Andy Swift @swiftsecur - Bluesky Profile

Episode 22: Social Engineering, Gas Mark 4, and AGAs with Rachel Tobac!

@tib3rius.bsky.social & @swiftsecur.bsky.social are joined by @racheltobac.bsky.social to talk social engineering war stories...and more!

Links below!

24.10.2025 14:01 — 👍 5 🔁 4 💬 1 📌 0

Episode 21: The One Where They Talk About AI Again

@tib3rius.bsky.social & @swiftsecur.bsky.social talk about AI (again). How it affects our lives, vibe coding, and its increasing usefulness in Cybersecurity.

Links below!

10.10.2025 14:00 — 👍 3 🔁 2 💬 1 📌 1

Burp AI - PortSwigger Hack smarter, not harder. Seamlessly integrate trusted AI capabilities into Burp Suite - on your terms with Burp AI.

Episode 20: War Stories with Julien Richard!

@tib3rius.bsky.social & @swiftsecur.bsky.social chat with Julien Richard about his war stories!

Thank you to @portswigger.net for sponsoring today's episode! Check out portswigger.net/burp/ai to learn more about AI in Burp Suite.

Links below!

26.09.2025 14:02 — 👍 5 🔁 4 💬 1 📌 0

SAUSAGE.....those who know.....know. All will be revealed..

17.09.2025 00:05 — 👍 2 🔁 0 💬 0 📌 0

oh fuck off...while my heads been down making CTF's...I pop my head up for 5 seconds and NPM is on fire again...

16.09.2025 23:58 — 👍 1 🔁 0 💬 0 📌 0

I need sleep. Been building a CTF based around firmware reversing, crypto mishaps and a sprinkling of MQTT..because why not... for the last few days...its gunna be a wild ride in the morning when my teams gets let loose on it...good luck yawll..ill be sleeping in the corner.

16.09.2025 23:54 — 👍 2 🔁 0 💬 0 📌 0

Episode 19: DEF CON!

@tib3rius.bsky.social & @swiftsecur.bsky.social chat about DEF CON, the world's biggest hacker convention, which Andy attended for the first time this year!

Links below!

12.09.2025 14:00 — 👍 4 🔁 3 💬 1 📌 0

Someone asked me what I was eating for lunch, I said 'er poached eggs'....I couldn't tell them it was actually a dipping egg with soldiers.

11.09.2025 13:41 — 👍 1 🔁 0 💬 0 📌 0

eeeek

11.09.2025 13:37 — 👍 2 🔁 0 💬 0 📌 0

Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents The biggest financial impact expected to be the millions of dollars of SaaS contracts signed with security vendors

Now I'm awake and stuff.. I don't want to be dismissive of the NPM thing..sensationalist headlines help no one, some are def overhyped for clicks...but this had potential to hit different...and thats the kinda interesting bit...

This is a cool link:

www.securityalliance.org/news/2025-09...

09.09.2025 08:57 — 👍 1 🔁 0 💬 0 📌 0

Episode 18: UK Online Safety Act

@tib3rius.bsky.social & @swiftsecur.bsky.social chat with Daniel Card about the controversial UK Online Safety Act.

Links below!

29.08.2025 14:01 — 👍 1 🔁 2 💬 1 📌 0

SSHamble - New Open Source Tool to Exploit Vulnerabilities in SSH Protocol SSHamble, a powerful open-source reconnaissance tool designed to identify and exploit vulnerabilities in SSH implementations across internet-facing systems.

cybersecuritynews.com/sshamble/

This is a coolio tool, github here:

github.com/runZeroInc/s...

16.08.2025 09:51 — 👍 1 🔁 0 💬 0 📌 0

Episode 17: Common Vulnerability Scoring Sucks?

@tib3rius.bsky.social & @swiftsecur.bsky.social chat about the problems with CVSS.

Links below!

15.08.2025 14:01 — 👍 1 🔁 3 💬 1 📌 0

Episode 15: Why Can't Pentesters Scope?

@tib3rius.bsky.social & @swiftsecur.bsky.social discuss why they (pentesters) can't scope very well.

Links below!

18.07.2025 14:00 — 👍 2 🔁 1 💬 1 📌 1

So....I built a new scheduling/resourcing system for pentesters, its been a fun project...but now, the irony....it is being pentested....hold onto your hats people...this is going to be a bumpy ride 🤣

#pentesting

11.07.2025 09:39 — 👍 1 🔁 0 💬 0 📌 0

New Linux Security Flaw Uses Initramfs to Inject Malware A newly found security flaw in Ubuntu could allow attackers with physical access to bypass full disk encryption. Learn how the attack works.

www.omgubuntu.co.uk/2025/07/ubun...

This is kinda interesting, maybe helpful for forensics 😆

08.07.2025 10:13 — 👍 0 🔁 0 💬 0 📌 0

This has been my fav so far.... @davidkuszmar.com was awesome, we got to have him back. LIGHT THE RIVER ON FIRE!

04.07.2025 14:30 — 👍 1 🔁 0 💬 1 📌 0

Episode 14: Ignore Previous Instructions & Interview David Kuszmar

@tib3rius.bsky.social & @swiftsecur.bsky.social interview AI security researcher @davidkuszmar.com about his incredible LLM jailbreaks and exploits!

Links below!

04.07.2025 14:00 — 👍 2 🔁 2 💬 1 📌 3

I dont really ask people to be references, imo security and privacy are important in our work, yet.. most large bid contracts ask for them, whats funny is the ones asking often decline to be references themselves citing security policy as the reason...vicious cycle.

03.07.2025 05:17 — 👍 0 🔁 0 💬 0 📌 0

On me way to London guv :) at the Imperial War Museum today for a bit of a workshop with some clients, fun day ahead!

03.07.2025 05:10 — 👍 1 🔁 0 💬 0 📌 0

a woman is making a funny face and says not again ALT: a woman is making a funny face and says not again

thehackernews.com/2025/06/citr...

Uh oh....

26.06.2025 08:23 — 👍 0 🔁 0 💬 0 📌 0

Citrix Patches Critical Vulns in NetScaler ADC and Gateway Citrix is recommending its customers upgrade their appliances to mitigate potential exploitation of the vulnerabilities.

www.darkreading.com/vulnerabilit...

ahhh here we go again :) This is giving me serious PTSD, last time out the IR bat signal was on constantly for a good few weeks 😂

No evidence of wild exploitation yet apparently...but still.

25.06.2025 08:46 — 👍 1 🔁 0 💬 0 📌 0

"If you need legal consultation regarding your target, simply click the 'Call lawyer' button located within the target interface, and our legal team will contact you privately to provide qualified legal support,"

This is amazing.

23.06.2025 09:12 — 👍 0 🔁 0 💬 0 📌 0

Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms Qilin ransomware intensifies, offering legal counsel to affiliates, rising as a top cybercrime platform with 304 victims in 2025.

thehackernews.com/2025/06/qili...

lol wtf is this.... 🤣

23.06.2025 09:10 — 👍 0 🔁 0 💬 1 📌 0

I've always found it works best not to use non-existent settings..

23.06.2025 08:16 — 👍 0 🔁 0 💬 0 📌 0

Episode 13: US Tech Market Dominance

@tib3rius.bsky.social & @swiftsecur.bsky.social chat about why the US tech and cybersecurity markets are so dominant in the world. Prepare for some hot takes. 🔥🥵

Links below!

20.06.2025 16:00 — 👍 4 🔁 3 💬 1 📌 0

Critical Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access Two critical, interconnected flaws, CVE-2025-6018 and CVE-2025-6019, enable unprivileged attackers to achieve root access on major Linux distributions.

cybersecuritynews.com/linux-privil...

Few big ones for Linux...one is all Suse but the other is a lil more interesting LPE.

18.06.2025 09:24 — 👍 0 🔁 0 💬 0 📌 0

uh huh 👍

16.06.2025 10:02 — 👍 0 🔁 0 💬 0 📌 0

Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI workflows, and cloud setups

Ah ha! looks like these are doing the rounds again :D

Careful pulling in packages..as more people are now coding via the vibes...I wonder if we will see more of this type of thing..

thehackernews.com/2025/06/mali...

16.06.2025 09:35 — 👍 0 🔁 0 💬 0 📌 0

The Risks of Pre-Windows 2000 Compatibility Access The default setting of many modern Windows servers can create a vulnerability around pre-Windows 2000 compatibility access. Visit our AD blog to learn more.

For Reference:

www.semperis.com/blog/securit...

'This option was available in the earlier OS when promoting a new AD forest. If you had indeed chosen this option a few years ago, you would even have added Anonymous Users and Everyone to the Pre-Windows 2000 Compatible Access group'

13.06.2025 11:09 — 👍 0 🔁 0 💬 0 📌 0

Andy Swift

Latest posts by swiftsecur.bsky.social on Bluesky

@swiftsecur is following 19 prominent accounts