Lmst
Login

#IncidentResponse

Matthew JenningsTheISArchitect
2026-02-27

A one-page incident briefing prevents the worst failure mode: everyone running in different directions.

Name the incident, declare command, state objectives, set the next update time.

Do you start incidents with a real briefing?

RootShellrootshellonline@infosec.exchange
2026-02-27

From pentesting tips to cloud defense, today’s curated cyber playlist has it all. πŸŽ₯ youtube.com/playlist?list=PLXq
#PenTesting #AppSec #CyberSecurity #ThreatIntelligence #IncidentResponse

SARC Infosolutionsarcinfosolution
2026-02-27

Please connect with us to recover your ransomware
spal@sarcinfosolution.com


bearbobbearbob@hachyderm.io
2026-02-26

I have lately been thinking about writing a small series about incidents and incident handling, but failed to find a good starting point.
Turns out me failing to find a starting point was the inspiration for the first article - let’s see how the series progresses, because at the moment I strongly feel that I learn by writing about it.

source.codencake.com/post/2026

Hashtags
#incidentresponse #incident #failure

SOC Goulashsoc_goulash@infosec.exchange
2026-02-26

Good morning, cyber pros! β˜• It's been a busy 24 hours with some critical zero-day warnings, new insights into nation-state influence operations, and a few notable breaches. Let's dive into the details:

Recent Breaches: Medical, Retail, and Sports Hit 🚨

- Medical device manufacturer UFP Technologies confirmed a cyber incident on 14 February, leading to data theft and potential destruction, though primary IT systems remain operational.
- French football club Olympique de Marseille reported an "attempted cyberattack" after a threat actor leaked samples claiming 400,000 individuals' data and 2,050 Drupal CMS accounts were stolen.
- European DIY retailer ManoMano disclosed a data breach affecting 38 million customers, stemming from a compromised third-party customer service provider, exposing names, emails, phone numbers, and communications.

πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu

Critical Zero-Days and RCE Flaws Under the Spotlight ⚠️

- Five Eyes agencies and CISA issued urgent warnings about two Cisco Catalyst SD-WAN zero-days (CVE-2026-20127, CVSS 10.0; CVE-2022-20775, CVSS 7.8) actively exploited since 2023 by a "highly sophisticated threat actor" UAT-8616 to gain root access on critical infrastructure.
- Check Point discovered multiple RCE and API key theft vulnerabilities in Anthropic's Claude Code, stemming from malicious configuration files in repositories, highlighting new supply chain risks in AI-driven development.
- A critical RCE flaw (CVE-2026-21902, CVSS 10.0) in Juniper Networks PTX Series routers allows unauthenticated root code execution due to an exposed internal service; immediate patching or access restriction is advised.
- Trend Micro patched two critical RCE path traversal flaws (CVE-2025-71210, CVE-2025-71211) in Apex One management console, allowing unprivileged code execution if the console is externally exposed.
- Previously harmless Google API keys, when exposed client-side, can now authenticate to Gemini AI, potentially allowing attackers to access private data and incur significant usage charges.

🀫 CyberScoop | cyberscoop.com/cisco-zero-days
πŸ“° The Hacker News | thehackernews.com/2026/02/cisc
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu

Evolving Threat Actor TTPs: AI, Supply Chain, and Social Engineering πŸ›‘οΈ

- A coordinated campaign is targeting software developers with fake Next.js job interview repositories, using multiple execution triggers (VS Code, npm run dev, backend startup) to deliver in-memory JavaScript backdoors for RCE and data exfiltration.
- OpenAI reported nation-state actors, including a CCP-linked individual and a Russian group ("Operation No Bell"), are using ChatGPT for politically motivated influence operations, from drafting smear campaigns to generating geopolitical articles.
- A malicious NuGet package, StripeApi.Net, was discovered typosquatting the legitimate Stripe.net library, designed to steal Stripe API tokens from unsuspecting developers while maintaining application functionality.
- The cybercrime group Scattered Lapsus$ Hunters (SLSH) is actively recruiting women for vishing calls to IT helpdesks, aiming to enhance social engineering effectiveness by leveraging different voice profiles.
- Google disrupted a China-linked cyberespionage campaign (UNC2814) active since 2017, targeting telcos and governments in 42 countries, using a new Gridtide backdoor and abusing Google Sheets for C2 communications.

πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ“° The Hacker News | thehackernews.com/2026/02/fake
πŸ‘οΈ Dark Reading | darkreading.com/cyberattacks-d
πŸ“° The Hacker News | thehackernews.com/2026/02/mali
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ—žοΈ The Record | therecord.media/google-disrupt

Ransomware Trends and AI's Double-Edged Sword πŸ“Š

- Despite a 50% surge in ransomware attacks, the payment rate dropped to a record low of 28% in 2025, though the median ransom paid significantly increased to $59,556, indicating a shift in victim behaviour and attacker tactics.
- Veracode's report highlights a growing "security debt," with 82% of companies having unresolved vulnerabilities for over a year, suggesting that the rapid pace of AI-driven development is creating more flaws than can be fixed, making comprehensive security "unattainable."
- The UK government has implemented a new Vulnerability Monitoring Service, significantly reducing the median fix time for critical public sector vulnerabilities from 50 to 8 days, addressing long-standing issues with digital defences.

πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ—žοΈ The Record | therecord.media/united-kingdom

FTC Clarifies COPPA for Age Verification πŸ”’

- The Federal Trade Commission (FTC) issued a policy statement clarifying that it will not enforce COPPA against companies using age verification technologies, provided strict conditions are met regarding data use, retention, notice, and security.
- This aims to encourage the adoption of age verification tools without fear of COPPA violations, with the FTC planning a broader review of the COPPA Rule to address this area.

πŸ—žοΈ The Record | therecord.media/ftc-says-it-wo

#CyberSecurity #ThreatIntelligence #ZeroDay #RCE #Vulnerability #APT #NationState #SupplyChainAttack #SocialEngineering #AI #Ransomware #DataBreach #DataPrivacy #InfoSec #CyberAttack #IncidentResponse

Alonso Caballero / ReYDeSAlonso_ReYDeS@infosec.exchange
2026-02-26
πŸ€– El Curso Fundamentos de Forense Digital estΓ‘ permanente disponible en el aula virtual para acceso inmediato. πŸ“² WhatsApp: https://wa.me/51949304030 🌐 https://www.reydes.com/archivos/cursos/Curso_Fundamentos_Forense_Digital.pdf #dfir #digitalforensics #cybersecurity #forensicsscience #forensics #incidentresponse #malware
Bryley Systemsbryley
2026-02-26

A network failure can silence your business, your suppliers and your clients. Verizon's outage was a reminder about the need for redundancy bryl.us/03nd

DSigmundDSigmund@techhub.social
2026-02-26

Incidents aren’t disastersβ€”they’re fire drills with Slack messages πŸ”₯
Once you reframe them, on-call gets a lot less scary.
#SRE #IncidentResponse #OnCallLife

webdad.eu/2026/02/26/%f0%9f%94

RootShellrootshellonline@infosec.exchange
2026-02-25

What’s trending in cybersecurity today? Find out with the latest YouTube playlist we’ve curated. πŸ‘€ youtube.com/playlist?list=PLXq
#Malware #Phishing #IncidentResponse #CyberAwareness #AppSec

SOC Goulashsoc_goulash@infosec.exchange
2026-02-25

It's been a busy 24 hours in the cyber world with significant updates on nation-state activity, several actively exploited vulnerabilities, major data breaches, and a stark reminder about insider threats and the evolving regulatory landscape. Let's dive in:

Recent Cyber Attacks and Breaches ⚠️

- Wynn Resorts confirmed an employee data breach after the ShinyHunters extortion gang listed them, claiming over 800k records with PII (including SSNs) were stolen. Wynn stated the attackers claimed to have deleted the data, a claim security experts view with scepticism, often implying a ransom payment.
- Medical device manufacturer UFP Technologies reported a cyberattack where some IT systems were isolated and data was stolen or destroyed, though backups facilitated restoration. The company is investigating the extent of sensitive data exfiltration and expects cyber insurance to cover most costs.
- Marquis Software Solutions is suing SonicWall, alleging gross negligence led to a ransomware attack affecting 74 US banks. The breach was traced to a security flaw in SonicWall's MySonicWall cloud backup service, exposing configuration data and MFA scratch codes, rather than an unpatched firewall vulnerability.
- Health insurance tech provider TriZetto Provider Solutions updated a 2024 data breach figure, now impacting over 3.4 million people. A hacker accessed historical eligibility reports via a web portal, exposing sensitive healthcare data including SSNs and health insurance numbers.

πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ—žοΈ The Record | therecord.media/ufp-technologi
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ—žοΈ The Record | therecord.media/trizetto-healt
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th

New Threat Research: Actors, Malware, and Tradecraft πŸ›‘οΈ

- North Korea's Lazarus Group has been observed deploying Medusa ransomware in recent attacks, including against a Middle Eastern organisation and an unsuccessful attempt on a US healthcare entity. This highlights Lazarus's continued financial motivation and willingness to target critical infrastructure.
- Google's Threat Intelligence Group (GTIG) and Mandiant disrupted a global espionage campaign by suspected Chinese threat actor UNC2814, impacting 53 organisations in 42 countries. The group used a new C-based backdoor, 'GRIDTIDE,' which abuses the Google Sheets API for evasive command-and-control (C2) operations, blending malicious traffic with normal activity.
- A financially motivated group, "Diesel Vortex," is targeting freight and logistics operators in the US and Europe with sophisticated phishing campaigns using 52 domains. They stole over 1,600 unique credentials, employing Cyrillic homoglyph tricks, voice phishing, and a multi-stage cloaking process to evade detection and facilitate cargo diversion.
- A new cybercrime service, '1Campaign,' enables threat actors to run persistent malicious Google Ads by cloaking techniques. It filters out security researchers, showing benign content to them while directing real victims to phishing or crypto-drainer sites, effectively evading scrutiny.
- Telephone-Oriented Attack Delivery (TOAD) phishing emails, which contain only a phone number in a fake billing notification, are increasingly bypassing secure email gateways. This is due to their indistinguishability from legitimate business contacts, often combined with other evasion tactics like QR codes and multi-hop redirects.
- Hackers are luring Next.js developers with malicious GitHub repositories disguised as legitimate job interview projects. These repos execute secret-stealing malware in memory, often triggered by Visual Studio Code's workspace automation or running the project's development server, exfiltrating sensitive data like source code and secrets.
- OpenAI has banned a user with links to Chinese law enforcement who attempted to use ChatGPT to plan and track smear campaigns against critics of the Chinese Communist Party, including the Japanese Prime Minister. This highlights the use of AI in sophisticated influence operations and transnational repression tactics like creating fake obituaries and mass-reporting social media accounts.

πŸ•ΆοΈ Dark Reading | darkreading.com/cyberattacks-d
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ•ΆοΈ Dark Reading | darkreading.com/threat-intelli
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
🀫 CyberScoop | cyberscoop.com/chinese-chatgpt

Vulnerabilities: RCE, Active Exploitation, and Zero-Days πŸ”’

- Five Eyes agencies issued urgent warnings about a critical authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN, actively exploited as a zero-day since 2023. Attackers can gain high-privileged access, add rogue peers, and potentially escalate to root by exploiting CVE-2022-20775. Immediate patching, restricted WAN exposure, and hunting for IoCs are crucial.
- Zyxel has released security updates for a critical Remote Code Execution (RCE) vulnerability (CVE-2025-13942) affecting over a dozen router models. The flaw in the UPnP function allows unauthenticated attackers to execute OS commands via crafted SOAP requests, though WAN access must also be enabled for remote exploitation.

πŸ—žοΈ The Record | therecord.media/five-eyes-warn
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu

Threat Landscape Commentary 🌍

- A VulnCheck report highlights that despite over 40,000 new vulnerabilities published in 2025, only 422 (1%) were actively exploited in the wild. This underscores the need for defenders to prioritise based on known exploited vulnerabilities, as network edge devices remain prime targets.
- While AI models like Anthropic's Claude Code Security are effective at identifying software vulnerabilities (500+ in open-source codebases), security researchers note a significant gap in their ability to propose actionable fixes. The sheer volume of AI-generated reports is overwhelming maintainers, highlighting that discovery is cheap, but remediation is hard.
- Researchers from Georgia Tech found that the global threat intelligence (TI) ecosystem is vulnerable to adversarial actions and geopolitical fragmentation. Their study revealed many security vendors conduct shallow malware analysis and rarely share binaries, leading to slow information propagation.
- A new "Operational Technology Incident (OTI) Impact Score" model, inspired by the Richter Scale, has been developed to provide a standardised way to measure the impact of OT cybersecurity incidents. It scores events based on severity, reach, and duration, aiming to offer clearer communication for executives, governments, and insurers.

🀫 CyberScoop | cyberscoop.com/vulncheck-explo
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ•ΆοΈ Dark Reading | darkreading.com/ics-ot-securit

Regulatory Issues and Changes βš–οΈ

- Peter Williams, former general manager of L3Harris's cybersecurity unit, was sentenced to 87 months in prison for stealing and selling eight zero-day exploits to Russian broker Operation Zero. The US Treasury also sanctioned Operation Zero (Matrix LLC), its owner Sergey Zelenyuk, and associated entities, marking the first use of the Protecting American Intellectual Property Act (PAIPA).
- Interpol, with law enforcement from 16 African countries and private companies, conducted "Operation Red Card 2.0," leading to 651 arrests and recovering over $4.3 million. The operation targeted investment fraud, mobile loan fraud, and cybercrime syndicates, highlighting growing efforts against cybercrime in Africa.
- China's top prosecutorial agency is intensifying criminal enforcement against commercial espionage and technology leaks to protect domestic innovation. Over 1,200 business secret infringement cases were handled from 2021-2024, focusing on AI, biomanufacturing, and energy sectors.

🀫 CyberScoop | cyberscoop.com/l3harris-execut
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
🚨 The Hacker News | thehackernews.com/2026/02/defe
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ•ΆοΈ Dark Reading | darkreading.com/cybersecurity-
πŸ—žοΈ The Record | therecord.media/china-domestic

Government Staffing or Program Changes πŸ›οΈ

- The Cybersecurity and Infrastructure Security Agency (CISA) is reportedly "decimated" and "in trouble" a year into the second Trump administration. The agency has lost roughly a third of its personnel, shuttered divisions (like election security), and seen a decline in morale due to political backlash, leading to diminished capabilities.

🀫 CyberScoop | cyberscoop.com/cisa-personnel-

Everything Else 🌐

- A Moscow resident, Ruslan Satuchin, is accused of attempting to extort money from the notorious Conti ransomware group by posing as an FSB officer. He allegedly contacted Conti members in September 2022, demanding payment to avoid criminal prosecution.

πŸ—žοΈ The Record | therecord.media/moscow-man-acc

#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #Phishing #AI #DataBreach #IncidentResponse #Cybercrime #InfoSec #CISA #OTSecurity

HackerWorkspacehackerworkspace@infosec.exchange
2026-02-25

mquire: Linux memory forensics without external dependencies

blog.trailofbits.com/2026/02/2

#cybersecurity #incidentresponse #forensics

RootShellrootshellonline@infosec.exchange
2026-02-25

What’s trending in cybersecurity today? Find out with the latest YouTube playlist we’ve curated. πŸ‘€ youtube.com/playlist?list=PLXq
#Malware #Phishing #IncidentResponse #CyberAwareness #AppSec

FIRST.orgfirstdotorg@infosec.exchange
2026-02-25

Only T W O more days until the 🐦Early Bird Rate expires for #FIRSTCON26! Hurry on over and secure your spot today ➑️go.first.org/zBBwJ #annualconference #incidentresponse

RootShellrootshellonline@infosec.exchange
2026-02-25

What’s trending in cybersecurity today? Find out with the latest YouTube playlist we’ve curated. πŸ‘€ youtube.com/playlist?list=PLXq
#Malware #Phishing #IncidentResponse #CyberAwareness #AppSec

HackerWorkspacehackerworkspace@infosec.exchange
2026-02-24

ShinyHunters extortion gang claims Odido breach affecting millions

bleepingcomputer.com/news/secu

#databreach #incidentresponse #threatintelligence

SOC Goulashsoc_goulash@infosec.exchange
2026-02-24

Hello cyber practitioners! It's been a busy 24 hours with a flurry of activity across data breaches, nation-state operations, critical vulnerabilities, and some interesting discussions around AI and privacy. Let's dive in:

Recent Cyber Attacks or Breaches ⚠️

- The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecom Odido, impacting 6.2 million customers, and digital auto platform CarGurus, exposing data from 12.4 million accounts. The group often uses voice phishing (vishing) to compromise single sign-on (SSO) accounts.
- The FBI reported a significant surge in ATM jackpotting attacks in 2025, with criminals cracking 700 machines and costing banks over $20 million. Attackers frequently use malware like Ploutus to manipulate the eXtensions for Financial Services (XFS) software, forcing cash dispensing.
- Spanish authorities arrested four alleged members of the "Anonymous FΓ©nix" hacktivist group for distributed denial-of-service (DDoS) attacks against government ministries and public institutions in Spain and South America, particularly after the Valencia floods.
- Two South Korean teenagers were charged for breaching Seoul's Ttareungyi public bike service in June 2024, exposing data of 4.62 million users, including IDs, phone numbers, and home addresses.
- The UAE Cyber Security Council claimed to have thwarted an organised 'terrorist' ransomware attack targeting its digital infrastructure and vital sectors, noting the use of AI technologies to develop sophisticated offensive tools.
- Decentralised finance platform Step Finance is shutting down after a $40 million theft from its treasury in January, following the compromise of executive team devices.
- Researchers uncovered and took down the infrastructure of Diesel Vortex, a Russian-linked cybercrime group that stole over 1,600 login credentials from Western cargo companies, enabling freight shipment diversion and check fraud.

πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸŒ‘ Dark Reading | darkreading.com/cyber-risk/atm
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ—žοΈ The Record | therecord.media/uae-claims-it-
πŸ—žοΈ The Record | therecord.media/step-finance-c
πŸ—žοΈ The Record | therecord.media/phishing-opera

New Threat Research on Threat Actors/Groups, Ransomware, Malware, or Techniques and Tradecraft πŸ›‘οΈ

- North Korea's Lazarus Group (specifically the Andariel/Stonefly subgroup) is now deploying Medusa ransomware in financially motivated attacks, targeting US healthcare organisations and an unnamed entity in the Middle East. This marks a shift from their self-developed strains to using ransomware-as-a-service (RaaS) offerings.
- The China-aligned UnsolicitedBooker threat cluster has shifted its focus from Saudi Arabian entities to telecommunications companies in Kyrgyzstan and Tajikistan. They are deploying LuciDoor and MarsSnake backdoors via malicious Microsoft Office documents and phishing links.
- Anthropic accused three Chinese AI labs (DeepSeek, Moonshot, MiniMax) of "industrial-scale campaigns" involving 24,000 fraudulent accounts and 16 million queries to illicitly distill Claude's capabilities. This "illicit distillation" poses national security risks if these unprotected models are used for offensive cyber operations, disinformation, or mass surveillance.

πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ—žοΈ The Record | therecord.media/north-korean-h
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ“° The Hacker News | thehackernews.com/2026/02/unso
🀫 CyberScoop | cyberscoop.com/anthropic-accus
πŸ“° The Hacker News | thehackernews.com/2026/02/anth

Vulnerabilities, especially any mentioning Remote Code Exploitation (RCE), Active Exploitation, or Zero-Days 🚨

- SolarWinds has released patches for four critical Serv-U vulnerabilities (CVE-2025-40538, CVE-2025-40540, CVE-2025-40539, CVE-2025-40541), all with CVSS 9.1 ratings. These flaws, including a broken access control and type confusion bugs, could allow attackers with high privileges to gain root access and execute arbitrary code on unpatched servers. Immediate update to Serv-U 15.5.4 is strongly advised.
- A vulnerability dubbed RoguePilot in GitHub Codespaces allowed prompt injection via malicious GitHub issues. This enabled GitHub Copilot to silently execute commands and leak sensitive data, such as the privileged GITHUB_TOKEN, representing an AI-mediated supply chain attack. Microsoft has since patched the flaw.
- Researchers uncovered over 1,500 security vulnerabilities, including 54 high-severity issues, across ten popular Android mental health applications with a combined 14.7 million installs. These flaws could expose sensitive therapy data, allow credential interception, spoof notifications, and bypass root detection.

πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ“° The Hacker News | thehackernews.com/2026/02/rogu
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu

Threat Landscape Commentary 🌍

- The FBI has affirmed its commitment to combating transnational criminal networks operating industrial-scale scamming compounds in Southeast Asia. These operations traffic individuals and facilitate pig-butchering and cryptocurrency investment scams, generating billions in illicit funds.

πŸ—žοΈ The Record | therecord.media/us-committed-t

Data Privacy πŸ”’

- Microsoft is expanding its Purview Data Loss Prevention (DLP) controls for Microsoft 365 Copilot to block the processing of confidential Word, Excel, and PowerPoint documents across all storage locations, including local files. This enhancement aims to provide consistent protection and addresses previous bugs where Copilot could summarise protected emails.

πŸ€– Bleeping Computer | bleepingcomputer.com/news/micr

Regulatory Issues or Changes βš–οΈ

- The UK Information Commissioner's Office (ICO) has fined Reddit Β£14.47 million (over $19.5 million) for unlawfully processing children's data. Reddit failed to implement adequate age assurance mechanisms until July 2025, despite its own terms of service prohibiting users under 13. Reddit plans to appeal the decision.
- Senior Ukrainian officials are pushing for tighter regulation of the messaging app Telegram, citing its frequent use by Russia for recruiting individuals for sabotage and terrorist attacks, as well as for spreading disinformation.

πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th
πŸ€– Bleeping Computer | bleepingcomputer.com/news/secu
πŸ—žοΈ The Record | therecord.media/ukraine-telegr

Everything Else βš™οΈ

- Go library maintainer Filippo Valsorda criticised GitHub's Dependabot, labelling it a "noise machine" for generating excessive false positives and "nonsensical" CVSS scores. He argues this leads to alert fatigue and reduces security effectiveness, recommending static analysis tools like `govulncheck` instead.

πŸ•΅πŸΌ The Register | go.theregister.com/feed/www.th

#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #DataBreach #Vulnerability #RCE #AI #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #Hacktivism #FinancialCrime #RegulatoryCompliance

Matthew JenningsTheISArchitect
2026-02-24

Part 2 is the gear: The Field Manual.

Pocket-card tools for cyber IR: incident briefing, Cyber LCES, containment menu, recovery sequencing, AAR template.

If you could add only one this quarter, what would it be?

TechNadutechnadu@infosec.exchange
2026-02-24

Air CΓ΄te d’Ivoire Breach Highlights Aviation Ransomware Risk
Air CΓ΄te d'Ivoire confirmed a cyber incident after the INC ransomware claimed 208GB data exfiltration.
Authorities involved:
β€’ ANSSI
β€’ ARTCI
β€’ CI-CERT

Aviation remains a high-impact ransomware sector due to:
β€’ Time-sensitive operations
β€’ Complex legacy IT systems
β€’ Third-party vendor integrations
β€’ International regulatory coordination challenges

Key question:
Are regional carriers equipped with sufficient EDR, segmentation, and incident playbooks?
Engage below.

Source: therecord.media/air-cote-divoi

Follow TechNadu for structured ransomware and threat ecosystem analysis.

#Infosec #Ransomware #AviationCybersecurity #ThreatIntel #IncidentResponse #CriticalInfrastructure #EDR #CyberDefense #GlobalSecurity

Air CΓ΄te d'Ivoire confirms cyberattack following ransomware claims
RootShellrootshellonline@infosec.exchange
2026-02-24

Two playlists every day on hacking & defense. Discover the latest tools and techniques now. πŸŽ₯ youtube.com/playlist?list=PLXq

#CyberSecurity #IncidentResponse #CloudSecurity #Hacking #Phishing

HackerWorkspacehackerworkspace@infosec.exchange
2026-02-23

Suspected Anonymous members cuffed in Spain over DDoS attack

go.theregister.com/feed/www.th

#cybersecurity #incidentresponse #threatintelligence

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst