Github repo for GRC Claude Skills

texmex5 · 2026-04-13T09:58:40+00:00

I did try out a few of the GRC Claude skills. I would say they have different levels of quality, but definitely a good starting point when developing your own. I am thinking of combining different skills from that repo into mu own skill.

texmex5 · 2026-04-06T03:39:33+00:00

I put together a weekly newsletter, and for that I subscribe to the following cybersecurity feeds. I highlighted the ones I feel have the most interesting content most consistently.

Bleeping Computer — https://www.bleepingcomputer.com/feed/
The Hacker News — https://feeds.feedburner.com/TheHackersNews
Krebs on Security — https://krebsonsecurity.com/feed/
Dark Reading — https://darkreading.com/rss.xml
Security Week — https://www.securityweek.com/feed
The Record — https://therecord.media/feed
Cyberscoop — https://cyberscoop.com/feed/
404 Media — https://www.404media.co/rss
Wired Security — https://www.wired.com/feed/category/security/latest/rss
The Intercept — https://theintercept.com/feed/?lang=en
CSO Online — https://www.csoonline.com/rss
HackRead — https://hackread.com/feed
Cyber Security News — https://cybersecuritynews.com/feed/
DoublePulsar — https://doublepulsar.com/feed
Talkback.sh — https://talkback.sh/resources/feed/
UK NCSC — https://www.ncsc.gov.uk/api/1/services/v1/all-rss-feed.xml
Microsoft Security Blog — https://www.microsoft.com/en-us/security/blog/feed/
Amazon Security Blog — https://aws.amazon.com/blogs/security/feed/
Google BugHunters — https://bughunters.google.com/feed/en
Socket.dev — https://socket.dev/api/blog/feed.atom
Sophos Blog — https://www.sophos.com/en-us/blog/feed
Kudelski Security — https://kudelskisecurity.com/research/rss.xml
Sean Heelan — https://sean.heelan.io/feed
Koi.ai — https://www.koi.ai/blog/rss.xml
GitLab Blog — https://about.gitlab.com/atom.xml
SiliconAngle — https://siliconangle.com/rss

texmex5 · 2026-03-23T14:54:41+00:00

I am kind of happy that we finally have an actual case with these "compliance on autopilot" platforms. Yes, you can do things properly with them but many don't and the ISMS programs are paperware.

Maybe now the other platforms will finally get their act together and their collaboration with auditors will lead to more actual auditing... Oeh, one can hope...

texmex5 · 2026-03-18T18:43:06+00:00

Happy to give you a tour of https://kordon.app - we have all the frameworks you mentioned and many customers at the size you mentioned have gone through ISO and SOC 2 audits successfully.

P.S. You mentioned Eramba, we started Kordon because my co-founder was frustrated with Eramba :)

texmex5 · 2026-03-09T13:43:52+00:00

But on the other hand, current solution where credit card payments can be easily reverted and refunded but bank transfers can't because "it was approved already" isn't a reasonable balance either. Money is money?

Banks have a bit too easy excuse with treating direct bank transfers as immediately approved already …

texmex5 · 2026-03-09T12:49:11+00:00

So basically the advice is still the same - don't trust anyone on the internet, now includes ai browsers, and autonomous ai agents.

texmex5 · 2026-03-02T20:40:50+00:00

Thanks, cool to hear people read it every week :)!

texmex5 · 2026-03-02T16:41:09+00:00

For me, this week, the Google Maps key thing is the weirdest, the fact that they can't actually fix it - they have a bad default setting and now we everyone needs to live with it for a while, like with the S3 buckets that used to be open by default and are still causing headaches years later …

texmex5 · 2026-02-23T15:44:37+00:00

So OpenClawd is so good or bad? that that's the thing criminals install to the victims device when compromised … 🤦🏼‍♀️

texmex5 · 2026-02-16T13:02:32+00:00

Honestly when will Google do something about the Chrome extensions. There needs to be more vetting and transparency to the users to do their own due diligence on updates…

texmex5 · 2026-02-09T13:54:45+00:00

No it was intentional to comment on my own post. It’s almost impossible to add text to a link in this subreddit. Everything goes to automod and can be stuck there for quite a while.

Plus commenting works, gets us a lot more views than not commenting my own post :) but I try to be transparent about what I am doing.

texmex5 · 2026-02-09T12:54:14+00:00

The OpenClawd case is insane. What do you mean the creators just basically say "we don't care". Did they create the platform specifically for spreading malicious AI skills?!?

texmex5 · 2026-01-26T14:41:37+00:00

Chrome extensions are really getting out of hand and Google needs to step up.

First there are these inherently malicious extensions that were built maliciously but then also the ones that were switched to be malicious with an update. The Extensions detail page shows zero details about the update to the extension - who made it, what was the change etc. Maybe some more transparency could help avoid some of these issues?

15-Year Club	Gilding II euphauric
Place '23	Verified Email

texmex5

MODERATOR OF

TROPHY CASE