ve moved our internal communications from Discord to Zulip at Mastodon, and I think there are plans to do the same for our Patreon community Discord. The harder part will be untangling my gaming communities from this…