🎶 Weird Al

Last week, I saw something I never thought I would…

We cut to the early 2000s, Clint is in high school.

I loved Weird Al Yankovic, and listened to him regularly with my dad in the car. Weird Al was actually one of the first live concerts I ever attended.

Flash forward to last weekend. As a part of SF SketchFest I saw… a Weird Al-inspired burlesque show called “Tight and Nerdy” 😂 (reference)

A number of people in the audience dressed up as Weird Al from various eras, which was delightful.

There was a dancing can of spam, for Amish Paradise a butter churner got put to work, and I may never look at Yoda the same way again.

Both Weird Al, and the show, are a celebration of being weird, and leaning into your thing, whatever it is.

I like it.

Sponsor

📣 New guide: The future of IT infrastructure

Modern IT infrastructure is mission-critical. But most IT Ops teams are still relying on manual workflows to manage capacity, reliability, and scale.

The result? Hidden waste, slower incident response, growing risk, and teams stuck firefighting instead of improving systems.

Tines published a new guide for IT teams that shows how to change that. In the guide you’ll learn: 

• Why manual capacity management quietly drives cost and operational drag

• How intelligent workflows enable predictable, auditable scaling

• Practical ways to orchestrate infrastructure using the tools you already have 

👉 Get the guide 👈

AppSec

Automated React2Shell vulnerability patching is now available
Vercel Agent now detects vulnerable packages in your project, and automatically generates pull requests with fixes to upgrade them to patched versions.

💡 This is cool, I’d love to see more “let us harden your config / setup / environment for you” products and features.

How rep+ Helped Me Identify a Critical Supabase JWT Exposure
Bour Abdelhadi describes how he used rep+ to discover a publicly exposed Supabase anonymous JWT in a website's JavaScript. rep+ is Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks, recently integrated with Kingfisher for secret detection. He then tested whether Row Level Security (RLS) was properly enforced on the backend by enumerating REST endpoints (thus enumerating tables and RPC functions exposed), and found he was able to read the password_reset_tokens table, enabling full account takeover.

Bour also released supabase-exposure-check, a Python script that scans websites for exposed Supabase JWT tokens, enumerates accessible database tables, and analyzes them for sensitive data exposure.

Security as a platform: Codifying scans, signals, and guardrails
Larkins Carvalho describes how Plaid built “Security Pipeline as Code” to scale security scanning across hundreds of services by treating security controls as infrastructure: using shared CI templates, Terraform modules, and a hosted control plane with in-VPC scan execution. The system dynamically orchestrates security domains (SAST with custom rules from incidents/bug bounties, reachability-aware SCA, IaC and secrets scanning, AI-powered business logic analysis). Sub-5 minute feedback, contextual remediation guidance specific to Plaid, given directly in GitHub.

Technical wins: encoding organization-specific security baselines as Semgrep rules (like enforcing zero-trust authorization policies) and auto-resolving fixed vulnerabilities to eliminate manual triage busywork. Repos onboard with a single Terraform line, and findings flow into a unified vulnerability management system with team attribution and SLA tracking. The platform achieved 95%+ repository coverage by launching rule sets in soft-fail mode first to tune false positives before blocking merges.

“Security learnings from findings to architectural decisions to baselines are turned into automated, institutional knowledge that shows up on PRs across our repos.”

Sponsor

📣 Your Agent Just Ran kubectl.
Was It Supposed To?

AI agents have production access (e.g., file system, shell, databases, MCP servers), but security tools weren't built for this: EDR can't tell if kubectl was intentional or prompt-injected, while secrets managers don't know if the request came from an engineer or an agent. The 2026 Agent Risks Technical Brief covers these blind spots and which controls actually work.

👉 Get the Technical Brief 👈

Nice, love the focus on agent visibility and guardrails, this is an important area right now. MintMCP also has a good paper on Securing the Model Context Protocol.

Container Security

Public Container Registry Risks 2026: Malicious Images & Mitigation
Qualys’ Amit Gadhave analyzed over 34,000 public container images and found that 60% had fewer than 1,000 pulls, and 4% contained cryptomining malware, with 70% of confirmed malicious images being cryptominers, primarily targeting Monero using XMRig. Typo squatting was the common distribution technique, where attackers mimic legitimate image names like nginx, ubuntu, drupal, and joomla to trick users into pulling malicious containers.

BadPods Series: Everything Allowed on AWS EKS
Kiran Dawadi shares a write-up of the “Everything Allowed” bad pod from Bishop Fox’s BadPods project, which is a collection of Kubernetes manifests that create pods with dangerous configurations. The post shows how a pod with privileged: true, hostPath: /, hostNetwork: true, and hostPID: true flags enabled can lead to complete cluster and cloud compromise on AWS EKS.

Kiran shows three attack paths: escaping to the host node via chroot and accessing /var/lib/kubelet, lateral movement to other pods using nerdctl and nsenter to enumerate containers and enter their namespaces, and stealing IAM credentials from the EC2 metadata service at 169.254.169.254 (both IMDSv1 and IMDSv2).

A Brief Deep-Dive into Attacking and Defending Kubernetes
Quite detailed, lengthy post by Alexis Obeng giving an overview of how Kubernetes works, threat hunting in k8s, and attack techniques and defensive strategies. The post covers unauthenticated API access, overly permissive RBAC, ServiceAccount token abuse, malicious admin controllers, CoreDNS poisoning, writable volume mounts, ETCD unauthorized access, and the Kubernetes Golden ticket technique. For each, Alexis gives an overview, then defensive strategies, and then a Falco rule to detect it.

See the k8s-custom-detections GitHub repo for the Falco detection rules, audit policies, sample attack manifests, and configuration files that go along with this post.

💡 Wow, according to her About page, Alexis is still in college 🤯 She’s graduating in Spring 2026, and looking for opportunities. If you’re a hiring manager, you can reach out to her on LinkedIn.

Supply Chain

How We Prevented Cursor, Windsurf & Google Antigravity from Recommending Malware
Koi’s Oren Yomtov discovered that popular AI IDEs (Cursor, Windsurf, Google Antigravity) inherited VSCode's extension recommendation config but switched to the OpenVSX marketplace (licensing reasons), creating a supply chain vulnerability where officially recommended extensions didn't exist and their namespaces were unclaimed. So basically the IDEs were like, “You should install <this extension>” but anyone could register it. Koi preemptively registered the vulnerable namespaces, phew.

💡 I’m periodically surprised that software mostly works and the world hasn’t crumbled.

Threat Actors Expand Abuse of Microsoft Visual Studio Code
Jamf’s Thijs Xhaflaire describes the latest evolution of the Contagious Interview campaign, in which DPRK threat actors target developers via backdoored repos. User clones, opens, and trusts malicious repo → VSCode task.json triggers download from malicious server → payload executed via Node.js runtime → system fingerprinting → persistent beacon to C2 server awaiting arbitrary JavaScript code.

The payload “has inline comments and phrasing that appear to be consistent with AI-assisted code generation.”

Introducing IDE-SHEPHERD: Your shield against threat actors lurking in your IDE
Datadog’s Tesnim Hamdouni announces IDE-SHEPHERD, an open source IDE extension that uses real-time runtime protection + heuristics to protect against malicious extensions and supply chain attacks. It uses a “require-in-the-middle” (RITM) layer to patch critical Node.js modules such as child_process, http, and https to intercept and block malicious operations like PowerShell-encoded commands, suspicious network requests, and auto-executing .vscode/tasks.json files before they execute.

IDE-SHEPHERD combines this runtime defense with heuristic detection that analyzes extension metadata for anomalies such as missing repository links, suspicious version numbers, wildcard activations, and signs of obfuscation.

💡 Yo dawg, I heard you’re worried about malicious IDE extensions, so I built you an IDE extension to analyze IDE extensions 😂 

Blue Team

Quicklinks 

• Varonis discovered Stanley, a $6,000 malware-as-a-service toolkit sold on Russian cybercrime forums that packages a malicious Chrome extension that they guarantee will pass the Chrome Web Store vetting.

• Free Canary Tokens: SSH, Browser Session Cookie, Email, AWS and more by Tracebit — Tracebit recently launched their ‘Community Edition’ - free canary tokens and a local CLI to manage and maintain them. Sign up to deploy canaries in minutes.*

• MHaggis/ADTrapper - A self-hosted Active Directory security analysis platform that processes Windows authentication logs and BloodHound data to detect threats through 54+ detection rules covering brute force, password spray, privilege escalation, and ADCS attacks.

^*Sponsored

North Korean infiltrator caught working in Amazon IT department thanks to lag
They caught them over a 110ms keystroke input lag 🤯 “Schmidt says that Amazon has foiled more than 1,800 DPRK infiltration attempts since April 2024. Moreover, the rate of attempts continues apace, with Amazon reckoning it is seeing a 27% QoQ uplift in North Koreans trying to get into the Amazon corporation.”

Centralized suppression management for detections using macros & lookups
Harrison Pomeroy describes a centralized suppression management system for Splunk detections using macros and lookups, enabling analysts to self-service tune alerts without directly modifying detection logic. The solution uses a CSV lookup table containing alert names, suppression criteria (SPL logic), expiration timestamp, etc. combined with a macro that dynamically injects NOT conditions into detection queries.

Background: “A lookup in a SIEM is an external data table that your detections, queries, and dashboards can reference to enrich events or influence logic. A macro is a reusable piece of logic often a short function, expression, or template, that you can reference throughout your platform to avoid repeating the same code in multiple places.”

AI + Security

eating lobster souls Part III (the finale): Escape the Moltrix
Clawdbot (now Molt) has gotten a lot of hype recently. In part 1, Jamieson O'Reilly found hundreds of Clawdbot control servers that were misconfigured, leaking API keys, OAuth tokens, conversation histories, etc. In part 2, he built a simulated backdoored skill, inflated its download count to #1 on ClawdHub using a trivial API vulnerability, and watched 16 developers across 7 countries execute arbitrary commands on their machines within 8 hours.

In part 3, Jamieson found that you can include JavaScript in an SVG that’s uploaded to ClawdHub, which is served from the main clawdhub.com domain, so it can read your authentication cookies, make API requests on your behalf, etc. An attacker could, for example, use this to compromise your account and then backdoor any skill you’ve uploaded, which will then backdoor anyone who uses them.

💡 The amount of rapidly newly popular things with 2010 era bugs is impressive.

FuzzingLabs/mcp-security-hub
By FuzzingLabs: A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more. 24 MCP Servers, 100+ security tools accessible via natural language, production hardened: non-root containers, minimal images, Trivy-scanned.

MHaggis/Security-Detections-MCP
By Michael Haag: An MCP server that lets LLMs query a unified database of Sigma, Splunk ESCU, Elastic, and KQL security detection rules. The server includes 11 pre-built MCP prompts that provide structured, expert-level workflows for common security detection tasks, including: ransomware readiness assessment, APT threat emulation, purple team exercise, SOC investigation assist, and more.

Claude finds 353 zero-days on Packagist
Sansec describes building a four-stage pipeline using Claude Opus 4.5 to audit the top 5,000 Magento extensions on Packagist, discovering 353 confirmed vulnerabilities (265 IDOR/auth bypass, 50 SQLi, 23 arbitrary file read/write, 15 RCE) across packages with 5.9 million downloads. The pipeline consists of an Aggregator (queries Packagist), Security Auditor (static analysis focusing on non-admin exploitable issues), Vulnerability Reproducer (spins up Docker containers with fresh Magento installs to validate findings via curl PoCs, 79% reproduction rate), and WAF Suggestor (generates active filtering rules). The entire audit cost $10,000 in API calls ($2 per extension, ~$30 per working exploit 😅).

💡 It’s cool that they released the security auditor and reproducer prompts! Also, neither of the prompts are incredibly complex, so to me this is another example of “point frontier models at source code with a reasonable prompt → real bugs!” My colleagues and I also did that here.

One thing I found surprising: “So far we have manually verified 30% of results and found no false positives for the verified vulnerabilities.” Another case for why automatic validation is so powerful/important, but I find it hard to believe there were no FPs 🤔 

Misc

Misc

• Robert Downey Jr’s Iron Man Audition

• J.R.R. Tolkien, Using a Tape Recorder for the First Time, Reads from The Hobbit for 30 Minutes (1952)

• 1000 Blank White Cards - A party card game played with cards in which the deck is created as part of the game.

• The UNIX Pipe Card Game - A card game for teaching kids how to combine unix commands through pipes.

• A scammer’s blueprint - How cybercriminals plot to rob a target within a week. Handbooks found during a police raid on a compound used by a cyberfraud gang in the Philippines show detailed instructions in Chinese for the psychological techniques used for conducting romance scams. Sad ☹️ 

• Tiago Forte - From Chaos to Clarity: My 30-Minute Weekly Review System

• Dan Koe - How to fix your entire life in 1 day

AI

• Codacy co-founder Jaime Jorge’s notes from interviewing Geoffrey Huntley, creator of the Ralph loop, on the future of software engineering.

• @rahulgs - the no unforced-errors ai leader playbook

• @yishan’s AI investment thesis - “Every AI application startup is likely to be crushed by rapid expansion of the foundational model providers.” Two ways to make money: make a flash-in-the-pan app that generates a ton of cash and bank it, or make a good enoguh app that you get acquired by a big player.

• @basedjensen - POV me and Claude Opus 4.5 shipping 😂 

• World Economic Forum 2026 - Google's Demis Hassabis, Anthropic's Dario Amodei Debate the World After AGI

• Greptile argues There is an AI Code Review Bubble - I agree, and it’s not clear to me why these dev-focused code review companies are going to give meaningfully better results than Claude Code/Codex (or like a Cursor or Cognition) with some good skills or prompts.

• Allegedly Anthropic is going to release “Security Center” for Claude Code, scanning code for security issues.

• Introducing Prism - OpenAI launched Prism, a free AI-native workspace for scientific writing that integrates GPT-5.2 directly into a cloud-based LaTeX environment.

• OpenAI Considers Outcome-Based Pricing for AI Breakthroughs - Payment would be tied to measurable results like drug discoveries or operational savings rather than just API usage or subscriptions.

• a16z - The AI Opportunity that goes beyond Models - I thought this was a thoughtful overview of where the opportunity is and what may be disrupted.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint

P.S. Feel free to connect with me on LinkedIn 👋