I am honored to have experienced this once-in-a-lifetime opportunity at such an early stage in my cyber career. My heart is so full, and I will still talk about this experience in the most befitting way soon. Huge thanks to @Akamai and @sisinerdtweets for this opportunity.🙏🙏

Do you really believe agency can be taught? Or is it something life forces you to develop?🤔

Just saw the list of protocols that was posted by the account. This goes to show you can never go wrong with doing your own research. Don’t swallow everything hook, line, and sinker because even experts can make mistakes.

📌Tap on the image to access the application link.

I'm really interested in getting a POV from the team members who worked under this manager. Imagine the sleepless nights, the near heart attacks, the constant feeling of incompetence, only to find out the person you report to has been orchestrating the very attacks that probably put you under the most intense pressure you will ever face in your lifetime.

📌 This is an internship opportunity for those ready to build skills and grow in: - Networking, - AI, - Cloud, - SOC, and - GRC. linkedin.com/pulse/virtually…

"Life so private nobody knows” proceeds to post a video about said privacy.

𝗨𝗿𝗴𝗲𝗻𝘁 𝗰𝗮𝗹𝗹 𝗳𝗼𝗿 𝗮𝗹𝗹 𝗖𝗜𝗦𝗢𝘀 𝗮𝗻𝗱 𝗘𝗺𝗽𝗹𝗼𝘆𝗲𝗲𝘀 𝗪𝗵𝗼 𝗨𝘀𝗲 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗧𝗼𝗼𝗹𝘀 I read about a newly identified 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝘁𝗲𝗰𝗵𝗻𝗶𝗾𝘂𝗲 called "𝗖𝗼𝗣𝗵𝗶𝘀𝗵" and I thought to share. This attack exploits Microsoft’s Copilot Studio agents to steal OAuth (access) tokens. 𝗪𝗵𝗮𝘁 𝗺𝗮𝗸𝗲𝘀 𝗶𝘁 𝘀𝗼 𝗱𝗮𝗻𝗴𝗲𝗿𝗼𝘂𝘀? The link looks perfectly safe ( because it’s a real Microsoft URL) but behind it is a malicious chatbot asking you (or your admin) to "sign in" or "grant access." Once you do, attackers can quietly steal your session token and access company data undetected. 𝗔 𝘀𝘂𝗺𝗺𝗮𝗿𝘆 𝗼𝗳 𝗵𝗼𝘄 𝘁𝗵𝗶𝘀 𝗮𝘁𝘁𝗮𝗰𝗸 𝘄𝗼𝗿𝗸: - Attackers build fake Copilot agents using Microsoft’s Copilot Studio. - These agents live on genuine Microsoft sites, making them appear trustworthy. - When you log in or approve access, your authentication token is sent to the attacker. - Since the URL is a legitimate one, it is easier for a user to fall for the trick and log in thinking it is just another Microsoft Copilot service. - Because the token was sent from Copilot using Microsoft's IP address, the connection to the attacker will not show in the user's web traffic. 𝗪𝗵𝘆 𝘁𝗵𝗶𝘀 𝗺𝗮𝘁𝘁𝗲𝗿𝘀: Phishing isn’t just about fake emails anymore. Trusted platforms are now being abused to bypass traditional defenses. What this means is that, "safe domain" doesn’t always mean "safe page." 𝗥𝗲𝗰𝗼𝗺𝗺𝗲𝗻𝗱𝗮𝘁𝗶𝗼𝗻𝘀: 1. Set up rules in Microsoft Entra ID to ensure users cannot grant permissions to risky or unverified apps without an admin checking them first. 2. Disable default user app creation, preventing regular users from registering or deploying new applications unless necessary. 3. Security teams should closely monitor logs for new Copilot agents or app permission requests. 4. Train your employees to question unexpected consent or sign-in requests. 5. Encourage reporting by making it easy for employees to report anything odd. 6. Finally, review and revoke unused or suspicious OAuth tokens to reduce the attack surface and stop potential misuse of outdated credentials. 📌 Microsoft has confirmed a fix is coming, but awareness is our best defense right now. 📷 Below are images showing the Microsoft-hosted login page and how the CoPhish attack works. 𝗜𝗺𝗮𝗴𝗲 𝗦𝗼𝘂𝗿𝗰𝗲: Datadog Tag every CISO and Security Analyst you know in the comments. #CyberSecurity #Phishing #CoPhish

Turns out you actually can delete your old tweets in bulk. After tweeting about this yesterday, I discovered a tool that does exactly that. It lets you delete tweets in bulk, filter by time period, keywords, and more. It even goes further by letting you delete all tweets on an account or unfollow in bulk, all in just 3 simple steps: 1) Sign-In with your X account. 2) Select tweets to be deleted. 3) Delete tweets. Similar simple steps apply for features like delete replies, delete retweets, undo reposts, etc. Check out @tweet_deletenet via tweetdelete.net/ Below is a short demo video showing you how easy it is. Try it out and let me know what you think!

To tell you how unqualified I felt, I didn’t even bother applying when I first saw the job post. My boss at the time submitted my CV on my behalf because she knew how passionate I was about that aspect of #CyberSecurity. I had never seen anything like that, and it changed everything for me. I prepared like never before because I didn’t want to disappoint her when I found out. After a series of interviews, to the glory of God, I got the role! Dear CS (@sisinerdtweets), you’ve been such a blessing. Thank you for believing in me! 💙🙏

One thing I’ve noticed on X (Twitter) is how people often get dragged years later for tweets they made when they were completely different people. I honestly think X should have a feature that lets users bulk delete tweets by date, keyword, etc. People evolve. No one should be haunted by the digital footprints of their former self.

I revisited my #GitHub today after what feels like forever. Tried making a few tweaks and suddenly everything looked foreign. It’s crazy how quickly things start to feel unfamiliar when you stop learning or practicing. Anyway, I’m slowly reworking it bit by bit.

Struggling to know which #AI models you can trust? @NomaSecurity & the Cloud Security Alliance launched a game-changer! Tool replaces guesswork with objective, audit-ready evidence, helping security/engineering teams accelerate AI adoption with confidence! api.cyfluencer.com/s/introdu…

Techie narrates how a plantain seller sc+med her after pleading with her to buy from her

If you are here and want to know how to get a scholarship to attend a #Cybersecurity Conference in the USA 🇺🇸, you should check out the playlist I made about it here: piped.video/playlist?list=PL…

I was heading home yesterday when a little girl selling plantains pleaded with me to buy from her. I decided to get two sets, and when it was time to make payment, she asked me to transfer the money to the woman selling beside her. As I was doing that, I told her to pack the plantains for me. After completing the transfer, I thanked them and left, only to get home and realize she had removed one plantain from each set. A similar thing happened when I accompanied my aunt to the market, but that time, the seller was an elderly woman. I was on my phone while my aunt was trying to withdraw cash to pay, and when the woman thought no one was watching, she sneakily cut off one plantain from the bunch. I let her know I saw her and asked her to add it back. I didn’t think I needed any level of vigilance when buying from a child. Now I wonder if this is what people mean when they brag about being "streetwise" in this state. This isn’t being smart; it is THEFT. And when the young and old begin to see deceit as a skill, it says a lot about where we’re headed as a society.

Day 27/31 Myths create risk. Facts create safety. Three Cybersecurity Myths vs Facts 👇👇 @ireteeh @judeosamor @InfoSecSherpa @Lizettle_ #Cybersecurity #CyberAwareness #OnlineSafety #HackingMyths #DigitalProtection #CybersecurityAwarenessMonth