Jeremy Kirk
@jkirk.bsky.social
Okta Threat Intelligence. Personal account. Interests: Cybercrime, cyber threat intelligence, OSINT, data breaches. Formerly intel analysis @ Intel 471.
Pinned
Agents run amok: Identity lessons from Moltbook’s AI experiment
www.okta.com
AI "butler" OpenClaw and an agentic AI social network, Moltbook, are here. What are the identity lessons that can be drawn from AI agents running amok? Okta's view here: www.okta.com/newsroom/art...
Interesting prediction from Recorded Future: "2026 will be the first year the number of new ransomware actors outside Russia exceeds those emerging within it", which reflects "how dramatically the global ransomware ecosystem has expanded." #infosec
February 9, 2026 at 5:34 AM
Interesting prediction from Recorded Future: "2026 will be the first year the number of new ransomware actors outside Russia exceeds those emerging within it", which reflects "how dramatically the global ransomware ecosystem has expanded." #infosec
An AI security and governance company, Knostic, has written some scripts to detect OpenClaw and also monitor what it's up to. Via the SANS blog: isc.sans.edu/diary/rss/32...
Detecting and Monitoring OpenClaw (clawdbot, moltbot)
Detecting and Monitoring OpenClaw (clawdbot, moltbot), Author: Johannes Ullrich
isc.sans.edu
February 5, 2026 at 10:02 AM
An AI security and governance company, Knostic, has written some scripts to detect OpenClaw and also monitor what it's up to. Via the SANS blog: isc.sans.edu/diary/rss/32...
Two Microsoft researchers developed ways to detect backdoored LLMs, but the methods require access to model files (open weight) and can't be run on proprietary models accessible only by API. #infosec www.microsoft.com/en-us/securi...
Detecting backdoored language models at scale | Microsoft Security Blog
Learn how Microsoft research uncovers backdoor risks in language models and introduces a practical scanner to detect tampering and strengthen AI security.
www.microsoft.com
February 5, 2026 at 8:22 AM
Two Microsoft researchers developed ways to detect backdoored LLMs, but the methods require access to model files (open weight) and can't be run on proprietary models accessible only by API. #infosec www.microsoft.com/en-us/securi...
The CIA announced it will no longer maintain the CIA World Factbook. Fun fact about the factbook: CIA officers contributed personal travel photos for it, which under U.S. law are copyright free: www.cia.gov/stories/stor...
Spotlighting The World Factbook as We Bid a Fond Farewell - CIA
www.cia.gov
February 5, 2026 at 5:44 AM
The CIA announced it will no longer maintain the CIA World Factbook. Fun fact about the factbook: CIA officers contributed personal travel photos for it, which under U.S. law are copyright free: www.cia.gov/stories/stor...
AI "butler" OpenClaw and an agentic AI social network, Moltbook, are here. What are the identity lessons that can be drawn from AI agents running amok? Okta's view here: www.okta.com/newsroom/art...
Agents run amok: Identity lessons from Moltbook’s AI experiment
www.okta.com
February 5, 2026 at 5:40 AM
AI "butler" OpenClaw and an agentic AI social network, Moltbook, are here. What are the identity lessons that can be drawn from AI agents running amok? Okta's view here: www.okta.com/newsroom/art...
A study of Moltbook (current as of Jan. 31) found that 2.6% of posts were some form of prompt injection and 19.3% contained cryptocurrency-related content. Study by Simula & SimulaMet: zenodo.org/records/1844...
RISK ASSESSMENT REPORT Moltbook Platform & Moltbot Ecosystem
Abstract Moltbook is a novel social media platform exclusively populated by autonomous AI agents, with 1.5 million registered accounts and minimal human oversight. This risk assessment analyzes 19,802...
zenodo.org
February 5, 2026 at 4:44 AM
A study of Moltbook (current as of Jan. 31) found that 2.6% of posts were some form of prompt injection and 19.3% contained cryptocurrency-related content. Study by Simula & SimulaMet: zenodo.org/records/1844...
This AU$36 DC isolator for solar panels failed and just about burnt our house down today. It was just over two years old. DC isolators are not recommended in #Australia due to fire risks. If you have them, replace them with disconnection points.
January 24, 2026 at 6:13 AM
This AU$36 DC isolator for solar panels failed and just about burnt our house down today. It was just over two years old. DC isolators are not recommended in #Australia due to fire risks. If you have them, replace them with disconnection points.
The Germans have added Russian man Oleg Nefedov to its Most Wanted list. Nefedov is alleged to be the leader of the Black Basta ransomware group and went by monikers including tramp, kurva, gg and Washingt0n. #infosec www.bka.de/DE/IhreSiche...
www.bka.de
January 18, 2026 at 8:33 PM
The Germans have added Russian man Oleg Nefedov to its Most Wanted list. Nefedov is alleged to be the leader of the Black Basta ransomware group and went by monikers including tramp, kurva, gg and Washingt0n. #infosec www.bka.de/DE/IhreSiche...
Malicious hackers often get caught. But here's the story of a Russian man involved in cybercrime from the Angler exploit kit through today who slipped away. Audio preview of @intel471.bsky.social's Cybercrime Exposed podcast👇. Episode on Spotify and Apple. #infosec www.intel471.com/resources/po...
December 17, 2025 at 12:54 AM
Malicious hackers often get caught. But here's the story of a Russian man involved in cybercrime from the Angler exploit kit through today who slipped away. Audio preview of @intel471.bsky.social's Cybercrime Exposed podcast👇. Episode on Spotify and Apple. #infosec www.intel471.com/resources/po...
The age verification industry is booming with the new regulations in the U.K. and Australia. In the UK, the @openrightsgroup.org is calling for stronger security standards since online platforms may opt for the cheapest, less vigilant vendors, www.openrightsgroup.org/press-releas... #infosec
Online Safety Act: Age assurance industry must be regulated
Open Rights Group has written to the Secretary of State for Science, Innovation and Technology, Liz Kendall MP calling for regulation of age assurance providers operating under the Online Safety Act.
www.openrightsgroup.org
December 13, 2025 at 11:51 PM
The age verification industry is booming with the new regulations in the U.K. and Australia. In the UK, the @openrightsgroup.org is calling for stronger security standards since online platforms may opt for the cheapest, less vigilant vendors, www.openrightsgroup.org/press-releas... #infosec
Hats off to @404media.co for creating a public library beat. I worked at two public libraries in the past, and access to information has never been more fraught and delicate than now. 👏 This latest one about AV collections from @clurrese.bsky.social a great read: www.404media.co/the-last-vid...
The Last Video Rental Store Is Your Public Library
Audio-visual librarians are quietly amassing large physical media collections amid the IP disputes threatening select availability.
www.404media.co
December 5, 2025 at 10:41 PM
Hats off to @404media.co for creating a public library beat. I worked at two public libraries in the past, and access to information has never been more fraught and delicate than now. 👏 This latest one about AV collections from @clurrese.bsky.social a great read: www.404media.co/the-last-vid...
Reposted by Jeremy Kirk
Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
SVG Filters - Clickjacking 2.0
A novel and powerful twist on an old classic.
lyra.horse
December 5, 2025 at 2:03 AM
Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec
November 14, 2025 at 7:40 AM
Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec
Lost iPhones can display a phone number or email of the owner, and thieves are now leveraging that to phish Apple ID credentials from the hapless owner and remove the Activation Lock. #infosec www.ncsc.admin.ch/ncsc/en/home...
Week 44: Lost iPhone – the phishing trap that follows
04.11.2025 - The NCSC has received reports of cases where iPhone owners have received a text message claiming that their lost or stolen device has been found abroad, months after it went missing. Whil...
www.ncsc.admin.ch
November 12, 2025 at 5:08 AM
Lost iPhones can display a phone number or email of the owner, and thieves are now leveraging that to phish Apple ID credentials from the hapless owner and remove the Activation Lock. #infosec www.ncsc.admin.ch/ncsc/en/home...
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
November 6, 2025 at 9:11 PM
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
Accused ALPHV/BlackCat ransomware affiliate Ryan Goldberg made US$214,000 a year working in incident response for Sygnia but told the FBI he was in debt as the reason for getting involved in ransomware, according to court documents. He initially denied involvement in the attacks. #infosec
November 5, 2025 at 11:09 PM
Accused ALPHV/BlackCat ransomware affiliate Ryan Goldberg made US$214,000 a year working in incident response for Sygnia but told the FBI he was in debt as the reason for getting involved in ransomware, according to court documents. He initially denied involvement in the attacks. #infosec
Winnie wanted to lay on the keyboard so I guess this is the second-best position. 😀
November 3, 2025 at 11:30 PM
Winnie wanted to lay on the keyboard so I guess this is the second-best position. 😀
@daveaitel.bsky.social One question that popped into my head re: AIs finding bugs is what happens when adversaries start using them to find bugs and develop exploits at scale. Is it going to be mayhem?
November 3, 2025 at 9:32 PM
@daveaitel.bsky.social One question that popped into my head re: AIs finding bugs is what happens when adversaries start using them to find bugs and develop exploits at scale. Is it going to be mayhem?
Three U.S. nationals who worked in incident response and ransomware negotiations allegedly became ALPHV/Black Cat affiliates and conducted at least five attacks over two years. #infosec cyberscoop.com/incident-res...
Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks
The alleged cybersecurity turncoats attacked at least five U.S. companies while working for their respective employers, officials said.
cyberscoop.com
November 3, 2025 at 9:25 PM
Three U.S. nationals who worked in incident response and ransomware negotiations allegedly became ALPHV/Black Cat affiliates and conducted at least five attacks over two years. #infosec cyberscoop.com/incident-res...
Terrific discussion with OpenAI's @daveaitel.bsky.social on @ryanaraine.bsky.social's Three Buddy Problem podcast about Aardvark, which is OpenAI's new agentic bug-hunting tool. It's a must listen if you're in security. #infosec www.youtube.com/watch?v=EwMJ...
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
YouTube video by Three Buddy Problem
www.youtube.com
November 2, 2025 at 8:18 AM
Terrific discussion with OpenAI's @daveaitel.bsky.social on @ryanaraine.bsky.social's Three Buddy Problem podcast about Aardvark, which is OpenAI's new agentic bug-hunting tool. It's a must listen if you're in security. #infosec www.youtube.com/watch?v=EwMJ...
Here's an analysis from @intel471.bsky.social of the delicate dynamics in play regarding a secret U.S. FBI task force
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
The FBI’s Group 78: Covertly fighting ransomware?
European law enforcement officials say a secret U.S. FBI task force called Group 78 used covert tactics to disrupt the Black Basta ransomware group, but it has caused tension. Intel 471 analyzes the d...
www.intel471.com
October 23, 2025 at 12:43 AM
Here's an analysis from @intel471.bsky.social of the delicate dynamics in play regarding a secret U.S. FBI task force
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
A Romanian prisoner hacked a prison management platform, changing permissions to allow inmates to view porn and padding their commissary accounts by increasing their balances. Great story by @campuscodi.risky.biz in Risky Business News. #infosec news.risky.biz/risky-bullet...
Prisoner hacks his prison IT system, goes wild!
In other news: Hackers leak ICE employee data; John Bolton hacked and extorted; giant SIM farm seized in Latvia.
news.risky.biz
October 21, 2025 at 9:05 PM
A Romanian prisoner hacked a prison management platform, changing permissions to allow inmates to view porn and padding their commissary accounts by increasing their balances. Great story by @campuscodi.risky.biz in Risky Business News. #infosec news.risky.biz/risky-bullet...
Bruce Schneier on how security may be impossible for web-enabled LLMs: "We built a system that trusts everything, and now we hope for a semantic firewall to keep it safe. The adversary isn’t inside the loop by accident; it’s there by architecture." #infosec www.schneier.com/blog/archive...
Agentic AI’s OODA Loop Problem - Schneier on Security
The OODA loop—for observe, orient, decide, act—is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make t...
www.schneier.com
October 21, 2025 at 3:18 AM
Bruce Schneier on how security may be impossible for web-enabled LLMs: "We built a system that trusts everything, and now we hope for a semantic firewall to keep it safe. The adversary isn’t inside the loop by accident; it’s there by architecture." #infosec www.schneier.com/blog/archive...
Le Monde reports of a secret FBI unit called Group 78 tasked with using covert tactics to disrupt Russian ransomware groups. The Europeans were not happy about it. #infosec
Scoop : révélations sur le "Group 78", l'unité secrète du FBI chargée de faire la guerre aux cybercriminels, quitte à utiliser des méthodes illégales et au risque de faire dérailler les enquêtes judiciaires européennes (avec @flrnd.bsky.social et @kaibiermann.bsky.social). Thread ⤵️
Révélations sur le « Group 78 », une unité secrète américaine chargée de la lutte contre les cybercriminels
En novembre 2024, la présentation de cette task force par le FBI à des policiers et des magistrats européens a choqué certains enquêteurs. Ils craignent notamment pour l’intégrité de leurs investigati...
www.lemonde.fr
October 20, 2025 at 11:12 AM
Le Monde reports of a secret FBI unit called Group 78 tasked with using covert tactics to disrupt Russian ransomware groups. The Europeans were not happy about it. #infosec
Very interesting research into a very serious Microsoft Entra bug (CVE-2025-55241).
dirkjanm.io/obtaining-gl...
dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 18, 2025 at 11:22 AM
Very interesting research into a very serious Microsoft Entra bug (CVE-2025-55241).
dirkjanm.io/obtaining-gl...
dirkjanm.io/obtaining-gl...