September 20, 2025
September 20, 2025
The vast majority of hacking is just credentials. There are four basic ways to get creds:
— thaddeus e. grugq (@thegrugq) September 20, 2025
STAB
Steal: using malware, etc.
Try: brute force, guessing, etc.
Ask: social engineering, etc.
Buy: infostealer logs, etc.
Steal. Try. Ask. Buy.
A collab with @UK_Daniel_Card
To expand on this slightly.
Steal: to collect from the system Try: from something unrelated to the system (e.g. guessing) Ask: to get from someone in/part of/with access to the system Buy: to get from a third party
Still working on it a bit, suggestions welcome :)
— SwiftOnSecurity (@SwiftOnSecurity) September 19, 2025
“Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.” --- Frank Herbert, Dune, 1965
— Marcel Böhme👨🔬 (@mboehme_) September 20, 2025
Love that quote in the intro of the study about Brains on LLMs.https://t.co/uy7a9YVFvG
They pentested the no-fly list pic.twitter.com/eLDBtDbC2c
— SwiftOnSecurity (@SwiftOnSecurity) September 19, 2025
EU's Chat Control proposal is to effectively ban end to end encryption since it demands that governments can read all msgs.
— Jack Rhysider 🏴☠️ (@JackRhysider) September 19, 2025
I find this to be not only insane, but feasibly impossible. Breaking the whole internet. Yet it got voted on last week, and just narrowly stopped. Whew! https://t.co/9wo1wbWg6a pic.twitter.com/H0hRDbFbCS
Classic prompt injection attack here against Notion: hidden text (white on white) in a PDF which, when processed by Notion, causes their agent to gather confidential data from other pages and append it into a query string that gets passed to their functions_search() tool https://t.co/1VPZ3KzJqK
— Simon Willison (@simonw) September 19, 2025
Did the NPM hack kill Ruby?
tldr:
— ali (@endingwithali) September 19, 2025
hostile take over happening of rubygems by the ruby central team for the sake "software supply chain security", which has caused core maintainers to quit on the spot.
core maintainers of 10+ years have lost access rights, no one will be restored, and at one point the org… https://t.co/V3nyrJ3WTD