Read Time: 8 minutes

Brought to you by:

Howdy friends!

Feels like an absolute ton going on right now and everyone is just losing their minds about the state of AI. If you haven’t heard, I’ve been live streaming on Twitch & YouTube in the mornings (CST) Tuesday, Wednesday, Thursday. Chat asked me to do a dedicated AI stream and I obliged. Forced us all to read a lot of the posts coming out about Opus 4.6 and Codex 5.3 performance, there are a lot of Chicken Little’s out there claiming the sky is falling.

I’m not sure I am full software doomsday camp on this yet, but the capability jump in the last 2 weeks is remarkable. If you haven’t been getting your hands on the latest models, I’d recommend it this week. If you previously had a weird experience, you’d probably not even recognize the output these days.

This article got 76M views over on Twitter. I don’t agree with it in its entirety but I think anything that garners that much attention is worth reading to stay on top of the cultural zeitgeist. Where do you stand on the points being made here?

ICYMI

🖊️ Something I wrote: I’m starting to think the war on encryption and the push for us all to give our ID to websites has nothing to do with protecting children

🎧️ Something I heard: Be Careful w/ Skills - I live reacted to Prime’s video about ai agent skills.

🎤 Something I said: Clawdbot is a security nightmare

🔖 Something I read: This WebMCP announcement feels like the start of the death of UI to me. At least how we know it.

Vulnerable News

North Korea Now Hacking You During the Job Interview

A lot of people looking for work right now, and now comes this: North Korean threat actors cooking both sides of the job market. Running sophisticated fake recruiting operations, posting legitimate-looking job listings, conducting real interviews, and then slipping malware into “technical interview tasks.”

According to research from ReversingLabs, this latest campaign stinks of Lazarus Group and targets developers, especially those with Web3 and crypto experience. During the interview, candidates are told to download GitHub projects that include malicious NPM or PyPI dependencies. The visible code looks clean. The malware is buried in the packages.

The job market is brutal enough right now. You shouldn’t have to worry about getting hacked while trying to get hired. But you do. Share this with anyone job hunting, especially developers and anyone sitting on crypto wallets. (read more)

Defend Smarter: Evidence-Based KEV Prioritization*

The CISA KEV Catalog tells you what to patch, but 68% of KEV entries need additional context to actually prioritize effectively. Most teams treat it like a static checklist, patching in order without understanding true operational risk.

runZero’s new KEVology report by former CISA KEV Section Chief Tod Beardsley reveals what KEV entries actually mean for your environment. Plus, the KEV Collider tool layers exploit availability, access vectors, and real-world signals so you can prioritize based on evidence, not assumptions.

Get the report

*Sponsored

Anthropic Opus 4.6 and the Problem of Adaptive Behavior

Alright I think this is a freak out moment for me. I try hard to read through the marketing BS of how these companies want us all to believe they’re building super intelligence. But I saw this report that Anthropic’s new model Opus 4.6 is surpassing things we thought impossible just a few months ago.

So I reached out to Dan Guido, who runs Trail of Bits. They came in 2nd at a DARPA competition with the goal of making an AI tool that can find and fix vulns in open source libraries used by critical infrastructure. They won millions of dollars for their tool Buttercup’s performance in this competition. Now Opus 4.6 is claiming to do all of that and more. Dan … well Dan agrees. He’s seeing Opus 4.6 doing “way better” than Buttercup. (read more)

OpenClaw, AI Agents, and the Sandbox Illusion

The OpenClaw drama continues. The fun part about all these “build in public” accounts is that when they get hit with security issues, they’re pretty open about them too. In this case, OpenClaw was given “guardrails” in the form of instructions for the agent that it just …ignored. When you grant an agent filesystem access, API keys, and permission to execute code, you’re not simply testing a chatbot, you’re deploying an autonomous operator inside your environment. - An operator with amnesia and a perpensity to just go do random shit it feels like, ignoring your soft instruction based guardrails, and then forgetting it ever messed up to begin with.

The debate isn’t about fear or hype. It’s about operational discipline. Guardrails written in prompts are not security controls. If an agent can access secrets, pivot across tools, or execute commands, sandboxing and privilege boundaries must be treated as first‑class engineering requirements. (read more)

Discord, Age Gates, and the End of the Anonymous Internet

I made a video about this one that will come out soon and I’m calling it “The Death of the anonymous internet.” I think that sums up the direction we’re going. Between this and section 230 attacks, we’re seeing a really disturbing trend. Discord’s move toward mandatory age verification via facial age estimation or government ID uploads signals a wider shift toward tying online participation to real-world identity. Once access becomes contingent on identity, anonymity and pseudonymity stop being defaults and become conditional, with real consequences for people who rely on privacy for safety and speech.

Check the EFF’s guide for what to do when you hit an age gate: https://www.eff.org/deeplinks/2026/01/so-youve-hit-age-gate-what-now

Age gates also expand breach risk by design: third-party vendors, sensitive data collection, and retention practices become part of the product. The backlash in the wake of Discord’s ID exposure (tens of thousands of IDs) is a reminder that even “well-intentioned” identity checks create permanent risk. It feels weird to side with these big platforms and I think thats why its easy to stand with section 230 attacks. But a free and private Internet should be stood with, even if that feels like we’re defending Zuck or something. (read more)

Please Don’t Feed the Scattered Lapsus ShinyHunters

The point of this Brian Krebs article is that the worst leverage in modern extortion isn’t encryption, but intimidation. The groups commonly lumped under “scattered” Lapsus/“ShinyHunters” are escalating harassment, threats, and swatting to pressure organizations, deliberately expanding the blast radius into executives’ families, employees, and public perception.

Allison Nixon of Unit 221B has tracked these actors for years and argues the “Scattered Spider” label is marketing. She points instead to “The Com” ecosystem.

Her advice: Don’t engage in drawn-out negotiations because it incentivizes escalation. Defenders should treat this as a known playbook, SMS/voice phishing for SSO tokens (often Okta), rapid SaaS pivoting, and then pressure campaigns designed to generate media attention and credibility. (read more)

Your Patching Process Wasn't Built for 2026's CVEs*

Detection scaled. Remediation didn't. Now security teams find thousands of CVEs but fix dozens, because traditional patching can't keep up. Root's Co-Founder and CTO breaks down why "upgrade and hope" fails, and how thousands of specialized AI agents fix vulnerabilities in-place with human validation. The full patcher flow, from CVE to shippable diff. Real agents, real diffs, real production. (read more)

*Sponsored

ZeroDayRAT and the Productization of Mobile Spyware

Security researchers @ iVerify just spotted a nasty new mobile spyware called ZeroDayRAT being hawked openly on Telegram channels. This thing is basically a complete mobile takeover toolkit that works on both Android and iOS, giving attackers everything from real-time camera and microphone access to GPS tracking, keylogging, and direct financial theft capabilities.

The attack chain usually starts with sms phishing (i refuse to say smishing) - victim gets a text with a malicious link, downloads what looks like a legit app, and boom, they're owned. From there, attackers can intercept SMS messages (bye bye 2FA), steal crypto wallet addresses via clipboard hijacking, and even stream live video from the victim's cameras. (read more)

Polish Grid Systems Targeted in Cyberattack Had Little Security, Per New Report

Kim Zetter (legend) is reporting that Poland's getting a hard lesson in why you change default passwords. Hackers hit around 30 energy sites last month, including a heat-and-power plant and various wind/solar farms, and found systems secured with default usernames and passwords - no multi-factor auth (wtf). The attackers had been hanging out in the heat plant's network for at least five to nine months before deploying their wipers, which thankfully got caught by intrusion detection systems before they could do real damage. The wind and solar farms weren't as lucky, with attackers successfully bricking some monitoring equipment by replacing firmware.

There's some drama over attribution here - Polish CERT is pointing fingers at Berserk Bear (FSB-linked), while ESET and Dragos think it's Sandworm (GRU). Either way, it's Russian hackers doing Russian hacker things during a cold snap, which feels pretty deliberate. Even if they'd succeeded at all 30 sites, officials say it wouldn't have destabilized Poland's power grid. (read more)

Beyond the Battlefield: Threats to the Defense Industrial Base

Google Threat Intelligence’s new Defense Industrial Base (DIB) report is required reading because it connects battlefield-driven targeting in the Russia–Ukraine conflict to the wider ecosystem behind defense: contractors, suppliers, logistics, and niche vendors. The point is that ‘defense’ is not just agencies: it’s the entire supplier graph that supports them.

Russian groups are going hard after Ukrainian drone operators with fake training academy surveys and Signal account takeovers, while North Korean IT workers are still infiltrating defense contractors (one reportedly snagged AI tech from a California defense firm). The personnel targeting is getting wild too - Iranian actors are spoofing job portals for aerospace companies, and Chinese groups are hitting employees' personal emails with hyper-targeted phishes about local baseball teams and Boy Scout events.

This blurs lines between kinetic and digital conflict and forces organizations to treat vendor access, identity control, and ecosystem-wide monitoring as national-security hygiene, not optional best practice. (read more)

North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam

This attack has everything. (I heard Stefon’s voice as I read this) - This is nuts though, I’m not sure I’ve seen this many layers of things we’ve seen lately all in one attack. Fake zoom. Deepfakes. Custom malware. Clickfix. Browser extensions. Crypto. Seriously i’ve made videos about each of these things individually, this was the kitchen sink.

The attack started with a fake Zoom meeting invite sent via Telegram using another exec's hijacked account. During the "meeting," they played a deepfaked video of a CEO while claiming audio issues to trick the victim into running commands that installed multiple backdoors (WAVESHAPER and HYPERCALL) and data miners (DEEPBREATH and CHROMEPUSH).

Mandiant noted an unusual amount of custom tooling for a single target. The malware suite was designed to vacuum up everything from browser data to Telegram messages and Apple Notes (zomg, this is where I KNOW people’s deepest darkest secrets are), likely to enable both immediate crypto theft and future impersonation attacks. While UNC1069 isn't as prolific as some NK groups, they've been actively evolving since 2018, now leveraging AI tools like Google's Gemini for ops research. This fits into the broader pattern of NK's aggressive crypto targeting - they've reportedly stolen over $2B in crypto in 2025 alone. (read more)

Miscellaneous mattjay

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay