Forbes AI 50 Secrets on GitHub: A Security Story Worth a Whisky Toast
Pour yourself a drink, this breach is dumber than last week’s. Here is the one story we should be talking about without pretending the rest of the newsletter matters. Wiz reportedly found secrets belonging to Forbes AI 50 companies sitting in GitHub repos and training data, with the usual plausible deniability baked in. The kind […]
Drilling Down on Uncle Sam’s TP-Link Ban: Security Theatre for the Bar Stool Set
Pour yourself a drink, this breach is dumber than last week’s hype cycle. The TP-Link ban story is not a sudden revelation in how the internet works or why devices get pwned in the wild. It is the security industry performing on a stage built by policy wonks, pundits, and people who confuse a press […]
GlassWorm Returns to OpenVSX with 3 New VSCode Extensions
Pour yourself a dram of something dark and let the hype fade away. GlassWorm is back, threading its way through OpenVSX with three new VSCode extensions that look perfectly innocent until you realize they might be weaponized. The same campaign that tainted the OpenVSX and Visual Studio Code marketplaces last month has resurfaced, offering a […]
Data Exposure in Keras CVE-2025-12058: Patch Day in the AI Basement
Another day, another AI framework vulnerability that makes you question why you still trust a bunch of knobs in a notebook with a keyboard shortcut. The CVE-2025-12058 story in Keras is exactly the kind of reminder you pretend you don’t need at 3 a.m. while you’re sipping bourbon and scrolling through a dozen vendor advisories […]
Top Story: Researchers Hack ChatGPT Memories and Web Search Features
One Story, a Hundred Wictions — and a Glass of Whiskey to Soothe the Pain Pour yourself a glass of your favorite whiskey and listen up, because this is the kind of story that makes compliance spreadsheets look exciting. Tenable researchers reportedly found seven vulnerabilities in the latest ChatGPT memory and web search features, a […]
Cloudflare Scrubs Aisuru Botnet from Top Domains List — a brutal reminder the DNS circus never ends
Another zero-day patched just in time for no one to notice. Cloudflare puts on a show by redacting Aisuru botnet domains from its so-called top domains list, and somehow that fixes everything in the eyes of the vendors and the press. Pull yourself a glass of bourbon or rye and try not to spit when […]
Zscaler acquires SPLX: more AI buzz, less real security, and a nice glass of bourbon to cope
Pour yourself a glass of bourbon, because the latest security acquisition reads like another glossy demo reel dressed up as a strategic milestone. Zscaler is snapping up SPLX, a company that supposedly brings red teaming, asset management, and threat inspection to the party, all to expand the Zero Trust Exchange. In plain terms: more marketing […]
Ukrainian Extradited to US Faces Charges in Jabber Zeus Cybercrime Case
Pour yourself a bourbon and buckle in – this is not another vendor brochure dressed as a security post. Yuriy Igorevich Rybtsov, aka MrICQ, has been extradited to the United States to face charges in the Jabber Zeus cybercrime case. If you’ve ignored the last ten warnings about criminal syndicates moving money and data across […]
Alleged Jabber Zeus Coder MrICQ in U.S. Custody
Pour yourself a whiskey and get ready to watch the security theater cycle spin again. This week we’re told that Yuriy Igorevich Rybtsov, the man prosecutors allege developed for the infamous Jabber Zeus crew under the online handle “MrICQ,” has finally been carted from Italy to the United States to face a 13 year old […]
Ads In AI Search Are Here, Now With Extra Glare
Top Story Another day, another reminder that security theater gets an upgrade the moment a vendor opens its marketing funnel. Google confirms that AI search results will carry ads and that those ads may look different. Translation: your search experience is about to become a sponsored buffet, dressed up in fancy AI skin, while the […]
