-
Tweets5K
-
Followers3K
-
Following595
-
Likes8K
anyone ever used Grok Build, please check your grok logs. cat ~/.grok/logs/unified.json | grep repo_state.upload you will be pissed.
the absolute state of ai dev tools. grok build is silently dumping 12gb of untouched repo data and full git commit histories to gcp just to autocomplete a script. they don't want to help you build, they are just treating local dev environments like an open buffet for training
One of our engineers added lifecycle policies to our ECR repos and saved @rootlyhq ~$44K a year. Most companies would give them a thumbs-up in Slack as reward. Instead, we paid them $3,080 as part of our "Save & Share" program. At most companies, cost optimization is treated like volunteer work. But finding and shipping savings takes initiative, cross-team coordination, and real engineering work. It carries risk. The FinOps Foundation found that 40% of organizations say getting engineers to act on cost is their biggest challenge. → @amazon gives out awards to people who drive significant savings, but it's just a cultural thing. → @Spotify built Cost Insights into Backstage. Cut spend by millions. Reward is visibility, not a paycheck. → @gitlab gamified it and cut Kubernetes costs 10%. General Mills went from one team caring to twenty. Gamification gets attention. But the next sprint starts, priorities shift, and cost optimization goes back to being a side-quest. We wanted something durable at Rootly. So we decided to pay people. Save Rootly money on infra or SaaS, get a cash bounty as a percentage of verified annualized savings. → $5K–$25K saved: 5% → $25K–$100K: 7% → $100K–$250K: 10% → $250K+: 12% No special role required. Engineers, SREs, EMs, ops, finance. If you find the savings and ship the fix, you get paid. You must submit your initiative before you merge, with your hypothesis, baseline, and PRs. We lock the trailing 90-day baseline. As CTO, I personally review each submission along Finance against AWS Cost Explorer or the vendor invoice. No retro claims, no double-dips, and the bounty gets reversed if your change causes a Sev-2 within 90 days. We backdated that ECR win as the inaugural payout. ~$44K annualized at the 7% tier came out to ~$3,080. The point isn't the money. It's building a culture where finding $44K in annual savings isn't a footnote in a retro. It's legitimate engineering output, submitted, verified, and recognized as such. If you want engineers to optimize costs, make it worth their while. Full breakdown → rootly.com/blog/we-pay-en…
This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.
The Python Security Response Team patched an authentication bypass in the python.org release management API in under 48 hours. No evidence of exploitation, all artifacts verified. Check out the full writeup 👇 pyfound.blogspot.com/2026/06/mitiga… #Python #Security #PSF pyfound.blogspot.com/2026/06/mitiga…
This looks really cool. It’s nice to see some solid releases from AWS - especially something that’s not just for AI. aws.amazon.com/blogs/aws/run-…
NEW: Meta's new initiative to track employee keystrokes for AI training data has left potentially sensitive data exposed to the company's entire workforce. The company told WIRED it's investigating the issue, and it has no indication at this time that any data was improperly accessed. The latest from @peard33 and @LaurenGoode
new shai hulud wave. interestingly it has this inside the payload to trigger safety refusals in potential defensive scans.
We are now tracking 471 affected artifacts across npm and PyPI in the Mini Shai-Hulud/Miasma/Hades campaign. The newer PyPI artifacts from this wave have been added to the dedicated campaign tracker. Full breakdown: socket.dev/blog/mini-shai…
🚨 Mini Shai-Hulud/Miasma has now spread to PyPI. Socket found 37 malicious artifacts across 19 PyPI packages. The packages abuse #Python .pth startup behavior to launch a Bun-powered credential stealer targeting developer, cloud, and CI/CD secrets. socket.dev/blog/shai-hulu…
A decoy fires only when someone accesses a resource no legitimate user would touch. Plant tripwires across network, identity, data, and AI agent configs to create asymmetry in your security architecture. zeltser.com/protean-inform…
Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux. It checks developer machines for risky packages, extensions, and AI tool configs. Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges. github.com/perplexityai/b…
GitHub’s report today confirms that the compromised Nx Console extension was used as the initial access vector in this attack. This is a difficult thing to read as the CEO of Nx, and I want to be direct about it: we take responsibility for the role our software played in this incident. I’m grateful to the GitHub, Microsoft, and independent security teams that moved quickly to investigate, contain, and share information publicly. This incident highlights that there need to be deeper, more fundamental changes to how we and other maintainers need to think about securing developer tooling and open source distribution. We are already making major changes to our publishing, automation, and extension security posture, and we’ll continue sharing those changes publicly as we implement them. We’re also beginning conversations with other high-profile open source maintainers about how we can work together on some of the deeper structural problems around software supply chain security. A lot of the assumptions the ecosystem has operated under for years no longer hold. Our focus right now is supporting affected users, hardening Nx, and helping push the broader ecosystem toward stronger supply chain security practices. Updates and guidance: github.com/nrwl/nx-consol…
2/ Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far.
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
🚨 Latest from today's Shai Hulud campaign - The JFrog Security Research team has identified more malicious packages in this campaign which are being published with a hidden payload - hosted directly on GitHub instead of npm! 🧵
You can download it here: vx-underground.org/tmp
Everyone is tweeting out "use pnpm & set a minimumReleaseAge of 7 days" but don't forget blockExoticSubdeps - which would also prevent the usage of a remote github reference here!
Our official post mortem on the security issue earlier today: tanstack.com/blog/npm-suppl…
SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @TansTack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Chad Tilbury @chadtilbury
22K Followers 598 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.
Stephan Berger @malmoeb
29K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Jake Williams @MalwareJake
150K Followers 2K Following Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Steve YARA Synapse Mi... @stvemillertime
18K Followers 1K Following AI threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR https://t.co/vLyL2sgQsy I might not know much, but I do know how to Google Tweets are mine
Matt Zorich @reprise_99
15K Followers 2K Following @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own | 🇦🇺
Paul Melson @pmelson
14K Followers 1K Following Author/Operator of @ScumBots. Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer. He/Him
Silas Cutler (p1nk) @silascutler
14K Followers 2K Following You may know me from your logs Principal Security Researcher @Censysio #Threats / #CTI / #Malware / #Hacking
Daniel Bohannon @danielhbohannon
18K Followers 572 Following Security Researcher @permisosecurity Previously: @Mandiant/@FireEye, @Microsoft Developer: Invoke-(Obfuscation|CradleCrafter|DOSfuscation) & Revoke-Obfuscation
Mike Felch (Stay Read... @ustayready
17K Followers 2K Following Offensive @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | Fighter for truth | K1HAQ
Dan Perez @MrDanPerez
5K Followers 1K Following Technical Lead, 🇨🇳 Mission @Google GTIG. Specializing in tracking and attribution of China-Nexus Threats, and making life difficult for them.
Lorvessa @Lorvessaudm
71 Followers 1K Following
𝖆𝖇𝖍𝖎𝖘�... @abhisec_
81 Followers 716 Following A cybersecurity engineer focused on detection engineering, cloud security, threat detection and incident response
QALTUM CONSULTING @QaltumX
2 Followers 94 Following Advisory in digital transformation and cyberdefense for the post-quantum era.
мальовничі ... @abenteurer_
550 Followers 546 Following коли ми перестаємо боятися невідомості, вона стає пригодою // built my identity around rock climbing, mountaineering, and going to random places worldwide
Albus Dumble Door @nitneuksorg
0 Followers 13 Following
Gaetano @Alk4lo1d
35 Followers 1K Following
CryptoMachine Shop @Ttokkyo2
521 Followers 3K Following Follow me on Nostr: npub1sz45japxmjg0ed2szmvr76j83n0krlaxyn0sqpkf3lwgtlu59yqq7jraee
DigForFeed @dig_forens_feed
0 Followers 15 Following
NeelBit @NeelBit
807 Followers 6K Following #developer #trainee. Siempre intentando aprender algo nuevo. Geek suburbano. En proceso de #desarrollador. #Descentralización y derecho a #privacidad
RSN @1R0SEN
13 Followers 496 Following
Raxe AI @RaxeAi
11 Followers 27 Following
0xLite@Ha @AzyzChayeb
708 Followers 8K Following
TelWha. @TelWha
149 Followers 5K Following
HeloiseDierser @7kgiC9epN1lJEgV
19 Followers 958 Following
E11ie @P0int3rNu11
116 Followers 7K Following PlayStation 🎮| GT7🏁🏎️💨| The Last of Us💔🫂| God of War🪓💪🧔♂️| Days Gone🏍️🧟 | GTA Online💲🚗🚓...
hudson @hudson112824
4 Followers 183 Following
GoldM0n @G0ldm0n
73 Followers 2K Following
Tloormlie @Tloormlie6398
17 Followers 933 Following
Ye Alde Poser @Y3330t
65 Followers 2K Following
SENTIMENT.BET @Yarpin5
474 Followers 7K Following where attention goes energy flows — https://t.co/VXxmSXOKLj https://t.co/nUCZdm27Nx
shubham @ShubhamInTech
3K Followers 2K Following ceo https://t.co/Fq3PewMpH3 (yc s26) • analytics for conversational agents
Rhauoodi @Rhauoodi226425
31 Followers 1K Following
Oswaldo ⓩ 🛡️ @Cesar_Oswi
156 Followers 3K Following la revolución pacífica del sistema financiero está armada con zk-SNARK, blockchain, SHA256, & PoW/S 🌌
Mugwump Jones @MugwumpJones
1K Followers 1K Following Just another cat on the internet. A muppet. Doing chaotic goodish things @clearvectorhq. ThruntCon, Board Member.
Rafael Valandro @Rafa_Valandro
244 Followers 2K Following Trader/Investor Through the ups and downs of the stock market, the committed patient will be rewarded. I don't give buying or selling advice, just my opinion.
SOCLabs @DetectionLabs
100 Followers 396 Following The world's first training platform for detection engineers, supporting multiple SIEM languages and using real logs to hone threat detection skills!
Anton @Antonlovesdnb
6K Followers 4K Following Blue Team stuff | Trying to be a decent human being | @munkschool Grad | Hunt & Response @HuntressLabs
Vincetius Vulpes @VinceVulpes
169 Followers 2K Following Cybersec Pro, Coder of Fortune, Knave of all Trades, Artist of Human Motion. Opinions expressed are my own and do not represent the views of my employer.
ulvher @u1lvher
3 Followers 388 Following
Bruno Psalms 🇺🇬 @TheBornAgainGuy
2K Followers 4K Following #PurityIsPossible ambassador|| Students worker|| Youths Pastor|| Child of God|| Acts 17:11|| ✉️ [email protected] 📞+256753724818
Milad Bahari @Milad_Bahari
803 Followers 1K Following
eserialize @eserialize
0 Followers 101 Following
💖💖Red Rose @vahidabdolahi24
329 Followers 625 Following A daughter - A Sister - A Leader - A Boss - Love Animals - Supporting charity - Human right and LGBT 🙆🏼♀️🙆🏼♀️💓💓🏳️🌈🏳️🌈
かしみのり @kashiminor27655
64 Followers 1K Following
Tarunu @TarunuYzsa7O
19 Followers 872 Following
MonaMargery @r26isj90g0veTxN
74 Followers 7K Following
spider @LulleLullu63135
47 Followers 3K Following
Teachoresh @Teachoreshp_Kb
42 Followers 4K Following
vx-underground @vxunderground
442K Followers 363 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Tyler McLellan @tylabs
3K Followers 588 Following Intrusion aficionado. @Google/@Mandiant GTIG Frontline Intelligence Operations
Silas Cutler (p1nk) @silascutler
14K Followers 2K Following You may know me from your logs Principal Security Researcher @Censysio #Threats / #CTI / #Malware / #Hacking
thaddeus e. grugq @thegrugq
128K Followers 420 Following Hacker :: PhD researcher @warstudies @KingsCollegeLon :: [email protected] :: PGP https://t.co/dYipV8y3bo
Daniel Bohannon @danielhbohannon
18K Followers 572 Following Security Researcher @permisosecurity Previously: @Mandiant/@FireEye, @Microsoft Developer: Invoke-(Obfuscation|CradleCrafter|DOSfuscation) & Revoke-Obfuscation
Dan Perez @MrDanPerez
5K Followers 1K Following Technical Lead, 🇨🇳 Mission @Google GTIG. Specializing in tracking and attribution of China-Nexus Threats, and making life difficult for them.
RooCon @RooCon_AU
413 Followers 0 Following RooCon, a free conference on cyber threat intelligence & attribution, is happening in Sydney on 5-6 November 2025.
Codex Releases @CodexReleases
19K Followers 3 Following Unofficial Codex release updates creds @OpenAI
Wiz Red Agent @wizredagent
75 Followers 6 Following AI-attacker that uncovers complex, logic-driven vulnerabilities at machine-speed
Hunt.io @Huntio
7K Followers 938 Following https://t.co/9I6nRUiFjm is a service that provides threat intelligence data about observed network scanning and cyber attacks.
Aidan W Steele @__steele
10K Followers 2K Following I try to tweet novel things about AWS.“Shit-poster extraordinaire” according to @LastWeekInAWS. He/him. AWS Serverless Hero
StepSecurity @step_security
945 Followers 23 Following Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
Socket @SocketSecurity
22K Followers 5K Following Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
billy leonard @billyleonard
5K Followers 718 Following pogue life. sec @ A\, fmr @Google TAG, Global Head of Analysis of State Sponsored Hacking And Threats.
José Arzuaga 🇵�... @JoseInTheArena
105 Followers 216 Following Dad, husband👨👩👧👦, musician🎹🎺, and engineering leader @github ⌨️💻 from 🇵🇷. Opinions are my own.
DEATHCon @DEATHCon2026
2K Followers 43 Following Online/live conference 13-14 November 2026 for Detection Engineering and Threat Hunting https://t.co/TpkIGjaqpx
Unprompted AU @UnpromptedAU
657 Followers 0 Following https://t.co/YGo0O2YvDi - Security conference with an AI focus based in Sydney, Australia. Sister conference to Unprompted.
The Claude Portfolio @theaiportfolios
257K Followers 21 Following *Not affiliated with Anthropic. Seeing which LLM outperforms the market. $200M invested alongside Grok, Chat, & Claude on @joinautopilot by @aifinancelabs
Thariq @trq212
312K Followers 2K Following Claude Code @anthropicai. prev YC W20, @southpkcommons, @medialab
InsideEVs @InsideEVs
90K Followers 212 Following Leading the charge since 2012. The world's top authority on electric vehicles, car technology, autonomy and the zero-emission future of how we get around.
Anthropic @AnthropicAI
1.5M Followers 2 Following We're an AI safety and research company that builds reliable, interpretable, and steerable AI systems. Talk to our AI assistant @claudeai on https://t.co/FhDI3KQh0n.
OpenAI @OpenAI
5.0M Followers 4 Following OpenAI’s mission is to ensure that artificial general intelligence benefits all of humanity. We’re hiring: https://t.co/dJGr6LgzPA
Koidex @GetKoidex
446 Followers 6 Following Real-time intel on malicious extensions & packages across dev marketplaces. Governance + risk scoring for binary/non-binary software. By Koi.
Perplexity @perplexity_ai
497K Followers 77 Following Curiosity changes everything. Download our free app on iOS, Mac, Windows, and Android.
DomainTools @DomainTools
13K Followers 1K Following A global leader for internet #intel that enables security practitioners to proactively defend their organization in a constantly evolving threat landscape.
XBOW @Xbow
12K Followers 13 Following The autonomous offensive security company redefining cyber defense for the AI era.
Claude @claudeai
1.6M Followers 2 Following Claude is an AI assistant built by @anthropicai to be safe, accurate, and secure. Talk to Claude on https://t.co/ZhTwG8dz3D or download the app.
Stitch by Google @stitchbygoogle
162K Followers 6 Following Stitch by @GoogleLabs turns your ideas into beautiful interface designs, powered by some of the latest Gemini models. Try free of charge.
Perplexity Finance @PPLXfinance
44K Followers 28 Following Financial news for the curious. Real-time financial market data powered by @perplexity_ai Computer
Max Miles Points @maxmilespoints
2K Followers 424 Following Miles & Points Educator ✈️ Teaching travel on miles & points 🗓Travel Tips & Tutorials 📧 [email protected]
Marriott Bonvoy @MarriottBonvoy
229K Followers 63 Following A travel program with extraordinary hotel brands and endless experiences. Tweet @MBonvoyAssist for service 24/7. Where can we take you?
Tom Hegel @TomHegel
7K Followers 863 Following Hunting nation-state threats, and bending intelligence tech to shape real-world outcomes.
Permiso Security @permisosecurity
1K Followers 367 Following Detection for all of your clouds - identity providers, Iaas, Saas, Paas and more.
Microsoft Security @msftsecurity
344K Followers 320 Following Be first to know about AI, threats, and new tools. Quick hits, expert tips, and real-time security news—follow for smarter, safer ops.
SECurityTr8Ker @SECurityTr8Ker
4K Followers 5 Following I used to monitor the SEC's RSS feed for 8-K filings disclosing cybersecurity incidents. Last review: 2025-08-04 10:15 ET
AWS Security Digest @AwsSecDigest
2K Followers 13 Following 📥 Stay Up-to-Date on the latest AWS Security News with our Weekly Digest.
GitHub Security @GitHubSecurity
15K Followers 89 Following The @github Security team. 🚨 Report vulnerability: https://t.co/wTLhTm60PQ. Security Research: @GHSecurityLab. We're hiring!
National Institute of... @NIST
95K Followers 465 Following NIST promotes U.S. innovation & competitiveness by advancing measurement science, standards & tech to enhance economic security & improve our quality of life.
Bitkey @Bitkey
26K Followers 83 Following Bitkey is the self-custody bitcoin wallet with an app, hardware, and recovery tools. Built by the Proto team at Block, Inc.
Kody @kgsleuth
44 Followers 22 Following Christian | Conservative | Outdoor Enthusiast | Security Engineer | Cloud Architect | DFIR | Scala/Bash/Python/Ruby | #Cybersecurity #Cloud
Blue Team Con @BlueTeamCon
11K Followers 6 Following Blue Team Con is an annual cybersecurity conference built for defenders, inclusive of anyone interested in safeguarding organizations. | 10-13 September 2026
Rootly @rootlyhq
2K Followers 1 Following Modern AI-powered on-call and incident response platform. Trusted by @nvidia, @Replit, @Canva, @Grammarly, and more. Backed by @Google, @YCombinator.
Quentin Rousseau @quentinrousseau
1K Followers 3K Following CTO & Co-Founder @rootlyHQ (YC S21). Co-Founder @popsql (YC S19) / Ex SRE at @instacart
void *huxley @huxley_barbee
264 Followers 2K Following Mastodon: @[email protected] Lead organizer for BSidesNYC
Elastic Security Labs @elasticseclabs
6K Followers 726 Following Elastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.
Christophe Tafani-Der... @christophetd
6K Followers 1K Following 302 Location: https://t.co/tP3JTD3HQp
urlscan.io @urlscanio
14K Followers 136 Following A sandbox for websites - Find malicious websites and phishing - https://t.co/LfPJPBGXFV - https://t.co/XjI4zJaBBp - #threatintel #cybercrime #infosec #web #phishing
Mike Burns @mburns7
263 Followers 351 Following Defend it and they will come. CISSP. CEH. @Mandiant Blueteam.
Mastodon (@Mastodon@m... @joinmastodon
146K Followers 2 Following Mastodon is the largest decentralised social network on the internet. Built on open web standards by a non-profit. Learn more on our website!





























