My Congressional testimony on how vulnerabilities are discovered by researchers, how patching doesn't solve our problems and the need for secure by design. This was 9/11/2003. Are we making progress yet?

RT @jvanegue: Dino Dai Zovi @dinodaizovi is induced in the @SummerC0n Hall Of Fame alongside @dotMudge @nudehaberdasher and @heidishmoo. Co….

I talk about this and more of vulnerability disclosure history in my Microsoft BlueHat keynote.

Who remembers the Organization for Internet Safety? It seems lost in time. The group pushed for disclosure standards that work for vendors and vuln reporters. ⁦@SushiDude⁩

RT @todayininfosec: 1999: Cult of the Dead Cow (cDc) member DilDog debuted the program Back Orifice 2000 (BO2k) at DEF CON 7. It was the su….

RT @anthony_barkley: Treating security as a final step in the software development lifecycle is risky and outdated. Veracode's @WeldPond co….

17, 17, 19 and 20 year olds. "M&S was the first retailer to be attacked in April in an incident that forced the closure of its online store for nearly seven weeks.".

The @BlackHatEvents keynote list has dropped. Impressive!

RT @a_greenberg: McDonald's uses an AI bot called "Olivia" for hiring. A pair of hackers found they could access every conversation job app….

RT @todayininfosec: 1982: The movie Tron was released. The story of a software engineer who tried to hack his old employer's mainframe to p….

RT @RachelTobac: Gone are the days of trusting caller ID. We can no longer rely on “knowing someone’s voice” or “knowing someone’s face on….

Do we need the term PoliPhish when government officials are voice and text spoofed.

Analysis by @reedsmithllp

The EU Product Liability Directive will take effect Dec 2026. Software, firmware, applications, AI systems, and will now be subject to the same strict liability regime as traditional physical goods. Cybersecurity vulnerabilities will be considered product defects.

Attacking AI agents. AIJacking?.

AI is writing more code than ever—but with new bugs and blind spots. I believe AI is also our best shot at fixing them. Great piece on how LLMs will reshape software security—for better and worse. Worth a read: #CyberSecurity #AI #Vulnerability.

RT @hdmoore: I'm excited to announce our "Out-of-Band" series; focused on the security risks of management devices like BMCs, serial serve….

Is there going to be a Phrack reunion for editors and contributors?.

Great article on slopsquatting and more LLM vulnerability invention.

RT @dawnsongtweets: 1/ 🔥 AI agents are reaching a breakthrough moment in cybersecurity. In our latest work:. 🔓 CyberGym: AI agents discov….

RT @nyxgeek: At long last! Jolt has reappeared in my area!