I had a daydream today where I imagined an AI dystopian future where AI models are "doxing" each other by pointing out live zero-days in each others' platforms.

@neurovagrant to assuage any concerns, most of my day is touching grass. I spend probably at least 2 hours a day leaving behind gadgets and enjoying the outdoors.

@neurovagrant You're probably right. I'm ready to retire lol

I had a daydream today where I imagined an AI dystopian future where AI models are "doxing" each other by pointing out live zero-days in each others' platforms. I'm not sure this is as sci-fi as it sounds.

@kirakira all valid. I feel like we have learned 1000 lessons since xz on how not to do software security, most especially with countless devs having their NPM and/or GitHub repos completely pwned or silently backdoored. This is happening on a somewhat industrial scale from a variety of threat actors in real time, and some of them are finding great success in subverting the pipelines of companies that sell security software!

We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.

The nice thing about AI is you can blame all your breaches on it and everyone's like oh okay that tracks.

"On May 5, 2026, Community Bank discovered an internal incident involving the handling of non-public customer information through an unauthorized AI-based software application."

CB Financial Services, Inc. Cybersecurity Incident Details - Board Cybersecurity

CB Financial Services, Inc. disclosed a cybersecurity incident confirmed as a data breach involving unknown. First disclosed May 11, 2026.

Board Cybersecurity (www.board-cybersecurity.com)

@vicgrinberg Orange blossoms smell heavenly. One of the better floral smells IMHO.

@jtk I am shocked. From the story

A source close to the investigation who was not authorized to speak to the press told KrebsOnSecurity that a number of universities have already approached the cybercrime group about paying. The same source also pointed out that the ShinyHunters data leak blog no longer lists Instructure among its current extortion victims, and that the samples of data stolen from Canvas customers were removed as well. Data extortion groups like ShinyHunters will typically only remove victims from their leak sites after receiving an extortion payment or after a victim agrees to negotiate.

New, from me: Canvas Breach Disrupts Schools and Colleges Nationwide

"An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions."

"Canvas parent firm Instructure [NYSE:INST] responded to today's defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students."

Lots more here:

Canvas Breach Disrupts Schools & Colleges Nationwide – Krebs on Security

(krebsonsecurity.com)

#canvas #breach #shinyhunters #instructure

@cmconseils What I can't stand is when one is too much. Half the time I go to a hotel these days and my head completely disappears inside the pillow, like over my ears. That's the worst. Usually then I'll sleep w/ my head on a rolled up towel instead.

New, by me: Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company’s public image.

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs – Krebs on Security

(krebsonsecurity.com)

#ddos #tplink #hugenetworks #brazil

@campuscodi Probably a lot of sites are going to get pwned before this patch is fully deployed.

I've noticed an interesting shift lately in the Letters to the Editor I get from people who are convinced an unknown tormentor is tracking their every movement through every device they own and then some. I generally don't engage these readers, who almost universally say hello with an absolute wall of text.

But lately, these pleas have come in the form of someone's AI bot breaking down the alleged tracking in painstaking, bullet point detail. The implication is that well the AI bot forensically analyzed the situation and this is the report it produced. As if the AI couldn't be the cause or at least enabler of this person's all-consuming paranoia.

@jrt @GossiTheDog @zackwhittaker @bsi I'd say it's more like the Golden Age of Cybercrime. Seriously, it's probably never been a more exciting time to become an arch cybercriminal.

@cmconseils how about, track two birds with one drone?

@taoish yep.

@jupiter it's Tylerb as a grade schooler. It's not a stretch to say that Tylerb and other defendants have been involved in this scene since they were young teens, some even earlier.

New, by me:

'A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.

Buchanan’s hacker handle “Tylerb” once graced a leaderboard in the English-language criminal hacking scene that tracked the most accomplished cyber thieves. Now in U.S. custody and awaiting sentencing, the Dundee, Scotland native is facing the possibility of more than 20 years in prison."

https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/

@Natasha_Jay You just know that job is going to take all night long.

Pretty wild mural painted over the men's room urinals at a restaurant we went to last night (if they don't call it a "murinal" they should). I thought it was hilarious but I wonder how many others would have a very different reaction.