Matt Johansen
@mattjay.com
Friendly neighborhood cybersecurity guy | expect infosec news, appsec, cloud, dfir. | Long Island elder emo in ATX.
vulnu.com <- sign up for my weekly cybersecurity newsletter
vulnu.com <- sign up for my weekly cybersecurity newsletter
Woah. Trenchant, who develops zero-days and surveillance tools for Five Eyes intelligence agencies (US, UK, Canada, Australia, and New Zealand). Has had an insider accused of selling secrets to Russia.
October 23, 2025 at 5:32 PM
Woah. Trenchant, who develops zero-days and surveillance tools for Five Eyes intelligence agencies (US, UK, Canada, Australia, and New Zealand). Has had an insider accused of selling secrets to Russia.
This BBC reporter was offered 25% of a ransom payout if he gave hackers access to the corporate network.
He played along so we got a look inside their tactic here:
He played along so we got a look inside their tactic here:
September 29, 2025 at 1:51 PM
This BBC reporter was offered 25% of a ransom payout if he gave hackers access to the corporate network.
He played along so we got a look inside their tactic here:
He played along so we got a look inside their tactic here:
I think the separation of dev and prod is one of the most important things we need to solve in AI coding land.
Keys. Secrets. Deployment. All that jazz.
None of the tools help, if anything they make it super easy to do wrong.
Keys. Secrets. Deployment. All that jazz.
None of the tools help, if anything they make it super easy to do wrong.
August 12, 2025 at 8:03 PM
I think the separation of dev and prod is one of the most important things we need to solve in AI coding land.
Keys. Secrets. Deployment. All that jazz.
None of the tools help, if anything they make it super easy to do wrong.
Keys. Secrets. Deployment. All that jazz.
None of the tools help, if anything they make it super easy to do wrong.
Panel on bootstrapping vs. VC money.
@haroonmeer.canary.love : “With bootstrapping you need to be careful to not be timid when it’s time to be bold”
Just great life advice in general. Will remember this quote forever.
Oh and @hdm.io and @andrewmorr.is are cool too.
@haroonmeer.canary.love : “With bootstrapping you need to be careful to not be timid when it’s time to be bold”
Just great life advice in general. Will remember this quote forever.
Oh and @hdm.io and @andrewmorr.is are cool too.
August 5, 2025 at 10:33 PM
Panel on bootstrapping vs. VC money.
@haroonmeer.canary.love : “With bootstrapping you need to be careful to not be timid when it’s time to be bold”
Just great life advice in general. Will remember this quote forever.
Oh and @hdm.io and @andrewmorr.is are cool too.
@haroonmeer.canary.love : “With bootstrapping you need to be careful to not be timid when it’s time to be bold”
Just great life advice in general. Will remember this quote forever.
Oh and @hdm.io and @andrewmorr.is are cool too.
July 31, 2025 at 9:58 PM
That viral women's only dating app 'Tea' was hacked by some 4chan users.
They didn't phish, social engineer, or use some crazy hacker technique either - the database was just public
They didn't phish, social engineer, or use some crazy hacker technique either - the database was just public
July 25, 2025 at 8:27 PM
That viral women's only dating app 'Tea' was hacked by some 4chan users.
They didn't phish, social engineer, or use some crazy hacker technique either - the database was just public
They didn't phish, social engineer, or use some crazy hacker technique either - the database was just public
Someone can buy this extension that is tied to tons of peole's salesforce account and just ...get access to all that info. (h/t @johntuckner.me)
July 16, 2025 at 11:55 PM
Someone can buy this extension that is tied to tons of peole's salesforce account and just ...get access to all that info. (h/t @johntuckner.me)
If I was a bad guy who was looking for memory vulns, I'd be ALL OVER these new hotness web browsers. (Comet, Arc, etc.)
Market share is small but much more valuable targets. - Teams behind them way smaller than ...Google
Market share is small but much more valuable targets. - Teams behind them way smaller than ...Google
July 15, 2025 at 7:09 PM
If I was a bad guy who was looking for memory vulns, I'd be ALL OVER these new hotness web browsers. (Comet, Arc, etc.)
Market share is small but much more valuable targets. - Teams behind them way smaller than ...Google
Market share is small but much more valuable targets. - Teams behind them way smaller than ...Google
July 11, 2025 at 6:19 PM
I just can't believe how successful ClickFix campaigns are right now.
And now FileFix on top of it...
And now FileFix on top of it...
July 10, 2025 at 2:20 PM
I just can't believe how successful ClickFix campaigns are right now.
And now FileFix on top of it...
And now FileFix on top of it...
Which Windows drivers keep Microsoft’s security engineers busiest - and which ones do attackers actually exploit?
Artem Baranov did the dang math.
He scraped every CVE bulletin from Jan 2022 through May 2025 and built a clean data set of kernel-mode driver patches.
Artem Baranov did the dang math.
He scraped every CVE bulletin from Jan 2022 through May 2025 and built a clean data set of kernel-mode driver patches.
July 6, 2025 at 10:41 PM
Which Windows drivers keep Microsoft’s security engineers busiest - and which ones do attackers actually exploit?
Artem Baranov did the dang math.
He scraped every CVE bulletin from Jan 2022 through May 2025 and built a clean data set of kernel-mode driver patches.
Artem Baranov did the dang math.
He scraped every CVE bulletin from Jan 2022 through May 2025 and built a clean data set of kernel-mode driver patches.
🚨 New macOS backdoor alert: North-Korean hackers are disguising a Zoom update that drops malware built to hijack laptops and steal data & passwords.
If you or your devs run macOS, keep scrolling.👇
If you or your devs run macOS, keep scrolling.👇
July 3, 2025 at 5:18 PM
🚨 New macOS backdoor alert: North-Korean hackers are disguising a Zoom update that drops malware built to hijack laptops and steal data & passwords.
If you or your devs run macOS, keep scrolling.👇
If you or your devs run macOS, keep scrolling.👇
Microsoft just put out a detailed threat intel report on North Korean threat actors who keep getting hired for remote jobs at US companies.
They also outline how they're using AI to level up. Here's some highlights:
They also outline how they're using AI to level up. Here's some highlights:
July 2, 2025 at 6:35 PM
Microsoft just put out a detailed threat intel report on North Korean threat actors who keep getting hired for remote jobs at US companies.
They also outline how they're using AI to level up. Here's some highlights:
They also outline how they're using AI to level up. Here's some highlights:
Been reading more and more about governments hacking their own citizens with spyware. They seem to be finding any excuse - journalists. politically active people. social media posts.
Whatever they want.
Then they do it with zero click 0days silently. Wild.
youtu.be/zqY2A112bAQ
Whatever they want.
Then they do it with zero click 0days silently. Wild.
youtu.be/zqY2A112bAQ
July 1, 2025 at 8:56 PM
Been reading more and more about governments hacking their own citizens with spyware. They seem to be finding any excuse - journalists. politically active people. social media posts.
Whatever they want.
Then they do it with zero click 0days silently. Wild.
youtu.be/zqY2A112bAQ
Whatever they want.
Then they do it with zero click 0days silently. Wild.
youtu.be/zqY2A112bAQ
If Austin, Texas got a pro sports team I fear I’d make it my entire personality.
June 27, 2025 at 1:36 AM
If Austin, Texas got a pro sports team I fear I’d make it my entire personality.
June 25, 2025 at 6:10 PM
Are AI hacking agents happening?
June 24, 2025 at 5:42 PM
Are AI hacking agents happening?
I’ve spent at least 2 nights in each time zone in the lower 48 in the last two weeks.
Safe to assume my routine is absolutely f’d.
I keep saying I’ll figure it out after I dig out of my massive backlog…
Safe to assume my routine is absolutely f’d.
I keep saying I’ll figure it out after I dig out of my massive backlog…
June 24, 2025 at 4:52 PM
I’ve spent at least 2 nights in each time zone in the lower 48 in the last two weeks.
Safe to assume my routine is absolutely f’d.
I keep saying I’ll figure it out after I dig out of my massive backlog…
Safe to assume my routine is absolutely f’d.
I keep saying I’ll figure it out after I dig out of my massive backlog…
Sunday scaries big time when I’m leaving this to go back to reality.
June 22, 2025 at 6:56 PM
Sunday scaries big time when I’m leaving this to go back to reality.
Breaking: House Oversight's top Dem Rep. Lynch requests Microsoft provide info on DOGE staffer's GitHub repo.
It allegedly contains code to extract data from the NLRB's case management system.
It allegedly contains code to extract data from the NLRB's case management system.
June 17, 2025 at 4:30 PM
Breaking: House Oversight's top Dem Rep. Lynch requests Microsoft provide info on DOGE staffer's GitHub repo.
It allegedly contains code to extract data from the NLRB's case management system.
It allegedly contains code to extract data from the NLRB's case management system.
Be safe today everybody.
June 14, 2025 at 6:06 PM
Be safe today everybody.
UNFI (major distributor for Whole Foods + 30k grocery stores) hit with cyber incident.
Critical systems offline since June 5. Significant supply chain disruptions ongoing.
Heres what we know. 🧵
Critical systems offline since June 5. Significant supply chain disruptions ongoing.
Heres what we know. 🧵
June 13, 2025 at 5:01 PM
UNFI (major distributor for Whole Foods + 30k grocery stores) hit with cyber incident.
Critical systems offline since June 5. Significant supply chain disruptions ongoing.
Heres what we know. 🧵
Critical systems offline since June 5. Significant supply chain disruptions ongoing.
Heres what we know. 🧵
Congrats on the time off everybody. Go touch some grass while the Internet reboots.
June 12, 2025 at 6:42 PM
Congrats on the time off everybody. Go touch some grass while the Internet reboots.
Easy security win most startups don't do:
A) SSO with mandatory MFA (yubikey preferred)
B) Device health check on login. Don't let unpatched OS or browser even login.
Do this and you're in the 1%
A) SSO with mandatory MFA (yubikey preferred)
B) Device health check on login. Don't let unpatched OS or browser even login.
Do this and you're in the 1%
June 11, 2025 at 6:16 PM
Easy security win most startups don't do:
A) SSO with mandatory MFA (yubikey preferred)
B) Device health check on login. Don't let unpatched OS or browser even login.
Do this and you're in the 1%
A) SSO with mandatory MFA (yubikey preferred)
B) Device health check on login. Don't let unpatched OS or browser even login.
Do this and you're in the 1%