‼️ The FBI has provided a new Public Service Announcement regarding the ShinyHunters cybercriminal group and their recent attack affecting an online Learning Management System (LMS).
https://t.co/7RO4cDLWIH
The FBI is providing recommendations on what to do if you are contacted directly by anyone claiming to have your data.
🚨 Rapid7 Labs has discovered an authentication bypass vuln. affecting #Cisco Catalyst SD-WAN Controller (FKA vSmart).
CVE-2026-20182 has a Critical CVSSv3.1 score of 10.0 and allows a remote unauth. attacker to perform privileged operations. Read on: https://t.co/JuLLfNbbF2
The Space Shuttle Challenger gave us all PTSD. We watched it blow up during class and then went on with our day, no counseling, no trauma response. We were expected to carry on so we did.
No wonder we're tough and DGAF.
Microsoft says attackers are poisoning search results to spread fake VPN clients that steal credentials.
The campaign redirects software searches to trojanized installers on GitHub that show fake VPN prompts while Hyrax steals credentials.
🔗 Read → https://t.co/LCYzgdwwAO
We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously.
To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts. 1/4
🚨 Hikvision Multiple Products Vulnerability Allows Malicious Users to Escalate Privileges
Source: https://t.co/qaqq7ldAc4
A severe vulnerability affecting multiple Hikvision products was added to the Known Exploited Vulnerabilities (KEV) catalog on March 5, 2026.
Tracked globally under CVE-2017-7921, this security flaw poses a significant risk to organizations that rely on these popular surveillance systems.
The flaw enables malicious users to bypass standard security checks, escalate their privileges, and gain unauthorized access to highly sensitive information without needing valid credentials.
#cybersecuritynews
‼️🇮🇱 🇮🇷 Israel compromised a widely used Iranian prayer application over the weekend, leveraging it to push notifications to what could be millions of devices.
The messages targeted military personnel, calling on them to abandon the regime and take part in efforts to liberate the country, according to sources with knowledge of the operation.
WSJ: https://t.co/TSzUhvEkKI
If the IRGC had any plans to attack Tel Aviv’s Ben Gurion Airport—and the tens of billions of dollars’ worth of aircraft sitting on the tarmac—they missed their chance. Every plane just took off at one-minute intervals.
I have no idea if this account is real, but the information that in this tweet is extremely accurate! Wow…. I mean … All. The. Time.
And that bit about insurance companies auditing you is very real. There are a ton of companies that might loose their coverage.
But….is cyber insurance worth it? Do you have to have it? There are so many discussion angles here. I’m really interested in everyone’s thoughts on this.
#infosec #CyberSecurity #cyberinsurance
Just found out we're being audited by our cyber insurance provider.
They want to verify we actually have all the security controls we claimed we have.
Problem: we don't have all the security controls we claimed we have.
When we applied for the insurance, the application asked if we had multi-factor authentication on all admin accounts.
I checked "yes" because we were planning to implement it.
We never implemented it.
Now the auditor wants to see our MFA logs.I have 48 hours to either:
1. Admit we lied and probably lose our coverage
2. Implement MFA across the entire company in two days
3. Get creative
I'm going with option 3.I just enabled MFA on every admin account. Forced enrollment. Everyone had to set it up in the last hour.
Then I backdated our MFA implementation logs to show it was enabled six months ago.
Is this fraud? Technically maybe. But the security is actually in place now. We're just adjusting the timeline of when we claim we did it.
The auditor comes on Monday. By then we'll have 48 hours of MFA logs that I'll present as "recent activity" from our "six-month implementation."
Did we lie on the application? Yes. Are we fixing it before anyone finds out? Also yes.
Corporate compliance is just staying one step ahead of getting caught.
🚧 Microsoft says reports of Windows 11 boot failures are linked to failed installs of the December Patch Tuesday updates.
🪟 When those updates failed and rolled back, they left Windows in an “improper state”.
When these same devices attempted to install the January 2026 updates for Windows 11, it caused them to no longer boot, displaying "UNMOUNTABLE_BOOT_VOLUME" BSOD crash.
Microsoft says they are working on a partial resolution to prevent devices from entering this no-boot state.
However, this solution won't help those devices that are already impacted.
holy sh*t. this is hands down the coolest website i have ever found in my life. it's a live feed of the freaking Hubble Telescope AND James Webb Space Telescope. and the resolution is honestly so incredible i didn't think it was real.
unbelievable.
https://t.co/YQNsG9TVwe