The post Breach of Confidence 17 April 2026 appeared first on Javvad Malik.
I’ve spent the week watching people earnestly debate whether AI will replace security analysts. The real threat isn’t AI taking your job. It’s having to sit through another webinar about it.
France Wants a Divorce
France has announced plans to reduce dependency on US tech, which apparently includes ditching Windows. Bold move. The problem with digital sovereignty is that it sounds brilliant in a press release and then someone has to actually build an alternative that doesn’t make users want to defect. Good luck explaining to an entire government workforce why they can no longer open that Excel file from finance.
Automation is the New Attack Vector
Supply chain attacks have become so routine we’ve stopped being shocked by them. Dependabot and Renovate, those helpful little tools that keep your dependencies fresh, are now delivering malware to production in 40 minutes flat. Nobody noticed. We built systems to move faster and now the bad guys are using our own automation against us. The real vulnerability isn’t in the code. It’s in the bit where we assumed automation meant security.
https://cybersec.gitguardian.com/s/renovate-dependabot-the-new-malware-delivery-system-26629
We Trained Them Wrong
Years of security awareness training taught people not to paste secrets into Slack. Solid advice. Turns out GitHub Copilot is the new exfiltration channel and we’ve been feeding it our credentials like treats to a very attentive dog. The lesson, as always, is that we solve yesterday’s problem brilliantly whilst tomorrow’s problem is already in production.
https://api.cyfluencer.com/s/camoleak-how-github-copilot-became-an-exfiltration-channel-26630
Crypto Users and Their Seed Phrases
Most crypto losses have nothing to do with blockchain security. They’re phishing, password reuse, and seed phrases stored next to photos of someone’s cat. The distinction between what lets someone into your account and what lets them steal everything you own is where people consistently fail. The technology is often fine. The humans are magnificent disasters.
https://api.cyfluencer.com/s/seed-phrases-passwords-and-the-biggest-mistakes-crypto-users-make-26631
Gang Used Rightmove to Burgle Homes
A gang used floor plans from Rightmove, the property website, to plan burglaries across the UK. Perfect example of OSINT in action. We publish detailed blueprints of our homes online and then wonder how someone knew exactly where the good stuff was. Every security problem is an information problem wearing a different hat.
https://www.bbc.co.uk/news/articles/c8jxe9npzdlo
UK Threatens Jail Time for Tech Execs
The UK government is threatening prison sentences for tech executives over nonconsensual intimate images. About time, frankly. The real test is enforcement. We’re brilliant at announcing tough penalties and less brilliant at actually applying them. Let’s see if this one has teeth or if it’s another press release that makes everyone feel better for a week.
https://therecord.media/uk-threatens-tech-bosses-with-jail-ai-nudification
Solve Real Problems
Snipe-IT hit $2.8m ARR by solving actual problems for actual people. No overnight success here. Just a decade of showing up and building something useful. The security industry could learn from this. Stop chasing the next buzzword. Build things people need. Maybe in ten years someone will call you an overnight success too.
https://www.indiehackers.com/post/building-a-2-8m-arr-open-source-portfolio-MEiwnqxp2Eab8Ut9qZvO
That’s your week. Reply to this if something made you laugh or wince. Or find me on Bluesky if you fancy shouting into the void together.
Stay cynical.
*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: https://javvadmalik.com/2026/04/17/breach-of-confidence-17-april-2026/