Posts

Krebs - Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Image
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials. On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development platform had created a public GitHub profile called “ Private-CISA ” that included plaintext credentials to dozens of internal CISA systems. Experts who reviewed the exposed secrets said the commit logs for the code repository showed the CISA contractor disabled GitHub’s built-in protection against publishing sensitive credentials in public repos. CISA acknowledged the leak but has not responded to questions about the duration of the d...
Post a Comment
Read more

KnowBe4 - How Agentic AI and Automation Are Changing Cybersecurity

Image
There is no question that AI is changing cybersecurity in a massive way. In many respects, its impact is comparable to the rise of the internet. AI tools are helping organizations improve efficiency, automate repetitive tasks, and process data at a speed humans simply cannot match. Unfortunately, the same technology helping defenders is also being adopted by cybercriminals just as quickly. from KnowBe4 Blog https://blog.knowbe4.com/agentic-ai-cybersecurity-evolution
Post a Comment
Read more

Schneier - CISA Security Leak

Crazy story : Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history. News article . from Schneier on Security https://www.schneier.com/blog/archives/2026/05/cisa-security-leak.html
Post a Comment
Read more

The Hacker News - Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI from The Hacker News https://thehackernews.com/2026/05/megalodon-github-attack-targets-5561.html
Post a Comment
Read more

The Hacker News - Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated. The from The Hacker News https://thehackernews.com/2026/05/making-vulnerable-drivers-exploitable.html
Post a Comment
Read more

KnowBe4 - AI Alone Won’t Stop the Breach: Why Email Security Needs Humans-on-the-Loop

Image
2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds.  from KnowBe4 Blog https://blog.knowbe4.com/why-email-security-needs-humans-on-the-loop
Post a Comment
Read more

The Hacker News - Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU. "Kimwolf from The Hacker News https://thehackernews.com/2026/05/kimwolf-ddos-botnet-operator-arrested.html
Post a Comment
Read more