11 May 2026
By Mary

InfoSec News Nuggets 05/11/2026

Over 500 Organizations Hit in Years-Long Phishing Campaign SOCRadar reported that Operation HookedWing has stolen more than 2,000 credentials from more than 500 organizations across aviation, critical infrastructure, energy, logistics, government, financial services, and technology. The campaign has used GitHub domains, compromised servers, Microsoft and Outlook-themed lures, and personalized landing pages to make credential theft pages look more legitimate. This matters because the targeting isn’t random. The campaign appears focused on organizations with sensitive operations…
Read More
08 May 2026
By Mary

InfoSec News Nuggets 05/08/2026

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks Ivanti released May security updates for Endpoint Manager Mobile that fix five vulnerabilities, including CVE-2026-6973, a high-severity flaw exploited in targeted attacks. The bug requires admin privileges, but reporting indicates it may be tied to earlier EPMM flaws that allowed attackers to gain broader control of mobile device management infrastructure. Organizations running on-prem EPMM should patch quickly, review admin accounts, rotate credentials where appropriate, and look for…
Read More
07 May 2026
By Mary

InfoSec News Nuggets 05/07/2026

Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion Dragos reported that attackers used Claude and GPT models during an intrusion into a municipal water and drainage utility in Monterrey, Mexico. The AI tools helped the actor plan activity, build tooling, process victim data, and identify OT assets, including a SCADA and IIoT management interface. This matters because it shows AI being used in a practical intrusion workflow against critical infrastructure, not just…
Read More
06 May 2026
By Mary

InfoSec News Nuggets 05/06/2026

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks Palo Alto Networks warned that attackers are exploiting CVE-2026-0300, a critical PAN-OS buffer overflow vulnerability affecting the User-ID Authentication Portal, also known as the Captive Portal. The flaw can allow unauthenticated remote code execution with root privileges on exposed PA-Series and VM-Series firewalls. This matters because internet-facing security appliances are high-value targets, and teams using affected Palo Alto firewalls should restrict portal access to…
Read More
05 May 2026
By Mary

InfoSec News Nuggets 05/05/2026

Breaking the code: Multi-stage 'code of conduct' phishing campaign leads to AiTM token compromise Microsoft detailed a large adversary-in-the-middle phishing campaign that targeted more than 35,000 users across more than 13,000 organizations in 26 countries. The campaign used code-of-conduct themed lures, CAPTCHA steps, and realistic enterprise-style messaging to push users through a token theft flow. This matters because the attack doesn't just steal passwords. It can capture valid session tokens after MFA, which is why…
Read More
04 May 2026
By Mary

InfoSec News Nuggets 05/04/2026

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation Attackers are exploiting CVE-2026-41940, a critical cPanel and WHM authentication bypass flaw that can give unauthenticated attackers administrative access to affected servers. Shadowserver reporting indicates more than 40,000 servers may already be compromised. This matters because cPanel often manages multiple websites, databases, and configurations from one place, so a single exposed server can become a broad compromise point for hosting providers, MSPs, and organizations running their own…
Read More
01 May 2026
By Mary

InfoSec News Nuggets 05/01/2026

US ransomware negotiators get 4 years in prison over BlackCat attacks Two former incident response employees were sentenced to four years in prison each for participating in BlackCat ransomware attacks against five U.S. companies in 2023. The case stands out because it turns the usual insider risk story on its head: people trusted to help victims instead used that access and expertise to aid extortion, which is likely to sharpen scrutiny around third-party responders and…
Read More
30 Apr 2026
By Mary

InfoSec News Nuggets 04/30/2026

Critical cPanel and WHM bug exploited as a zero-day, PoC now available cPanel says CVE-2026-41940 is an authentication bypass flaw affecting cPanel, WHM, and WP Squared, and BleepingComputer reports it has already been exploited in the wild, with one hosting provider seeing attempts as early as February. The issue lets attackers potentially take over the cPanel host and the sites it manages, which makes this a high-priority patch item for internet-exposed hosting infrastructure.   Sandhills…
Read More
29 Apr 2026
By Mary

InfoSec News Nuggets 04/29/2026

Critical GitHub Vulnerability Exposed Millions of Repositories Researchers disclosed CVE-2026-3854, a critical flaw in GitHub’s internal Git infrastructure that could let any authenticated user execute arbitrary commands on backend servers with a single git push. Wiz said the bug affected both GitHub.com and GitHub Enterprise Server, and that on GitHub.com it exposed shared storage nodes containing millions of public and private repositories. GitHub says it fixed the issue quickly and found no evidence of in-the-wild…
Read More
28 Apr 2026
By Mary

InfoSec News Nuggets 04/28/2026

Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak Medtronic confirmed a cyber incident after the ShinyHunters group claimed to have stolen 9 million records and terabytes of corporate data. The company said it has not identified impacts to products, patient safety, manufacturing, distribution, or hospital customer networks, but it is still working to determine whether personal information was accessed.   Canada arrests three for operating “SMS blaster” device in Toronto Canadian authorities arrested three men…
Read More
27 Apr 2026
By Mary

InfoSec News Nuggets 04/27/2026

Firefox Vulnerability Allows Tor User Fingerprinting Researchers disclosed CVE-2026-6770, an IndexedDB issue that can let sites correlate a user’s activity across domains, including in Firefox Private Browsing and Tor Browser’s New Identity mode, until the browser process is fully restarted. Mozilla patched it in Firefox 150, and the Tor Project rolled out the fix in Tor Browser 15.0.10, which makes this one worth flagging for teams that rely on browser-based privacy guarantees.   New ‘Pack2TheRoot’…
Read More
24 Apr 2026
By Mary

InfoSec News Nuggets 04/24/2026

UK could face ‘hacktivist attacks at scale’, says head of security agency The head of the UK’s National Cyber Security Centre warned that a conflict scenario could trigger large-scale hacktivist attacks with effects similar to major ransomware incidents, but without the option of paying to recover. He also tied the risk outlook to rising geopolitical tension and faster AI-driven vulnerability discovery, framing this as a resilience issue for both public and private sector organizations.  …
Read More
23 Apr 2026
By Mary

InfoSec News Nuggets 04/23/2026

New npm supply-chain attack self-spreads to steal auth tokens Researchers say a new npm supply-chain campaign hit at least 16 packages tied to Namastex Labs, with malware designed to steal secrets like API keys, SSH keys, cloud and CI/CD credentials, browser-stored wallet data, and npm publishing tokens, then use those tokens to propagate into additional packages. The important wrinkle is that this isn’t just credential theft. It behaves like a supply-chain worm aimed at high-value…
Read More
21 Apr 2026
By Mary

InfoSec News Nuggets 04/21/2026

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers Shadowserver says more than 6,400 internet-exposed Apache ActiveMQ servers are vulnerable to ongoing attacks exploiting CVE-2026-34197, a code injection flaw patched on March 30 in ActiveMQ Classic 6.2.3 and 5.19.4. Because ActiveMQ is widely used for asynchronous messaging between Java applications, this is a practical patch-now issue for teams with exposed or business-critical deployments. Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking Forescout disclosed 20…
Read More
20 Apr 2026
By Mary

InfoSec News Nuggets 04/20/2026

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions NIST has announced a significant shift in how it handles the National Vulnerability Database, stating it will now only automatically enrich CVEs that meet specific prioritization criteria — namely those appearing in CISA's Known Exploited Vulnerabilities catalog, those affecting software used within the federal government, and those covering critical software as defined under Executive Order 14028. The change, which went into effect April 15, was…
Read More
17 Apr 2026
By Mary

InfoSec News Nuggets 04/17/2026

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams OpenAI unveiled GPT-5.4-Cyber this week, a variant of its flagship GPT-5.4 model specifically optimized for defensive cybersecurity use cases, arriving just days after Anthropic's own controlled release of its Mythos frontier model as part of Project Glasswing. Alongside the model launch, OpenAI said it is scaling its Trusted Access for Cyber program to thousands of authenticated individual defenders and hundreds of teams responsible for securing critical…
Read More
16 Apr 2026
By Mary

InfoSec News Nuggets 04/16/2026

Claude Code, Gemini CLI, GitHub Copilot agents vulnerable to prompt injection via comments Researchers disclosed a new “Comment and Control” attack technique that abuses comments in code repositories to inject malicious instructions into AI-powered developer tools like Claude Code, Gemini CLI, and GitHub Copilot agents. Because these tools often trust contextual inputs, attackers can manipulate them into executing unintended actions or exposing sensitive data, highlighting a growing risk in AI-assisted development pipelines where traditional input…
Read More
15 Apr 2026
By Mary

InfoSec News Nuggets 04/15/2026

Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days Today is Patch Tuesday and it's a big one — Microsoft shipped security updates addressing 167 vulnerabilities, including two zero-days and eight critical flaws, making this the second-largest monthly release in the company's history. The actively exploited zero-day is a SharePoint Server spoofing vulnerability (CVE-2026-32201) already being used in the wild, while a second publicly disclosed zero-day in Microsoft Defender (CVE-2026-33825) appears to match the…
Read More
14 Apr 2026
By Mary

InfoSec News Nuggets 04/14/2026

1. North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage social engineering campaign in which threat actors approached targets on Facebook and added them as friends, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT, with the threat actors using two Facebook accounts listing their location as Pyongyang and…
Read More
13 Apr 2026
By Mary

InfoSec News Nuggets 04/13/2026

  Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers   Unknown threat actors gained unauthorized access to Nextend's update infrastructure for the Smart Slider 3 Pro WordPress plugin and distributed a fully attacker-authored build through the official update channel, with any site that updated between its release on April 7, 2026, and detection approximately six hours later receiving a fully weaponized remote access toolkit. The malicious update deployed a sophisticated multi-layered persistence toolkit capable of creating…
Read More
10 Apr 2026
By Mary

InfoSec News Nuggets 04/10/2026

US launches cyber threat sharing channel for digital asset firms  The US Treasury has introduced a new threat intelligence sharing program aimed at digital asset companies, giving them access to the same cybersecurity intelligence feeds used by traditional financial institutions. The move comes as crypto platforms continue to face large-scale attacks and is intended to improve response speed and resilience across a sector that has historically operated with less mature security coordination.    Internet-exposed ICS…
Read More
09 Apr 2026
By Mary

InfoSec News Nuggets 04/09/2026

Hackers exploiting Acrobat Reader zero-day flaw since December  Attackers have been using a previously unpatched Adobe Reader flaw in malicious PDFs since at least December, according to researcher Haifei Li. The reported activity can steal local data through Acrobat APIs and may enable follow-on remote code execution or sandbox escape, which makes this one worth watching closely until Adobe ships a fix.     300,000 People Impacted by Eurail Data Breach  Eurail disclosed that a data…
Read More
08 Apr 2026
By Mary

InfoSec News Nuggets 04/08/2026

Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins An international operation disrupted FrostArmada, a campaign linked to Russia’s APT28 that compromised SOHO routers, changed DNS settings, and intercepted Microsoft login traffic to steal credentials and OAuth tokens. At its peak in December 2025, the campaign had infected about 18,000 devices across 120 countries, and the case is a useful reminder that unmanaged edge devices can become a quiet path into much larger…
Read More
07 Apr 2026
By Mary

InfoSec News Nuggets 04/07/2026

Microsoft links Medusa ransomware affiliate to zero-day attacks Microsoft says the China-based group it tracks as Storm-1175 is moving unusually fast in Medusa ransomware intrusions, sometimes weaponizing newly disclosed bugs within a day and in some cases exploiting flaws before patches are released. The company said recent campaigns hit healthcare, education, professional services, and finance targets, and showed the group chaining multiple vulnerabilities to gain persistence, steal credentials, disable defenses, and deploy ransomware within days…
Read More
06 Apr 2026
By Mary

InfoSec News Nuggets 04/06/2026

CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers CISA has ordered federal agencies to patch CVE-2026-3502 in TrueConf by April 16 after confirming active exploitation. The bug affects the product’s updater validation mechanism and, according to reporting on Check Point’s research, can let an attacker controlling an on-prem TrueConf server push and execute arbitrary files across connected endpoints, making it notable for government and critical infrastructure environments that rely…
Read More
03 Apr 2026
By Mary

InfoSec News Nuggets 04/03/2026

ShinyHunters claim theft of over 3 million Cisco records, threaten public leak The ShinyHunters group is claiming it exfiltrated more than 3 million records tied to Cisco, allegedly obtained through access to Salesforce and AWS environments, and is threatening to release the data if demands are not met. While the full scope and validity of the claims are still being verified, the incident highlights the continued risk around SaaS platforms and third-party integrations as high-value…
Read More
02 Apr 2026
By Mary

InfoSec News Nuggets 04/02/2026

Hasbro takes some systems offline after cybersecurity incident Hasbro disclosed that it detected unauthorized access on March 28 and responded by taking some systems offline, with the disruption affecting parts of its ability to ship products and process orders. The company said the investigation is still underway, so the bigger issue for defenders is that even a limited statement like this usually signals a potentially wider business impact while scope, access, and data exposure are…
Read More
01 Apr 2026
By Mary

InfoSec News Nuggets 04/01/2026

ChatGPT data leakage vulnerability discovered and patched Researchers at Check Point found a prompt-based data exfiltration issue in ChatGPT’s code execution runtime that abused DNS as a side channel, allowing sensitive content processed by third-party apps, including data pulled from uploaded PDFs, to be sent to attacker-controlled infrastructure without tripping expected network restrictions. OpenAI reportedly fixed the issue on February 20, but the writeup is a useful reminder that model-side sandbox assumptions can fail in…
Read More
31 Mar 2026
By Mary

InfoSec News Nuggets 03/31/2026

European Commission confirms cyberattack after hackers claim data breach The European Commission confirmed that attackers breached part of its cloud infrastructure tied to the Europa.eu platform and said it had already contained the incident and implemented mitigation steps. The Commission said its internal systems were not affected, but it’s still investigating what data was taken after hackers claimed they stole large amounts of information from its cloud environment.    Supply chain attack hits widely-used AI…
Read More
30 Mar 2026
By Mary

InfoSec News Nuggets 03/30/2026

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized A critical remote code execution flaw in PTC Windchill and FlexPLM, CVE-2026-4681, is drawing unusual urgency. PTC has published mitigations and indicators of compromise, and CISA warned that the bug could let an unauthenticated attacker gain full control over affected systems. What makes this stand out is the reported real-world response in Germany, where police physically warned organizations about the risk, underscoring how seriously defenders…
Read More
27 Mar 2026
By Mary

InfoSec News Nuggets 03/27/2026

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized A critical remote code execution flaw in PTC Windchill and FlexPLM, CVE-2026-4681, is drawing unusual urgency. PTC hasn’t released patches yet, but it has published mitigations and IOCs, and German police reportedly went door to door warning companies about the risk. This one matters because Windchill sits deep in product lifecycle and industrial environments, so even pre-exploitation urgency is notable.   Critical Flaw in Langflow…
Read More
26 Mar 2026
By Mary

InfoSec News Nuggets 03/26/2026

Iran-Linked Pay2Key Ransomware Group Re-Emerges A joint report from Halcyon and Beazley Security has documented the return of Pay2Key — an Iranian-linked ransomware operation that has been intermittently active since 2020 and has historically targeted victims aligned with Iranian geopolitical interests — with a fresh attack on a U.S. healthcare provider that showcases an evolved set of tactics including TeamViewer-based interactive access, credential harvesting via Mimikatz, LaZagne, and ExtPassword, and network reconnaissance via Advanced IP…
Read More
25 Mar 2026
By Mary

InfoSec News Nuggets 03/25/2026

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise The TeamPCP supply chain campaign has escalated dramatically — having cascaded from its initial March 19 compromise of Aqua Security's Trivy vulnerability scanner through Checkmarx's GitHub Actions and into litellm, the massively popular Python package that Wiz estimates is present in 36% of all cloud environments and serves as the LLM API gateway layer for thousands of AI applications. Endor Labs and JFrog confirmed that backdoored…
Read More
24 Mar 2026
By Mary

InfoSec News Nuggets 03/24/2026

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks Within 20 Hours of Disclosure A critical security flaw in Langflow — the popular open-source AI workflow platform used to build and deploy AI agent pipelines in thousands of enterprise environments — came under active exploitation within 20 hours of its public disclosure, with no proof-of-concept code even available at the time attackers began scanning for vulnerable instances. CVE-2026-33017 (CVSS 9.3) stems from a missing authentication check in the…
Read More
23 Mar 2026
By Mary

InfoSec News Nuggets 03/23/2026

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks CISA and FBI Director Kash Patel jointly warned Friday that Russian intelligence-linked threat actors are conducting an active, widescale phishing campaign targeting users of encrypted commercial messaging apps — primarily Signal and WhatsApp — that has already resulted in unauthorized access to thousands of individual accounts belonging to current and former U.S. government officials, military personnel, political figures, and journalists. The attacks do not…
Read More
20 Mar 2026
By Mary

InfoSec News Nuggets 03/20/2026

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23 Israeli cybersecurity firm Dream has disclosed CVE-2026-32746 — a CVSS 9.8 out-of-bounds write vulnerability in the LINEMODE Set Local Characters (SLC) suboption handler of the GNU InetUtils telnet daemon that allows an unauthenticated remote attacker to overflow a buffer and execute arbitrary code as root before the login prompt ever appears, simply by sending a specially crafted message during the initial TCP handshake…
Read More
19 Mar 2026
By Mary

InfoSec News Nuggets 03/19/2026

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access Amazon Threat Intelligence has disclosed that the Interlock ransomware group was exploiting a maximum-severity flaw in Cisco Secure Firewall Management Center — CVE-2026-20131 (CVSS 10.0), an insecure deserialization vulnerability allowing an unauthenticated remote attacker to bypass authentication and execute arbitrary Java code as root — as a zero-day since January 26, 2026, a full month before Cisco publicly disclosed and patched the bug, giving Interlock…
Read More
18 Mar 2026
By Mary

InfoSec News Nuggets 03/18/2026

LeakNet Ransomware Uses ClickFix and Deno Runtime for Stealthy Attacks ReliaQuest researchers have documented a significant tactical evolution by the LeakNet ransomware operation — a group active since late 2024 that averages roughly three victims per month — which has adopted ClickFix social engineering lures for initial access and now deploys a loader built on the legitimate open-source Deno JavaScript runtime to execute malicious payloads directly in memory, leaving minimal forensic evidence on disk and…
Read More
17 Mar 2026
By Mary

InfoSec News Nuggets 03/17/2026

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos The persistent GlassWorm supply chain threat actor has expanded its campaign significantly — using GitHub tokens stolen via infected VS Code and Cursor extensions to force-push malicious commits into hundreds of Python repositories including Django apps, ML research projects, Streamlit dashboards, and PyPI packages, in a new wave codenamed ForceMemo by StepSecurity. The injected payloads — appended to setup.py, main.py, and app.py files…
Read More
16 Mar 2026
By Mary

InfoSec News Nuggets 03/16/2026

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Google has released an emergency update to Chrome patching two actively exploited high-severity zero-days discovered by its own internal security teams: CVE-2026-3909 (CVSS 8.8), an out-of-bounds write in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML page, and CVE-2026-3910 (CVSS 8.8), an inappropriate implementation in the V8 JavaScript and WebAssembly engine…
Read More
13 Mar 2026
By Mary

InfoSec News Nuggets 03/13/2026

Medtech Giant Stryker Offline After Iran-Linked Wiper Malware Attack Fortune 500 medical technology company Stryker — manufacturer of surgical and neurotechnology equipment with over 53,000 employees and $22.6 billion in 2024 global sales — has been forced into a global operational shutdown after the pro-Iranian hacktivist group Handala claimed to have wiped more than 200,000 systems, servers, and mobile devices across the company's 79-country office footprint, simultaneously exfiltrating 50 terabytes of critical data before triggering…
Read More
12 Mar 2026
By Mary

InfoSec News Nuggets 03/12/2026

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours Google's Cloud Threat Horizons Report for H1 2026 details how a threat actor tracked as UNC6426 weaponized credentials stolen during the August 2025 "s1ngularity" supply chain compromise of the popular Nx build system npm package to completely devastate a victim's cloud environment — escalating from a single stolen GitHub Personal Access Token to full AWS administrator privileges in under 72 hours,…
Read More
11 Mar 2026
By Mary

InfoSec News Nuggets 03/11/2026

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets Researchers at Socket have uncovered five malicious Rust packages published to crates.io — chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync — that masquerade as legitimate time-synchronization utilities while silently harvesting developer credentials from .env files and exfiltrating them to attacker-controlled infrastructure hosted under the lookalike domain "timeapis[.]io." All five crates are assessed to be the work of a single threat actor based…
Read More
10 Mar 2026
By Mary

InfoSec News Nuggets 03/10/2026

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military ESET researchers have published a deep-dive on Russia's APT28 (Fancy Bear/Sednit), revealing that the GRU-linked group has been conducting sustained espionage against Ukrainian military personnel since April 2024 using two custom implants: BEARDSHELL, a C++-based backdoor that downloads and executes PowerShell scripts via cloud storage APIs, and a heavily modified fork of the open-source COVENANT post-exploitation framework that has been continuously adapted to abuse…
Read More
09 Mar 2026
By Mary

InfoSec News Nuggets 03/09/2026

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure Palo Alto Networks Unit 42 has published a detailed investigation into a previously undocumented Chinese threat actor cluster — designated CL-UNK-1068 — that has been quietly compromising high-value organizations across South, Southeast, and East Asia since at least 2020 with little to no detection. Targeted sectors span aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications, with the group deploying a cross-platform toolkit…
Read More
06 Mar 2026
By Mary

InfoSec News Nuggets 03/06/2026

Phobos Ransomware Leader Facing 20 Years in Prison After Pleading Guilty to Hacking Charges Evgenii Ptitsyn, the 43-year-old Russian national identified as the key developer and administrator behind the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud charges on Wednesday and is now facing up to 20 years in prison, with sentencing scheduled for July 15. Ptitsyn — who operated under the aliases "derxan" and "zimmermanx" — was arrested in South Korea and extradited to…
Read More
05 Mar 2026
By Mary

InfoSec News Nuggets 03/05/2026

Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a third facility in Bahrain, disrupting approximately 60 AWS services across the Gulf region as Iran launched retaliatory strikes following a U.S. and Israeli operation that killed Supreme Leader Ayatollah Ali Khamenei. Amazon confirmed the physical strikes, with two of the UAE's three…
Read More
04 Mar 2026
By Mary

InfoSec News Nuggets 03/04/2026

Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a third facility in Bahrain, disrupting approximately 60 AWS services across the Gulf region as Iran launched retaliatory strikes following a U.S. and Israeli operation that killed Supreme Leader Ayatollah Ali Khamenei. Amazon confirmed the physical strikes, with two of the UAE's three…
Read More
03 Mar 2026
By Mary

InfoSec News Nuggets 03/03/2026

CISA Replaces Acting Director After a Bumbling Year on the Job The Trump administration has ousted Madhu Gottumukkala as acting director of the Cybersecurity and Infrastructure Security Agency, replacing him with Nick Andersen, the agency's former top cybersecurity official, after a turbulent tenure marked by reports of Gottumukkala uploading sensitive government documents to a public version of ChatGPT, failing a counterintelligence polygraph, and presiding over the departure of at least one-third of the agency's workforce…
Read More
02 Mar 2026
By Mary

InfoSec News Nuggets 03/02/2026

South Korea's National Tax Service Accidentally Exposes Crypto Wallet Seed Phrase, $4.8M Stolen Twice South Korea's National Tax Service inadvertently published an unredacted photo of a seized Ledger hardware wallet's mnemonic recovery phrase in a press release touting a successful tax enforcement action against 124 high-value delinquents. Within hours, an attacker funded the wallet with ETH to cover gas fees and drained 4 million PRTG tokens valued at approximately $4.8 million in three transactions. In…
Read More