Securely Built
@securelybuilt.bsky.social
Securely Built is on the hunt for insecurity in the world where we can leverage our decades of experience in cyber and engineering to banish insecure technology from whence it came. Find out more at: securelybuilt.com
Check out the latest article on threat modeling of cloud/hybrid environments.
open.substack.com/pub/securely...
open.substack.com/pub/securely...
December 30, 2025 at 5:57 PM
Check out the latest article on threat modeling of cloud/hybrid environments.
open.substack.com/pub/securely...
open.substack.com/pub/securely...
Happy Holidays! My book "Threat Modeling Best Practices" is $9.99 for a limited time—only via direct order from Packt.
Learn to model threats in an increasingly insecure environment.
Don't miss out!
www.packtpub.com/en-us/produc...
#Cybersecurity #MicrosoftSecurityCopilot #HolidayDeals
Learn to model threats in an increasingly insecure environment.
Don't miss out!
www.packtpub.com/en-us/produc...
#Cybersecurity #MicrosoftSecurityCopilot #HolidayDeals
Threat Modeling Best Practices | Security | eBook
Proven frameworks and practical techniques to secure modern systems. Instant delivery. Top rated Security products.
www.packtpub.com
December 24, 2025 at 1:33 PM
Happy Holidays! My book "Threat Modeling Best Practices" is $9.99 for a limited time—only via direct order from Packt.
Learn to model threats in an increasingly insecure environment.
Don't miss out!
www.packtpub.com/en-us/produc...
#Cybersecurity #MicrosoftSecurityCopilot #HolidayDeals
Learn to model threats in an increasingly insecure environment.
Don't miss out!
www.packtpub.com/en-us/produc...
#Cybersecurity #MicrosoftSecurityCopilot #HolidayDeals
A successful 2025!
December 17, 2025 at 9:32 PM
A successful 2025!
Still trying to understand how to integrate threat modeling in an Agile SDLC? It’s easier than you think.
securelybuilt.substack.com/p/shifting-l...
securelybuilt.substack.com/p/shifting-l...
Shifting Left for Speed: Threat Modeling in the Agile SDLC
The Strategic Shift Left: Threat Modeling as a Proactive Design Practice
securelybuilt.substack.com
December 5, 2025 at 10:22 AM
Still trying to understand how to integrate threat modeling in an Agile SDLC? It’s easier than you think.
securelybuilt.substack.com/p/shifting-l...
securelybuilt.substack.com/p/shifting-l...
Few organizations can see past their tier-1 suppliers in their supply chain leading to blind spots and unmodeled threats:
open.substack.com/pub/securely...
#supplychain #cybersecurity #riskmanagement
open.substack.com/pub/securely...
#supplychain #cybersecurity #riskmanagement
November 19, 2025 at 4:26 PM
Few organizations can see past their tier-1 suppliers in their supply chain leading to blind spots and unmodeled threats:
open.substack.com/pub/securely...
#supplychain #cybersecurity #riskmanagement
open.substack.com/pub/securely...
#supplychain #cybersecurity #riskmanagement
Your reminder that our digital world is fragile and extremely interdependent.
Cloudflare down: X and more apps hit by internet outage
The company says it is working to understand the full impact of a problem which potentially "impacts multiple customers."
www.bbc.com
November 18, 2025 at 2:30 PM
Your reminder that our digital world is fragile and extremely interdependent.
Attackers are using Gemini to develop a "Thinking Robot" that can adapt and evolve like a living organism and can potentially be used for spying purposes or even to create a data processing agent.
This highlights the potential for AI-powered threats to bypass traditional security measures.
This highlights the potential for AI-powered threats to bypass traditional security measures.
Here's how spies and crooks abuse Gemini AI
: Meanwhile, others tried to social-engineer the chatbot itself
go.theregister.com
November 5, 2025 at 8:40 PM
Attackers are using Gemini to develop a "Thinking Robot" that can adapt and evolve like a living organism and can potentially be used for spying purposes or even to create a data processing agent.
This highlights the potential for AI-powered threats to bypass traditional security measures.
This highlights the potential for AI-powered threats to bypass traditional security measures.
New #book release on #threatmodeling. See link below:
October 31, 2025 at 3:50 PM
New #book release on #threatmodeling. See link below:
October 29, 2025 at 2:32 PM
Unlike traditional AI tools that just process input and give output, agents operate autonomously in an ecosystem.
Read more below for a practical roadmap for what you can actually implement with AI Agents:
securelybuilt.substack.com/p/from-react...
Read more below for a practical roadmap for what you can actually implement with AI Agents:
securelybuilt.substack.com/p/from-react...
From Reactive to Proactive
How AI Agents Are Transforming Security Operations
securelybuilt.substack.com
October 3, 2025 at 7:26 PM
Unlike traditional AI tools that just process input and give output, agents operate autonomously in an ecosystem.
Read more below for a practical roadmap for what you can actually implement with AI Agents:
securelybuilt.substack.com/p/from-react...
Read more below for a practical roadmap for what you can actually implement with AI Agents:
securelybuilt.substack.com/p/from-react...
Saw this on another platform:
"Companies think AI will deliver senior level impact for junior level costs. Which means they will not pay senior salaries nor hire juniors."
Is this yet another pressure on the market or possibly just anecdotal?
"Companies think AI will deliver senior level impact for junior level costs. Which means they will not pay senior salaries nor hire juniors."
Is this yet another pressure on the market or possibly just anecdotal?
October 1, 2025 at 12:28 AM
Saw this on another platform:
"Companies think AI will deliver senior level impact for junior level costs. Which means they will not pay senior salaries nor hire juniors."
Is this yet another pressure on the market or possibly just anecdotal?
"Companies think AI will deliver senior level impact for junior level costs. Which means they will not pay senior salaries nor hire juniors."
Is this yet another pressure on the market or possibly just anecdotal?
Hammer's can be used to build a house....or destroy it.
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns reconbee.com/ai-powered-v...
#AI #ArtificialIntelligence #villagerpentestingtool #PyPI #cyberattack #pentesting #cybersecurity
#AI #ArtificialIntelligence #villagerpentestingtool #PyPI #cyberattack #pentesting #cybersecurity
AI-Powered Villager Pen Testing Tool Hits 11000 PyPI Downloads Amid Abuse Concerns
AI-assisted offensive security solution read more about AI-Powered Villager Pen Testing Tool Hits 11000 PyPI Downloads Amid Abuse Concerns
reconbee.com
September 15, 2025 at 11:19 AM
Hammer's can be used to build a house....or destroy it.
Reposted by Securely Built
Watch out as hackers are using dual-threat attacks combining phishing, Muck Stealer, Info Stealer, ConnectWise RAT, and SimpleHelp RAT to steal data and bypass security.
Read: hackread.com/muck-stealer...
#CyberSecurity #Malware #Phishing #Scam #InfoSec
Read: hackread.com/muck-stealer...
#CyberSecurity #Malware #Phishing #Scam #InfoSec
Muck Stealer Malware Used Alongside Phishing in New Attack Waves
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
September 12, 2025 at 11:17 AM
Watch out as hackers are using dual-threat attacks combining phishing, Muck Stealer, Info Stealer, ConnectWise RAT, and SimpleHelp RAT to steal data and bypass security.
Read: hackread.com/muck-stealer...
#CyberSecurity #Malware #Phishing #Scam #InfoSec
Read: hackread.com/muck-stealer...
#CyberSecurity #Malware #Phishing #Scam #InfoSec
While I'm bummed that Sir David Attenborough didn't narrate this, I'm thrilled to announce that this book has been provided in audio format!
You can use the "laappsec40" code at checkout to get 40%
Learn everything from tooling and pipeline development to setting up a #security program.
#appsec
You can use the "laappsec40" code at checkout to get 40%
Learn everything from tooling and pipeline development to setting up a #security program.
#appsec
September 11, 2025 at 10:50 AM
Reposted by Securely Built
⚠️ Blood center hit by ransomware, data theft confirmed
The New York Blood Center experienced a #ransomware attack in January, where hackers accessed and stolen personal info (names, SSNs, driver IDs, financial data, and clinical records).
#ransomNews #NYBloodCenter #databreach
The New York Blood Center experienced a #ransomware attack in January, where hackers accessed and stolen personal info (names, SSNs, driver IDs, financial data, and clinical records).
#ransomNews #NYBloodCenter #databreach
September 11, 2025 at 10:02 AM
⚠️ Blood center hit by ransomware, data theft confirmed
The New York Blood Center experienced a #ransomware attack in January, where hackers accessed and stolen personal info (names, SSNs, driver IDs, financial data, and clinical records).
#ransomNews #NYBloodCenter #databreach
The New York Blood Center experienced a #ransomware attack in January, where hackers accessed and stolen personal info (names, SSNs, driver IDs, financial data, and clinical records).
#ransomNews #NYBloodCenter #databreach
Feels like a low bar, but we have to start somewhere.
Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says cyberscoop.com/alexei-bulaz...
Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says
The top cyber official at the National Security Council said Tuesday that he’s dismayed by the lag in security technology embedded in critical infrastructure, saying it pales in comparison to the tech...
cyberscoop.com
September 10, 2025 at 10:47 AM
Feels like a low bar, but we have to start somewhere.
Reposted by Securely Built
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure.
Read more in my article on the Exponential-e blog: vhttps://www.exponential-e.com/blog/germany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure
Read more in my article on the Exponential-e blog: vhttps://www.exponential-e.com/blog/germany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure
September 5, 2025 at 2:10 PM
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure.
Read more in my article on the Exponential-e blog: vhttps://www.exponential-e.com/blog/germany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure
Read more in my article on the Exponential-e blog: vhttps://www.exponential-e.com/blog/germany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure
“AI is coming for my job” is a common refrain from many tech workers today.
We’ve all heard that AI is increasingly taking over entry-level and low-skill tech jobs, either fully automating them or augmenting workflows to reduce staffing needs.
So are we all doomed?
#ai #jobs #cybersecurity
We’ve all heard that AI is increasingly taking over entry-level and low-skill tech jobs, either fully automating them or augmenting workflows to reduce staffing needs.
So are we all doomed?
#ai #jobs #cybersecurity
AI Is Taking My Job
How Artificial Intelligence is Reshaping Cybersecurity Careers
open.substack.com
September 5, 2025 at 6:35 PM
“AI is coming for my job” is a common refrain from many tech workers today.
We’ve all heard that AI is increasingly taking over entry-level and low-skill tech jobs, either fully automating them or augmenting workflows to reduce staffing needs.
So are we all doomed?
#ai #jobs #cybersecurity
We’ve all heard that AI is increasingly taking over entry-level and low-skill tech jobs, either fully automating them or augmenting workflows to reduce staffing needs.
So are we all doomed?
#ai #jobs #cybersecurity
And now, for something completely different
🚨 *Scattered Lapsus$ Hunters threaten Google with data leak*
On September 1, 2025, the “Scattered Lapsus$ Hunters” group demanded Google fire two security analysts (one from Threat Intelligence, one from Mandiant), or they’d leak alleged internal data.
#ransomNews #threatactor #infosecintel
On September 1, 2025, the “Scattered Lapsus$ Hunters” group demanded Google fire two security analysts (one from Threat Intelligence, one from Mandiant), or they’d leak alleged internal data.
#ransomNews #threatactor #infosecintel
September 5, 2025 at 12:56 PM
And now, for something completely different
Are we over the hype yet about AI replacing jobs?
Has the reality set in on the actual efficacy and cost (financial and ecological) of AI.
Have the constraints and concerns finally risen to a level where we realize that AI will perhaps not be used to replace all workers?
Has the reality set in on the actual efficacy and cost (financial and ecological) of AI.
Have the constraints and concerns finally risen to a level where we realize that AI will perhaps not be used to replace all workers?
September 3, 2025 at 7:27 PM
Are we over the hype yet about AI replacing jobs?
Has the reality set in on the actual efficacy and cost (financial and ecological) of AI.
Have the constraints and concerns finally risen to a level where we realize that AI will perhaps not be used to replace all workers?
Has the reality set in on the actual efficacy and cost (financial and ecological) of AI.
Have the constraints and concerns finally risen to a level where we realize that AI will perhaps not be used to replace all workers?
Sometimes the devil is in the details:
SquareX Passkeys Pwned attack actually relies on malware to hijack the creation of a new passkey, not to steal existing ones.
This falls outside the FIDO threat model, which assumes a trusted browser/OS environment.
SquareX Passkeys Pwned attack actually relies on malware to hijack the creation of a new passkey, not to steal existing ones.
This falls outside the FIDO threat model, which assumes a trusted browser/OS environment.
I'm here for @dangoodin.bsky.social debunking some wild claims about apparent passkey insecurity made from the Defcon stage, the TL;DR of which is that if your endpoint is compromised, all bets are off arstechnica.com/security/202...
Unpacking Passkeys Pwned: Possibly the most specious research in decades
Researchers take note: When the endpoint is compromised, all bets are off.
arstechnica.com
September 2, 2025 at 11:38 AM
Sometimes the devil is in the details:
SquareX Passkeys Pwned attack actually relies on malware to hijack the creation of a new passkey, not to steal existing ones.
This falls outside the FIDO threat model, which assumes a trusted browser/OS environment.
SquareX Passkeys Pwned attack actually relies on malware to hijack the creation of a new passkey, not to steal existing ones.
This falls outside the FIDO threat model, which assumes a trusted browser/OS environment.
Today's job market.
August 26, 2025 at 11:10 AM
Today's job market.
These attacks are only valid on an attacker created site. Stick to your normal beaten path online and this shouldn't be an issue.
Still a little disheartening that some of the listed pw managers haven't addressed the issue yet.
Still a little disheartening that some of the listed pw managers haven't addressed the issue yet.
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against ...
thehackernews.com
August 25, 2025 at 12:28 PM
These attacks are only valid on an attacker created site. Stick to your normal beaten path online and this shouldn't be an issue.
Still a little disheartening that some of the listed pw managers haven't addressed the issue yet.
Still a little disheartening that some of the listed pw managers haven't addressed the issue yet.
Back-to-school time!
If you have young kids in your friends and family circle pick up a copy of Alicia Connected - The Big Gift that helps parents and kids learn how to stay safe and secure online!
#cybersecurity #privacy #backtoschool
www.amazon.com/gp/product/0...
If you have young kids in your friends and family circle pick up a copy of Alicia Connected - The Big Gift that helps parents and kids learn how to stay safe and secure online!
#cybersecurity #privacy #backtoschool
www.amazon.com/gp/product/0...
The Big Gift (Alicia Connected)
The Big Gift (Alicia Connected) [Fisher, Derek, Burger, Kim, Workman, Heather] on Amazon.com. *FREE* shipping on qualifying offers. The Big Gift (Alicia Connected)
www.amazon.com
August 23, 2025 at 6:10 PM
Back-to-school time!
If you have young kids in your friends and family circle pick up a copy of Alicia Connected - The Big Gift that helps parents and kids learn how to stay safe and secure online!
#cybersecurity #privacy #backtoschool
www.amazon.com/gp/product/0...
If you have young kids in your friends and family circle pick up a copy of Alicia Connected - The Big Gift that helps parents and kids learn how to stay safe and secure online!
#cybersecurity #privacy #backtoschool
www.amazon.com/gp/product/0...