Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

198
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#infosec

390 posts179 participants49 posts today
Xavier «X» Santolaria :verified_paw: :donor:

🛠️ #Google introduces OSS Rebuild — OSS Rebuild is a new project aimed at enhancing trust in open source software by creating reproducible builds of packages to prevent supply chain attacks. It provides tools and automation for security teams to verify package integrity without burdening the original developers. This initiative seeks to improve transparency and security in open source ecosystems, starting with popular package registries like PyPI, npm, and Crates.io.

#tech #infosec #cybersecurity

security.googleblog.com/2025/0

Google Online Security BlogIntroducing OSS Rebuild: Open Source, Rebuilt to LastPosted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen ...
ReynardSec

Lately 🫠 has become my favorite emoji, not just because of the weather.

"Microsoft knew of SharePoint server exploit but failed to effectively patch it"

reuters.com/sustainability/boa

"Microsoft subsequently said in a July 8 security update that it had identified, opens new tab the bug, listed it as a critical vulnerability, and released patches to fix it.

Around 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers".

#CyberSecurity#infosec#microsoft
nemo™ 🇺🇦

🚨 New sophisticated phishing technique “PoisonSeed” tricks users into scanning malicious QR codes, bypassing FIDO key MFA protections via cross-device sign-in! 🛡️🔐 Users must stay vigilant & organizations should strengthen monitoring. Full details: cyberinsider.com/new-poisonsee #CyberSecurity #MFA #FIDO #PhishingAlert #InfoSec #newz

CyberInsider · New ‘PoisonSeed’ Attack Bypasses FIDO Key Security Using QR CodesA new phishing technique sidesteps FIDO key protections by abusing legitimate cross-device sign-in functionality via QR codes.
BeyondMachines :verified:

PeopleCheck reports data breach caused by ransomware attack

PeopleCheck, an Australian background screening provider, suffered a data breach via compromised login credentials that was claimed by the Everest ransomware group. The hackers claim to have stolen 4.3 GB of SQL data including client profiles, payment details, and sensitive personal information of individuals processed between June 2024-June 2025. PeopleCheck is offering 24 months of complimentary identity monitoring services.

****
#cybersecurity #infosec #incident #ransomware
beyondmachines.net/event_detai

BeyondMachinesPeopleCheck reports data breach caused by ransomware attackPeopleCheck, an Australian background screening provider, suffered a data breach via compromised login credentials that was claimed by the Everest ransomware group. The hackers claim to have stolen 4.3 GB of SQL data including client profiles, payment details, and sensitive personal information of individuals processed between June 2024-June 2025. PeopleCheck is offering 24 months of complimentary identity monitoring services.
Continued thread
Jonathan Kamens 86 47

Oh, also, the email #HackerOne sent out this morning contradicts itself. In the subject it says people have to enable 2FA "to Avoid Account Lockout." Then in the body it says, "Without 2FA set up, you won’t be able to access your account after July 29."
But then elsewhere in the body it says, "If you don’t make this change by July 29, 2025, you’ll be prompted to complete the setup before you are able to access the platform and submit reports."
That's not "lockout," idiots.
#infosec

Continued thread
Jonathan Kamens 86 47

All the positive #userExperience points #HackerOne earned for how they were rolling out mandatory #2FA were just erased by them sending out reminder email to all of their users about configuring 2FA without filtering out the users who had already done it.
That's some lazy, user-hostile bullshit, is what that is.
When you know which users have already followed your instructions, you don't need to waste their time making them go back and check. #smdh
#infosec #MFA #UX

Continued thread
Ian Campbell

Gadi Evron and Knostic are doing another Prompt Pit event:

"...if you made AI useful and you're willing to show your work, then come join us. We prefer security topics, but anything goes...

We don’t care if it’s reversing, GRC, coding, threat hunting, budget building, or poem writing, let’s show off our prompts (it's okay for them to be broken), learn, and punch miscreants (or at least have fun trying)."

#infosec #AI

docs.google.com/forms/d/e/1FAI

Google DocsPrompt||GTFO #2: The Prompt Pit Strikes BackWelcome to the Prompt Pit, an AI practical security conversation with a focus on sharing actual stuff. In a world of vibe slop, we're taking AI back from the marketers. No fluff, but nothing AI or ML is out of bounds, if it's useful or fun, show it off. Whether you’re a CISO Excel jockey or a researcher sniffing for the scent of bits, if you made AI useful and you're willing to show your work, then come join us. We prefer security topics, but anything goes. Everyone who speaks must share. You can, however, register to watch. Rules of the pit: - Screen sharing > slides - You’ll have 3 to 5 minutes to demonstrate what you built - At the end of your time, the crowd will vote whether to grant you 3 to 5 minutes more - All active attendees must be presenters (but you can register to watch). Following the Prompt Pit, the presenters will discuss amongst themselves in the Insight Corner, starting with sharing one reflection or idea each. CFP: We don’t care if it’s reversing, GRC, coding, threat hunting, budget building, or poem writing, let’s show off our prompts (it's okay for them to be broken), learn, and punch miscreants (or at least have fun trying). Date and time for the second event: Thursday, July 24, 12 pm Eastern/9 am Pacific/6 pm CET/7 pm Israel/9:30 pm India. Lineup: Host: - Gadi Evron Presenters: - Halvar Flake - Using Claude Code and Gemini-CLI to optimize PyTorch code - Justin Borland - Converting countermeasures to sigma using LLMs and guard rails - Ron Gula - My virtual avatar will take questions from the audience about cybersecurity and startups - Pedram Amini - Crash Course on a Pipeline of Useful Tooling - Rotem Bar - The Song Strikes Back - Michael Shalyt - The path to adversarial LLM math - Nicholas Muy - Testing out different LLM productivity tools as a CISO (non-security use cases) - Joshua Reynolds - Agents to reverse engineer binaries in real-time with Binary Ninja and MCP - Rick Deacon - From Threat Pipelines to Audio Briefings: An N8N Workflow - Allan Stojanovic - Freeform discussions into formalised technical requirements - Gadi Evron - A picky eater at a Michelin restaurant Help spread the word? Signal boost appreciated: Thanks, Gadi. ----- Register to watch live or get the video in email: Just fill the form, ignore CFP. Submit a presentation: Submit the form, and make sure to fill in the CFP option. ----- WIth thanks to Knostic for organization and support.
TrendingLive feeds
About