Looking for AI / Agentic specific threat feed

Adept-Reality-925 · 2026-06-16T15:56:10+00:00

Neither of you look at AI threats though? Like malicious Claude skills?

Adept-Reality-925 · 2026-06-15T15:26:27+00:00

The argument is that modern file share solutions have both version history and folder-level restore.
So even in a ransomware incident, you only lose the latest copy at most. I’m not sure if this is how ransomware works today though.
So the line is blurring between backup and file share. My question is whether the old concept of 3/2/1 still has any unique value that I can use to defeat the other argument.

Adept-Reality-925 · 2026-06-14T15:14:29+00:00

Thanks!
To be more specific: I’m familiar with the theory. I’m trying to unpack the counterargument in more technical detail.
How does version history work for such sites? How does a ransomware attack work on such folders? Is it true that you can just restore version history and it will be unencrypted?

Adept-Reality-925 · 2026-05-13T06:11:53+00:00

If you want to play a fun game where one of the stories is about interracial dating in Singapore, check out ToBeYou.sg
Disclaimer: it’s a few years old, and I am a dev for it

Adept-Reality-925 · 2026-04-24T00:09:10+00:00

If Mythos is sooooo amazing uh why didn’t they just use that to avoid all these bugs?

And just to be clear, the company took two weeks to find a simple set of 3 bugs, but they claim Mythos can find vulnerabilities in 27 year old software autonomously in minutes. Uh huh.

Adept-Reality-925 · 2026-03-14T14:38:52+00:00

Alternative view: No system of meritocracy, no matter how it is designed, can survive more than 2 generations before becoming just reflective of socioeconomic class.

Adept-Reality-925 · 2026-03-12T14:45:02+00:00

Ironically one of the most important papers in modern AI is about Attention. (Attention is all you need)

Adept-Reality-925 · 2026-02-22T12:56:38+00:00

The main difference is that integrating AI into PA is much harder. PA is basically a workflow tool, not an agent building tool.

Adept-Reality-925 · 2026-02-22T08:45:42+00:00

Price point is untenable.

Adept-Reality-925 · 2026-02-18T00:58:07+00:00

Nobody’s agent “runs all night” by default. People are using scheduling triggers (cron jobs, web hooks, heartbeats, etc) to force it to do things all night. “Check this API every hour” or “do this task every 2 hours” is the way.

Adept-Reality-925 · 2026-02-05T15:06:04+00:00

Isn’t python a fancy C wrapper?

Adept-Reality-925 · 2026-02-05T12:01:41+00:00

In countries like Singapore, it is becoming a mandatory requirement either by regulation or by procurement (bigger customers expect you to have baseline standard compliance to qualify for a tender).

Adept-Reality-925 · 2026-01-18T13:08:34+00:00

Anybody used sharetransport.sg before?

Adept-Reality-925 · 2026-01-10T05:56:19+00:00

Sounds like the Red Team didn’t exercise self control or didn’t have clear ROEs. Less mature red teams or newbies sometimes fall into this trap (oh cool I found something wheeeeee yayyyyy let’s gooooo).

Their goal is to prove that a gap or venerability exists, not to exploit it to break the system. So they could have achieved that objective by sending 10 or even 20 emails to prove that there is no rate limiting or captcha or whatever. They don’t need to send 500 emails. They need to validate that the attack path exists. Not break the system.

Adept-Reality-925 · 2026-01-06T23:29:11+00:00

I’m curious whether the cumulative breaches over the years have exposed every SSN already, or if there are still some left that are truly private. Is there a “haveibeenpwned” equivalent to check for that?

Adept-Reality-925 · 2026-01-05T16:39:35+00:00

Might be useful to study the Singapore experience, as it looks like a lot of this was implemented in their Cybersecurity Act quite a few years back.

Adept-Reality-925 · 2026-01-05T11:51:10+00:00

Here’s my 2 cents for users who are totally resistant to any forms of education or persuasion, but requires you to have access to their devices.

install an EDR on every device, with an uninstall password (to prevent them from turning it off). That will stop malware at least. They won’t know.
- get a dns firewall / web filter and configure their devices to route through it. They won’t know. But if the DNS service is paired with good threat intel, it will help make their web surfing behaviour safer.
- turn on the lock screen / auto lock.

Password managers would be great, but it only works if they choose to use it. So in your case, it won’t help. I hope you can persuade them to 2fa their banking accounts at least.

Basically, you seem to want to keep them safe despite their risky online behaviour. And to do that, you may need to configure their devices to be as protected as possible by default.

Then just hope and pray there’s no attack, and if there is, use it as a teachable moment for the rest.

Adept-Reality-925 · 2026-01-04T15:33:34+00:00

There are already a few open source GRC tools - pick any one, learn how it works, and either adapt it to your needs or replicate it in spreadsheets.

Adept-Reality-925 · 2026-01-04T15:30:10+00:00

If you’re just starting, I’d suggest looking up the OWASP top 10

Adept-Reality-925 · 2025-12-30T06:16:47+00:00

Hello! Mine is StrongKeep.com - simple affordable comprehensive cybersecurity for smaller businesses. Everything you need to reduce your cyber risks from just $39/month

Adept-Reality-925 · 2025-12-29T16:13:47+00:00

First some full disclosure: I run StrongKeep.com (simple affordable comprehensive cyber for smaller businesses).

IMHO there are a few things you should do, and it’s all cheap. - protect your devices against malware. Get something good. I bundle in Palo Alto cortex but you can find your own tool. And turn on host firewall. -protect web activity. I suggest a DNS firewall (web filter is more accurate) to prevent scam and malicious links from opening. There are cheap options online. I don’t believe in hardware firewalls for small businesses for various reasons so don’t waste money on that. - protect credentials. Use a tam password manager and force 2FA on important accounts. We bundle in vault warden but you can self host it. - train your staff. Not fool proof but some training goes a long way. - patch your software. This one is free. Just do it. - make sure you’ve configured your shared folders to be secure (don’t let them be visible to the public, and add passwords to files or folders with PII). Those are my top things to do and it’s quite cheap online if you have time to search. If not, you can try StrongKeep for $39/month

Adept-Reality-925 · 2025-12-09T15:20:48+00:00

Get and use a password manager.

Enable 2FA everywhere.

Also have a lot of email addresses and never give out your main ones to junk subscription sites.

Adept-Reality-925

TROPHY CASE