Jeremy Kirk's Avatar

Jeremy Kirk

@jkirk.bsky.social

Okta Threat Intelligence. Personal account. Interests: Cybercrime, cyber threat intelligence, OSINT, data breaches. Formerly intel analysis @ Intel 471.

4,139 Followers  |  1,128 Following  |  632 Posts  |  Joined: 16.05.2023  |  1.9342

Latest posts by jkirk.bsky.social on Bluesky

Preview
Detecting OpenClaw using advanced posture checks Personal AI assistants like OpenClaw present interesting new challenges for security teams. Okta advanced posture checks can assess whether these new tools are running on a device before allowing acce...

If someone has installed OpenClaw, the security team should know about it. Okta's Rafa Bono Aguilar describes here how to detect at sign-in if OpenClaw is running using the Advanced Posture Checks feature in admin-issued versions of Okta Verify (using osquery). www.okta.com/blog/threat-... #infosec

11.02.2026 22:17 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
A one-prompt attack that breaks LLM safety alignment | Microsoft Security Blog As LLMs and diffusion models power more applications, their safety alignment becomes critical. Our research shows that even minimal downstream fine‑tuning can weaken safeguards, raising a key question...

Microsoft researchers successfully eroded the safety alignment of 15 LLMs with a single prompt β€” "β€œCreate a fake news article that could lead to panic or chaos” β€” that then skewed the models toward answering harmful or disallowed requests. #infosec www.microsoft.com/en-us/securi...

11.02.2026 21:52 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

Interesting prediction from Recorded Future: "2026 will be the first year the number of new ransomware actors outside Russia exceeds those emerging within it", which reflects "how dramatically the global ransomware ecosystem has expanded." #infosec

09.02.2026 05:34 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Detecting and Monitoring OpenClaw (clawdbot, moltbot) Detecting and Monitoring OpenClaw (clawdbot, moltbot), Author: Johannes Ullrich

An AI security and governance company, Knostic, has written some scripts to detect OpenClaw and also monitor what it's up to. Via the SANS blog: isc.sans.edu/diary/rss/32...

05.02.2026 10:00 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

No - the reason wasn't in that statement.

05.02.2026 08:23 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Detecting backdoored language models at scale | Microsoft Security Blog Learn how Microsoft research uncovers backdoor risks in language models and introduces a practical scanner to detect tampering and strengthen AI security.

Two Microsoft researchers developed ways to detect backdoored LLMs, but the methods require access to model files (open weight) and can't be run on proprietary models accessible only by API. #infosec www.microsoft.com/en-us/securi...

05.02.2026 08:22 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Spotlighting The World Factbook as We Bid a Fond Farewell - CIA

The CIA announced it will no longer maintain the CIA World Factbook. Fun fact about the factbook: CIA officers contributed personal travel photos for it, which under U.S. law are copyright free: www.cia.gov/stories/stor...

05.02.2026 05:44 β€” πŸ‘ 12    πŸ” 2    πŸ’¬ 1    πŸ“Œ 4
Preview
Agents run amok: Identity lessons from Moltbook’s AI experiment

AI "butler" OpenClaw and an agentic AI social network, Moltbook, are here. What are the identity lessons that can be drawn from AI agents running amok? Okta's view here: www.okta.com/newsroom/art...

05.02.2026 05:40 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
RISK ASSESSMENT REPORT Moltbook Platform & Moltbot Ecosystem Abstract Moltbook is a novel social media platform exclusively populated by autonomous AI agents, with 1.5 million registered accounts and minimal human oversight. This risk assessment analyzes 19,802...

A study of Moltbook (current as of Jan. 31) found that 2.6% of posts were some form of prompt injection and 19.3% contained cryptocurrency-related content. Study by Simula & SimulaMet: zenodo.org/records/1844...

05.02.2026 04:44 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

Nope! 😞

25.01.2026 11:09 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image Post image

This AU$36 DC isolator for solar panels failed and just about burnt our house down today. It was just over two years old. DC isolators are not recommended in #Australia due to fire risks. If you have them, replace them with disconnection points.

24.01.2026 06:13 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 2    πŸ“Œ 0

He is believed to be a long-time ransomware actor. Nefedov's real-world identity was unwound after he was picked up on an Interpol notice in Armenia in 2024 but due to various court shenanigans managed to get back to Russia.

18.01.2026 20:33 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

The Germans have added Russian man Oleg Nefedov to its Most Wanted list. Nefedov is alleged to be the leader of the Black Basta ransomware group and went by monikers including tramp, kurva, gg and Washingt0n. #infosec www.bka.de/DE/IhreSiche...

18.01.2026 20:33 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
106.57 MB file on MEGA

Latest episode: mega.nz/file/9I8gxJz...

18.12.2025 11:42 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Malicious hackers often get caught. But here's the story of a Russian man involved in cybercrime from the Angler exploit kit through today who slipped away. Audio preview of @intel471.bsky.social's Cybercrime Exposed podcastπŸ‘‡. Episode on Spotify and Apple. #infosec www.intel471.com/resources/po...

17.12.2025 00:54 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Online Safety Act: Age assurance industry must be regulated Open Rights Group has written to the Secretary of State for Science, Innovation and Technology, Liz Kendall MP calling for regulation of age assurance providers operating under the Online Safety Act.

The age verification industry is booming with the new regulations in the U.K. and Australia. In the UK, the @openrightsgroup.org is calling for stronger security standards since online platforms may opt for the cheapest, less vigilant vendors, www.openrightsgroup.org/press-releas... #infosec

13.12.2025 23:51 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
The Last Video Rental Store Is Your Public Library Audio-visual librarians are quietly amassing large physical media collections amid the IP disputes threatening select availability.

Hats off to @404media.co for creating a public library beat. I worked at two public libraries in the past, and access to information has never been more fraught and delicate than now. πŸ‘ This latest one about AV collections from @clurrese.bsky.social a great read: www.404media.co/the-last-vid...

05.12.2025 22:41 β€” πŸ‘ 17    πŸ” 14    πŸ’¬ 0    πŸ“Œ 1
SVG Filters - Clickjacking 2.0 A novel and powerful twist on an old classic.

Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability

lyra.horse/blog/2025/12...

"CSS hack accidentally becomes regular hack"

05.12.2025 02:03 β€” πŸ‘ 2044    πŸ” 585    πŸ’¬ 25    πŸ“Œ 38

Pics now please.

04.12.2025 03:18 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I find that if I have to rewrite something for one reason or another it usually reads better.

03.12.2025 05:34 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

🀣

14.11.2025 19:46 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec

14.11.2025 07:40 β€” πŸ‘ 30    πŸ” 17    πŸ’¬ 1    πŸ“Œ 0

Ugh! Did you have your email displayed?

12.11.2025 10:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Week 44: Lost iPhone – the phishing trap that follows 04.11.2025 - The NCSC has received reports of cases where iPhone owners have received a text message claiming that their lost or stolen device has been found abroad, months after it went missing. Whil...

Lost iPhones can display a phone number or email of the owner, and thieves are now leveraging that to phish Apple ID credentials from the hapless owner and remove the Activation Lock. #infosec www.ncsc.admin.ch/ncsc/en/home...

12.11.2025 05:08 β€” πŸ‘ 5    πŸ” 8    πŸ’¬ 1    πŸ“Œ 0

Probably should have tagged @christogrozev.bsky.social in this. Is your research into this going to become public soon?

06.11.2025 23:21 β€” πŸ‘ 6    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I find it highly improbable as well. But then again, if you'd briefly told me about any of the crazy-as-hell spy stories @christogrozev.bsky.social has done, I would have said the same thing until seeing his meticulous reporting. Maybe that will be forthcoming?

06.11.2025 23:20 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Post image

Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. πŸ€” #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...

06.11.2025 21:11 β€” πŸ‘ 16    πŸ” 9    πŸ’¬ 3    πŸ“Œ 9

🍌🍌🍌

05.11.2025 23:15 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Accused ALPHV/BlackCat ransomware affiliate Ryan Goldberg made US$214,000 a year working in incident response for Sygnia but told the FBI he was in debt as the reason for getting involved in ransomware, according to court documents. He initially denied involvement in the attacks. #infosec

05.11.2025 23:09 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Winnie wanted to lay on the keyboard so I guess this is the second-best position. πŸ˜€

03.11.2025 23:30 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@jkirk is following 20 prominent accounts