theOmegabit

@[email protected]
371 Followers
789 Following
1.6K Posts
AWS SA Pro | CISSP / CCSP | Security Professional | Tech enthusiast | Photographer 📸
Photography@betapixels
Websitehttps://norsec.xyz
Bluesky@theomegabit
Threads@theomegabit
theOmegabit20h ago
Wiz 1d ago

🚨 500+ malicious PRs. One campaign.

Wiz Research traced 6 waves of prt-scan starting 3 weeks earlier.
AI-powered, automated attacks exploiting pull_request_target.

Low success rate—but real npm + cloud creds hit.

Full story: https://www.wiz.io/blog/six-accounts-one-actor-inside-the-prt-scan-supply-chain-campaign

prt-scan: AI-Powered GitHub Actions Supply Chain Attack | Wiz Blog

Wiz Research traces six waves of pull_request_target exploitation to one actor, starting three weeks before public disclosure. 500+ malicious PRs, 10% success.

wiz.io
theOmegabitMar 18

So RSR is back (now BSI - background security improvements). The old name was better.

https://www.securityweek.com/apple-debuts-background-security-improvements-with-fresh-webkit-patches/

Apple Debuts Background Security Improvements With Fresh WebKit Patches

Apple introduces Background Security Improvements to deliver protections between security updates, starting with fresh WebKit fixes.

SecurityWeek
theOmegabitMar 1

Raw specs aren't everything.

https://youtu.be/RGGHyY2mN7o?si=4QqDB0XfrOWJsON5

Samsung S26 Ultra vs iPhone / Google / OnePlus / Oppo / Xiaomi Battery Test

YouTube
theOmegabitFeb 13

RE: https://infosec.exchange/@wiz/116058451362120328

Well this is kinda cool

theOmegabitFeb 12

Reason number 374 why Microsoft can’t be taken seriously.

https://foss-daily.org/posts/microsoft-notepad-2026/

Microsoft's Notepad Got Pwned (They Added AI To It, So...)

Notepad RCE vulnerability CVE-2026-20841 explained. How a text editor became a remote code execution vector. What you need to know.

FOSS Daily!
theOmegabitFeb 3

I think I’m in the market for another mechanical keyboard.

~75% size. Butter keys. Backlit if possible. I currently have the Nuphy Air75 v1.

What should I look at now?

theOmegabitJan 25
Anyone done any deeper testing with #clawdbot regarding the different models and performance / accuracy through the lens of a “do anything” local bot? Would there be any large difference from the generic benchmarks done already?
theOmegabitJan 25
Anyone setup a secondary device as a node for #clawdbot ? How’s the experience with it on the node?
theOmegabitDec 19

Some new monitor ideas for detections #awssecurity

https://medium.com/@adan.alvarez/phishing-for-aws-credentials-via-the-new-aws-login-flow-39f6969b4eae

theOmegabitDec 18

Ok this is pretty cool.

#awssecurity #aws https://securitylabs.datadoghq.com/articles/introducing-pathfinding.cloud/

Introducing Pathfinding.cloud | Datadog Security Labs

Introducing Pathfinding.cloud, a library of AWS IAM privilege escalation paths