New, at KrebsOnSecurity.com: Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI. https://krebso.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/

I'm seeing an unusually large number of phishous and mailicious messages landing in my inbox today. Granted, it's always hard to know if an uptick is related to an increase in malicious attacks or just more bad stuff figuring out how to bypass spam and malware filters. I can say, though, that most of these that made it to my inbox today are the kind that I would normally have to fish out of the spam folder. Be careful out there folks.

I'm completely enthralled with this super chill jazzy tune by Matthew Halsall. Been trying to noodle out portions of it on the piano all day. Heard it on a Pandora channel for the Tunisian composer Anouar Brahem, who is also amazing. Enjoy. https://www.youtube.com/watch?v=dSTI6vFcu-0

I published a piece on what we know so far about the widespread exploitation of a zero-day flaw in Microsoft SharePoint Server. tl;dr: A patch is available for some but not all affected SharePoint customers. Those without the ability to patch are being strongly urged to disconnect those systems from anything Internet-facing and apply mitigations. https://krebso.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/ From the story: According to CISA, attackers exploiting the newly-discovered flaw are retrofitting compromised servers with a backdoor dubbed "ToolShell" that provides unauthenticated, remote access to systems. CISA said ToolShell enables attackers to fully access SharePoint content -- including file systems and internal configurations -- and execute code over the network. Researchers at Eye Security said they first spotted large-scale exploitation of the SharePoint flaw on July 18, 2025, and soon found dozens of separate servers compromised by the bug and infected with ToolShell. In a blog post, the researchers said the attacks sought to steal SharePoint server ASP.NET machine keys. "These keys can be used to facilitate further attacks, even at a later date," Eye Security warned. "It is critical that affected servers rotate SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers. Patching alone is not enough. We strongly advise defenders not to wait for a vendor fix before taking action. This threat is already operational and spreading rapidly."

I'm fairly certain that is a major focus of their series, at least from the questions they asked.

My Mom reads so much that she often sends tips to stories I didn't know about. Last night, she goes, Hey I heard you're in a new HBO documentary. I was like, uh....really? I'd forgotten that I sat for an interview with some filmmakers from Finland who were working on a series about Julius Kivimaki, a Finnish cybercriminal "who rose to infamy after forcing a U.S. passenger plane to make an emergency landing, shutting down PlayStation globally, and orchestrating several dangerous SWAT attacks – including one targeting the family of an FBI agent." Looking forward to seeing the series, which apparently includes interviews w/ Allison Nixon, Joe Tidy, and Mikko Hypponen. Debuts on HBO Max Sept. 5. https://press.wbd.com/us/media-release/hbo-max/max-original-documentary-series-most-wanted-teen-hacker-debuts-september-5-hbo-max