I love this slide. @bsides312.org

And we’re off! @bsides312.org kicks off with the keynote from @heidishmoo.bsky.social.

🚨 Bonus! My site this.weekinsecurity.com has an online archive of my weekly newsletters dating back to 2018, documenting 7+ years of cybersecurity news for anyone to read. I also regularly blog for subscribers. 👀

Goddamn, Chicago. You’re gorgeous.

I wrote back in November about how easy it was to find leaked passport photos and driver's licenses online. The spills have only gotten worse in the months that age verification laws rolled out. We're reaching a point (if not already) where our government IDs aren't worth shit in the digital world.

CERN's open source @kicad.org library gives the world 17,000 circuit board components - Help Net Security share.google/TrrNrepmZYiC... How exciting!

AGAIN WITH THESE MISERABLE PUKES. Cisco cuts 4,000k jobs amid soaring profits. They’ve always been laughing at you, now they’re just doing it out loud. Article by the vivacious @zackwhittaker.com techcrunch.com/2026/05/14/c...

Hope to see people at @bsides312.org on Saturday. For those looking to pregame for it tonight is @north.burbsec.com In Wheeling at D'Agostino's and @south.burbsec.com In Hickory Hills. I'll be at North as a FYI.

If you think Bluesky sucks, you are not using it correctly. I have curated my feed to be full of DeliciousWeirdos™️ and KingShitposters™️ which means endless nerdiness (complimentary), bangers, and really insightful threads. Sorry you aren't having fun you aren't playing right. Try harder!

Malware research group vx-underground has 30 terabytes of malware. VirusTotal has 31 *petabytes* of malware in its bank. We were curious how tall these datasets would be if stacked as hard drives, so we did some rough back-of-a-napkin math to figure it out.

One company makes a shitty voluntary release offer that nobody is taking and now everybody thinks they're a gd Microsoft.

"... including a voluntary separation window. That creates real uncertainty, but we believe our team will be better for it." Just went through a "20% of you have got to go, now volunteer or play roulette" at my job last year... I'll tell you what it creates, gitlab - resentment in the survivors.

Really wish they just tell us the truth that they think we’re worthless now. I’d at least respect them more than this “we’re gonna make git 2” investor slop.

AI could never make this

I see @gitlab.com hopping on the “we’re making SO much money that we need to still fuck over the people that got us here.” Absolute fucking knobs. about.gitlab.com/blog/gitlab-... Just another in a long line of screenshots add to add to my talk this weekend @bsides312.org.

Slightly increase a band: As I Lay Decomposing

sigh ok kids, vibe coding STILL requires vibe-planning and vibe-testing and vibe-UAT before you can vibe-push to vibe-PROD.

www.bbc.com/news/article... There are no savesies on sun loungers. My practice has always been: If there's not a person clearly actively using it, it doesn't matter if there's a towel on it. I fold the towel up neatly, and set it on the ground besides the lounger, and sit on it myself. *shrug*

NEW: Google researchers found a zero-day exploit developed by artificial intelligence and alerted the susceptible vendor to the imminent threat before a well-known cybercrime group initiated a mass-exploitation campaign, the company said in a report released Monday. cyberscoop.com/google-threa...

In this 3,000+ word deep-dive for this.weekinsecurity.com subscribers, I explore the most pressing threats to face the internet this year. This includes surveillance and choking online access to governments going rogue, and more, and why they pose a risk.

This and transmission rebuild videos are my new binge watching. youtube.com/shorts/9sDeQ...

Printed a bunch of our @defcon610.bsky.social logos as keychains, then decided to do one huge one. Banana for scale.

This week's this.weekinsecurity.com is out, featuring: Canvas school login pages defaced; a new deepfake tech is alarmingly accurate, hackers used a screensaver file to hack SSL provider DigiCert, leaky vibe-coded apps, and a Verge reporter gets run over by a robot lawnmower — for journalism!

OMG YOU GUYS, I’M SPEAKING @hackglasgow.bsky.social !!!!!!!!

This movie should have been stupid. Nobody should’ve looked at this and said “yeah I’ll spend my Sunday on this” and yet, it was fucking ADORABLE and wonderful and worth it.

The most recent meme in your camera roll describes your current mental state.

This is what all that fluffy marketing and “community” gets you from these places. Absolute scumbag move.

I hope you’re well. For what it’s worth, it would be almost unprecedented for someone to successfully enforce a noncompete, unless you do something like walk out with a customer list and start calling them to snipe their business. You may consider a legal consult if you’d like to get back to work.

i want to protect my family and dont like gas, so i bought the statistically most dangerous car ever produced, a $70,000+ road-obliterating 19 ton monstrosity powered by child labor lithium

What did you (or someone you know) do this week that you're incredibly proud of?

ICYMI: Hackers breached ed-tech giant Instructure for a second time, defacing dozens of school login pages and threatening to release stolen student data if the hackers aren't paid. Instructure took down its data system, Canvas, for several hours overnight as students face final exams & deadlines.

"Hell yea brother, cheers from <location>" is gender-neutral.

The most hilarious part of this is that the recall only affects 173 total vehicles, because that's all Tesla's sold of its rear wheel drive model.

This is absolutely egregious! github.com/Bin4ry/yarbo...

In celebration of Migratory Bird Day on May 9th, join Library Freedom Project for a deFlocking event! Learn about the tech in Flock cameras, how to find them in your area, and ways to fight back. Hear from EFF's @cooperq.com , @lucyparsonslabs.com and LFP. RSVP below us02web.zoom.us/meeting/reg...

One week from now, I will be comfortably sitting somewhere in Chicagoland, getting romantic with a few slices of Pequods. Join us, won’t you? Full schedule for @bsides312.org is up now. bsides312.org/schedule#sch...

You keep using that word, I do not think it means what you think it means.

One of those rare opportunities to grab a rockstar while you can. She is one of those precious diamonds in the rough I’d stake my own career on.

As some people may have heard (😩) I am on the job market. If anyone has any leads on netsec, offsec or anything similar let me know. I’m open to learning something new as well. In the mean time I’m available for 1099 work. Thanks ya’ll 🫶

this: bsky.app/profile/toph...

I’m not over on the other platform anymore but this deserves sharing. Veneer finally starting to crack at some of these places.

Would you like to play a game?

Just got done with another fantastic @defcon610.bsky.social meetup, hackers talking hacker shit, some first time attendees. Stop off to grab some chicken shawarma for dinner, kitchen bumping Arabic music in the back, Spanish door dash dude talking to his family over the phone. This is MY America.

www.bbc.com/news/article... The worst cat.

NEXT WEEK IS ALMOST HEEEERE! Check out the schedule for @bsides312.org and come hang out in Chicagoland. Me, @lintile.lol, @seemsgood.lol, @cillic.bsky.social, @j0hnnyxm4s.johnnyxmas.net in the same building. The perfect storm of batshit, she is brewing.

I can only hope there many more Zack’s in the world and more to come. This is what journalism means to me.

www.cyera.com/research/ble... Thanks, Ollama.

This is exactly what security professionals love to hear after screaming at the industry for 50 years. " Non-technical teams are now shipping production code and many of our workflows are being automated. " Coinbase axes 14% of its workforce.

Calling hacker graphic designers. Need to hire someone for a design. I have the usual suspects we all use but thought maybe I’d branch out, see who else is out there, spread the work around. Any suggestions?

We're delighted to announce ZephrSec as a sponsor for Hack Glasgow 2026! Founder @zephrfish.yxz.red is an experienced red teamer, author, regular attendee (and previous speaker) at our Hack Thursday meetup, and keen supporter of the cyber security community, especially in his home town of Glasgow.