Brooks
LightNews LightNews
brooksmcmillin.com
Brooks
@brooksmcmillin.com
25 followers 58 following 10 posts
Infrastructure / AI Security Engineer
Posts Replies Media Videos
Reposted by Brooks
cactuscon.com
We run a tight ship to keep CactusCon accessible, and part of that commitment is ensuring students can access CactusCon for FREE.

STUDENTS!

Email [email protected] from a valid student email account to request a coupon code for Eventbrite. We are so excited to have you join us!

#cc14
January 7, 2026 at 4:30 PM
brooksmcmillin.com
Speaking at CactusCon 14 next month!

"Breaking Model Context Protocol: Back to Security Basics" — how MCP is repeating every OAuth mistake from the 2010s, and what to do about it.

Feb 6, 3:30 PM. See you there.
January 4, 2026 at 5:35 PM
brooksmcmillin.com
Well, that’s a bit awkward… #crowdstrike
Search results for the terms “crowdstrike npm”. The first result is “CrowdStrike Falcon Prevents NPM Package Supply Chain Attacks”. The second result is “CrowdStrike npm Packages Hit by Supply Chain Attack”.
September 16, 2025 at 5:06 PM
Reposted by Brooks
matthewdgreen.bsky.social
Something is rotten in Denmark. mastodon.social/@chatcontrol...
Fight Chat Control (@[email protected])
Attached: 1 image Danish Minister of Justice and chief architect of the current Chat Control proposal, Peter Hummelgaard: "We must break with the totally erroneous perception that it is everyone's c...
mastodon.social
September 15, 2025 at 1:49 PM
brooksmcmillin.com
1/5 LLMs keep recommending a Python package called "huggingface-cli" that doesn't exist. A security researcher noticed this and actually created the package to demo the supply chain risk.
September 14, 2025 at 4:35 PM
Reposted by Brooks
shehackspurple.bsky.social
Vibe Coding Will Get You Hacked! - with @davidbombal.bsky.social
https://twp.ai/9PUaq3
September 12, 2025 at 3:26 AM
Reposted by Brooks
rmac.bsky.social
Charlie Kirk was one of the main campaigners for Ross Ulbricht's freedom, and had pushed in Trump's first term for a pardon. Ulbricht's most recent speaking engagement was in July at Turning Points USA event in Tampa where he credited for helping him.

www.nytimes.com/2025/09/07/t...
Instagram photo of Caroline Ulbircht, Charlie Kirk and Ross Ulbricht, smiling, while staring at the camera. Caption reads: The horrific murder of Charlie Kirk has hit us hard. At first, we couldn't believe it and thought it was some kind of mistake, but then came the shock and the tears. We'll forever be grateful for Charlie's support of Ross while he was in prison and for helping bring him home. We're humbled to have known him during his short time on earth. R.I.P, Charlie 💔 From Ross on X: "Like all of you, I am mourning Charlie Kirk. He stood up for his beliefs and died for them at 31, wearing a T‑shirt that read "Freedom." At 31, my life was taken from me for standing up for what I believed in. And Charlie helped me get it back. He never took credit for it but he played a BIG role in my freedom in many ways. Last year alone, when President Trump won the election, he asked Charlie what was the #1 thing he could do for him and Charlie replied: "Free Ross." And in the days leading to my release, Charlie advocated for a full pardon. He did this and more without expectations of me. I wish there was something I could do to help Charlie get his life back. But there isn't, and I'm heartbroken. Charlie, I will always be grateful to you. Thank you for all you did for me and for our country. I pray for you and your beautiful family. Rest in peace."
September 11, 2025 at 9:57 PM
Reposted by Brooks
martijngrooten.bsky.social
If you once wrote software that continues to be used beyond its end-of-life, please don't let the domain expire. If you can't afford to keep using it, contact a local CERT or something.
Otherwise, this happens; victims included dissidents and journalists www.trendmicro.com/en_us/resear...
TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents
The TAOTH campaign exploited abandoned software and spear-phishing to deploy multiple malware families, targeting dissidents and other high-value individuals across Eastern Asia.
www.trendmicro.com
September 1, 2025 at 10:51 AM
brooksmcmillin.com
Google is apparently going to become an APT. Will be interesting to see how that works - cyberscoop.com/google-cyber...
Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense
Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.
cyberscoop.com
August 30, 2025 at 5:27 PM
Reposted by Brooks
damienmiller.bsky.social
openssh.com/pq.html
OpenSSH: Post-Quantum Cryptography
OpenSSH post quantum cryptography
www.openssh.com
August 15, 2025 at 12:49 PM
Reposted by Brooks
confidentsecurity.bsky.social
Creepers, cheaters, and privacy besiegers, you’re done! Don’t Record Me will be ready soon, we let you choose when AI transcribers can capture your conversation.
Big thanks to @sfstandard.com for the shoutout!
Sign-up link here: dontrecord.me
dontrecord.me
We don't like having our conversations recorded either. Here's a simple app to use during voice chat to stop recording and transcribing
dontrecord.me
August 11, 2025 at 11:48 PM
brooksmcmillin.com
Always fun to find more legitimate use cases of Adversarial AI like dontrecord.me which breaks AI transcribers.
dontrecord.me
We don't like having our conversations recorded either. Here's a simple app to use during voice chat to stop recording and transcribing
dontrecord.me
August 11, 2025 at 12:25 AM