09 Feb 2026
By Mary

InfoSec News Nuggets 02/09/2026

Please Don’t Feed the Scattered Lapsus ShinyHunters This piece profiles an extortion crew (“SLSH”) that pairs data theft with direct, personal harassment of executives and their families, including threats and swatting. The reporting highlights that the group’s behavior is less predictable than traditional ransomware operations, which increases risk if a victim engages. A key takeaway is that even limited back-and-forth can escalate pressure tactics quickly, so crisis comms and executive protection planning matter alongside technical…
Read More
29 Jan 2026
By Mary

InfoSec News Nuggets – 01-29-2026

Fortinet Patches Actively Exploited FortiCloud SSO Zero-Day (CVE-2026-24858) Fortinet has begun releasing security updates to address CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to bypass FortiCloud single sign-on (SSO) authentication and gain administrative access to FortiGate firewalls. The flaw, rated CVSS 9.4, was actively exploited in the wild by two malicious FortiCloud accounts before being blocked on January 22, 2026. Attackers created unauthorized admin accounts and modified VPN configurations on fully patched devices, indicating…
Read More
25 Oct 2024
By Mary

InfoSec News Nuggets 10/25/2024

Millions affected in major health data breach caused by a missing password Researchers from Cybernews have reported finding a huge database containing sensitive customer information from the Mexican healthcare sector left unprotected online. The team discovered a misconfigured Kibana instance with a “tremendous volume” of information, later attributed to eCaresoft, a software company behind two cloud-based Hospital Information Systems - Cirrus and Anytime. These platforms are used by more than 65 hospitals, 110 outpatient care centers, and…
Read More
23 Aug 2024
By Mary

InfoSec News Nuggets 8/23/2024

FCC Slaps Telecom Firm With $1M Fine for Spreading Fake Biden Robocall The Federal Communications Commission has fined Lingo Telecom $1 million for transmitting robocalls impersonating President Joe Biden earlier this year, where an AI replica of Biden's voice was used to trick and persuade voters in the New Hampshire primary election not to go to the polls. Lingo Telecom mislabeled and distributed the robocalls, which were commissioned by a former political consultant who now faces a $6 million…
Read More
19 Jul 2024
By Mary

InfoSec News Nuggets 7/19/2024

‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years An elusive and highly covert Chinese hacking group tracked as GhostEmperor — notorious for its sophisticated supply-chain attacks targeting telecommunications and government entities in Southeast Asia — has been spotted for the first time in more than two years. And according to the researchers, the group has gotten even better at evading detection. Cybersecurity company Sygnia, in a report published Wednesday, said it…
Read More
31 Oct 2023
By Mary

InfoSec News Nuggets 10/31/2023

AI doomsday warnings a distraction from the danger it already poses, warns expert Focusing on doomsday scenarios in artificial intelligence is a distraction that plays down immediate risks such as the large-scale generation of misinformation, according to a senior industry figure attending this week’s AI safety summit. Aidan Gomez, co-author of a research paper that helped create the technology behind chatbots, said long-term risks such as existential threats to humanity from AI should be “studied…
Read More
07 Dec 2021
By Mary

InfoSec News Nuggets 12/07/2021

SolarWinds hackers have a whole bag of new tricks for mass compromise attacks Almost exactly a year ago, security researchers uncovered one of the worst data breaches in modern history, if not ever: a Kremlin-backed hacking campaign that compromised the servers of network management provider SolarWinds and, from there, the networks of 100 of its highest-profile customers, including nine US federal agencies. Nobelium—the name Microsoft gave to the intruders—was eventually expelled, but the group never gave up…
Read More
13 Sep 2021
By Mary

InfoSec News Nuggets 09/13/2021

Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware Symantec, part of Broadcom Software, has linked the recently discovered Sidewalk backdoor to the China-linked Grayfly espionage group. The malware, which is related to the older Crosswalk backdoor (Backdoor.Motnug) has been deployed in recent Grayfly campaigns against a number of organizations in Taiwan, Vietnam, the United States, and Mexico. A feature of this recent campaign was that a large number of targets were in the telecoms sector. The…
Read More
01 Apr 2021
By Mary

InfoSec News Nuggets 04/01/2021

Research shows Google collects 20x more data from Android than Apple collects from iOS Tech companies have been talking more about privacy in recent years, and Apple proudly says that it protects user data more than anyone else. This week, new research by Douglas Leith from Trinity College showed that Google collects up to 20 times more data from Android users compared to the data Apple collects from iOS users.  As reported by Ars Technica, the…
Read More
23 Mar 2021
By Mary

InfoSec News Nuggets 03/23/2021

Popular remote lesson monitoring program could be exploited to attack student PCs Researchers have uncovered a slew of critical vulnerabilities in remote monitoring software -- an incident made worse as it could impact student safety and privacy.  On Monday, McAfee disclosed the existence of multiple security holes in Netop Vision Pro, popular monitoring software adopted by schools for teachers to control remote learning sessions. The software is marketed for teachers to keep control of lessons. Features include…
Read More
24 Feb 2021
By Mary

InfoSec News Nuggets 02/24/2021

Cybersecurity and online gaming: Don’t be a victim The proliferation of technology and internet connectivity has made it possible for people to seek out most things online, and gaming and gambling are not exceptions. In addition to online video games, social media, music, and video streaming, there are also online casinos and gambling for real money. Well, for gambling in the USA there are state laws to mind, but in some states online gambling is…
Read More
07 Jan 2021
By Mary

InfoSec News Nuggets 01/07/2021

Watch a Robot Dog Learn How to Deftly Fend Off a Human STUDY HARD ENOUGH, kids, and maybe one day you’ll grow up to be a professional robot fighter. A few years ago, Boston Dynamics set the standard for the field by having people wielding hockey sticks try to keep Spot the quadrupedal robot from opening a door. Previously, in 2015, the far-out federal research agency Darpa hosted a challenge in which it forced clumsy humanoid robots to…
Read More
23 Dec 2020
By Mary

InfoSec News Nuggets 12/23/2020

2,000 Parents Demand Major Academic Publisher Drop Proctorio Surveillance Tech On Friday, digital rights group Fight for the Future unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware.” As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio,…
Read More
15 Dec 2020
By Mary

InfoSec News Nuggets 12/15/2020

Microsoft, FireEye confirm SolarWinds supply chain attack Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.  FireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and…
Read More