What is a data breach in cyber security — Table of ContentsContinue reading on Medium »

Vulnerabilities in Local Infrastructure and the Strategic Realignment Toward ‘Managed Decentralization’Continue reading on Medium »

How I built a malware analysis pipeline using CAPEv2 sandbox reports, Random Forest classification, SHAP explanations, MITRE ATT&CK…Continue reading on Medium »

There is a point in the lifecycle of every security researcher and infrastructure architect where standard naming conventions die a quiet…Continue reading on Medium »

There’s a particular kind of meeting that happens in engineering teams right now. Someone demos an AI agent, it browses the web, reads a…Continue reading on AIDefense Log »

The Role Devices Play in Business SecurityContinue reading on Medium »

VPNs come up constantly in Service Desk calls. Users either call in because they cannot connect to one, or because they cannot access…Continue reading on Medium »

This is a walkthrough of the CyberDefenders “OpenWire” challenge, where I turned a noisy packet capture into a full attack story, from…Continue reading on Medium »

When a training crawler visits your site, it knocks first.Continue reading on Medium »

submitted by /u/antdude [link] [comments]

I’m on a personal Windows 11 PC that was previously managed by my employer before I left. It is no longer domain joined, and gpresult /r shows no applied Computer or User GPOs (Local Group Policy also reports as empty). Recently I noticed that Tamper Protection is grayed out and says: “This setting is managed by your administrator.” I’ve spent several hours troubleshooting and I’m trying to determine whether this is leftover enterprise management, a Windows servicing issue, or something else. What I’ve checked: gpresult /r No applied Computer or User GPOs. Local Group Policy reports as empty. Defender status (Get-MpComputerStatus): AMRunningMode : Normal AntivirusEnabled : True RealTimeProtectionEnabled : True IsTamperProtected : False TamperProtectionSource : E3 transition Defender preferences (Get-MpPreference): DisableTamperProtection : True DisableRealtimeMonitoring : False DisableBehaviorMonitoring : False PUAProtection : 1 No Defender exclusions configured. From what I’ve been told, these values are basically the “truth commands” for Defender, and they seem to indicate that Defender itself is fully operational except for Tamper Protection. Defender services: WinDefend running (Automatic) SecurityHealthService running Security app package is installed and healthy. Registry: Removed old values under: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager The key now exists but is completely empty. HKLM\SOFTWARE\Microsoft\Windows Defender\Policy Manager does not exist. Attempting to manually set: HKLM\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection to 5 results in: “Cannot edit TamperProtection: Error writing the value’s new contents.” SFC / DISM: DISM /Online /Cleanup-Image /RestoreHealth fails with: 0x800f0915 - The repair content could not be found anywhere. sfc /scannow reports corrupt files that it cannot repair. Looking through CBS.log, the only corruption I can find appears to be: MSBuild.exe msbuild.exe.config Both are reported as missing from the component store and referenced by a KB package. Other notes: Malwarebytes and Defender scans are clean. Autoruns, scheduled tasks, and services don’t show anything suspicious. No Defender exclusions are configured. I don’t recall using any Defender tweaking utilities or debloat scripts. Has anyone seen a formerly work-managed PC get stuck with: TamperProtectionSource : E3 transition DisableTamperProtection : True IsTamperProtected : False while Defender itself remains fully functional? Does this sound like leftover Intune/Defender for Endpoint management, or is this more likely a Windows component store issue that would be best fixed with an in-place repair install? Any insight would be appreciated. I’ve spent a lot of time verifying that Defender itself appears healthy, and I’m trying to determine whether this is a servicing issue rather than an actual security compromise. submitted by /u/Huge-Connection7195 [link] [comments]

A client handed me SSH access to a server they’d been running for two years.Continue reading on Medium »

5-min read · Curated daily by an AI Systems Architect Focus: AI platform wars, agentic safety and consumer AIContinue reading on Medium »

IntroductionContinue reading on Medium »

If you’ve worked with Jenkins Pipelines, you’ve probably seen recommendations to use single quotes ('...')Continue reading on Medium »

Ive been in the industry for around 6 years now, when I was much younger every second of my free time was spent learning computers as a whole and continuously tinkering with things like networking, pentesting, etc. Now after 6 years, I want to spend my time AWAY from the computer. Im writting this to ask, how do you all continue to advance your skills if youre in a similar boat, for me, my day-to-day work continues to challenge me and make me a better engineer. But, often times I wish I had the passion I used to. tldr: how do you continue to advance your skills after many years in the field submitted by /u/FragileEagle [link] [comments]

i’m an msc cybersecurity student and my final project is coming up i honestly have no idea what to do. i enjoy cloud and have a couple of certifications around it, so maybe something related to cloud security, but i’m not sure i’m feeling pretty confused about what makes a good master’s project and what’s actually achievable within a few months would be really if y’all could put some suggestions, thank you! edit : i’ve done an internship in vapt before and realized it’s not really the area i want to focus on submitted by /u/gigizai [link] [comments]

So I'm taking a look at getting a cybersec certificate, and I was directed away from sans.org and towards sans.edu instead to look for one. I'm hoping to get this covered under the WIOA program, but I have yet to find out, just submitted my application. I see they have both Cybersecurity Fundamentals and Applied Cybersecurity certificates available. I'm 22, have a decent way of working around most basic computer troubleshooting knowhow, but I am still very much not educated in any code-related things. I have ever only taken one Network+ course, and didnt retain much, but I can easily pick up new content. Having said that, whats the advice for a cert, CSF or ACS? Would the ACS teach me the same things that I would learn with a CSF, but just more condensed, or would I be missing some key fundamental concepts from the CSF by skipping over it? submitted by /u/questiem [link] [comments]

SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. The company is a U.S.-based financial technology company that offers banking, investing, loans, and other personal finance services. The company also operates SoFi Hong Kong, which provides investment and securities services to customers in the region. In emails sent to customers and shared with BleepingComputer, SoFi said it discovered the incident on April 30, 2026, after detecting unauthorized access to a database of SoFi Securities (Hong Kong) Limited via one of its vendors. After discovering the incident, they engaged with a third-party cybersecurity firm to respond. The company says its investigation is ongoing and that it still does not know which specific data may have been exposed. "We do not yet have complete information about the scope and impact of the incident, or whether (and, if so, which categories of) your personal data was involved," reads the email sent to SoFi customers. "We are actively reviewing the situation and taking extra precautions to keep your account secure." Email sent to SoFi Hong Kong customers Source: BleepingComputer In a statement shared with BleepingComputer, a SoFi spokesperson confirmed the breach but declined to answer additional questions regarding the incident, including how many customers were affected, whether the company was extorted, or the identity of the third-party vendor involved. While SoFi has not disclosed what information may have been exposed, the company warned customers to remain vigilant for phishing attempts, suspicious communications, and unusual account activity. The company also advised customers to update passwords, enable two-factor authentication where possible, monitor financial accounts for suspicious activity, and avoid opening links or attachments in unsolicited emails or messages. SoFi says it has added additional safeguards and monitoring to affected accounts and may request additional verification information from customers who contact support or make account changes. The company provided a Hong Kong support line (+852 26938888) and email address (hello@sofi.hk) for customers seeking additional information. submitted by /u/Current-Attention-29 [link] [comments]

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents. submitted by /u/rkhunter_ [link] [comments]

An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict. submitted by /u/rkhunter_ [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

Hey hey : )Continue reading on Medium »

Deployment of a 24/7/365 Security Operations Center (SOC) management service ensures continuous monitoring.Continue reading on Medium »

Every API gateway in the known digital seas has the same rule: no ship enters without the password.Continue reading on Medium »

Published by All Star Security Services | San Francisco Bay AreaContinue reading on Medium »

Verizon's 2026 Data Breach Investigations Report dropped and a few numbers stand out: - Vulnerability exploitation now 31% of initial access, surpassing stolen credentials for the first time in 19 years of the report - Human element still present in 62% of breaches (up from 60%) - Mobile-centric social engineering up 40% year over year - Shadow AI use by employees tripled to 45% - Third-party / supply chain involvement jumped 60%, now in 48% of breaches The mobile social engineering jump is the one I find most interesting. As people get better at spotting traditional email phishing, attackers are pivoting to SMS, voice, and messaging apps, and that's where most awareness programs still have the biggest gap. Where do you think the next investment should go: patching cadence, layered controls on mobile, expanding awareness beyond email, or something else? submitted by /u/masterm1nd_game [link] [comments]

In today’s fast-paced digital world, stress has become a constant companion especially for digital marketers. Whether it’s managing…Continue reading on Medium »

The Problem..Continue reading on Medium »

My team and I have been talking about this for the last 6 months during our RFP process. We recently purchased a new SIEM. All of vendor the training videos has been using the pronunciation "SEEM". I now look like a fool because I would always tell them it was pronounced "SIM". Now, it looks like we need to restart our entire RFP process..... submitted by /u/xcsas [link] [comments]

submitted by /u/MysteriousAbility748 [link] [comments]

Hi everyone, I’m currently working on PCI DSS 4.0 requirement 11.6.1 validation for a payment page that contains payment buttons and client-side scripts. Our objective is to verify that both F5 Distributed Cloud Client-Side Defense and Radware Client-Side Protection are able to detect: Unauthorized modifications to HTTP headers or script delivery. Client-side tampering attacks affecting payment page components. Changes to JavaScript resources that should trigger an alert from the monitoring solutions. I’m specifically looking for practical testing methodologies, lab guides, or Burp Suite techniques that can be used to simulate these scenarios in a controlled environment. For tampering tests, I’ve found some basic Burp Suite examples, but I’d like to know: How do you typically test PCI DSS 11.6.1 in real assessments? What client-side modifications have successfully triggered F5 or Radware detections? Are there recommended attack scenarios for validating script integrity monitoring? Have you used Burp Suite, browser developer tools, MITM proxies, or custom JavaScript injections to simulate unauthorized changes? Any guidance, test cases, references, or lessons learned would be greatly appreciated. Environment: Payment page with hosted payment buttons, testing performed in a non-production environment. Goal is to generate valid PCI DSS 4.0 Requirement 11.6.1 evidence and confirm detection capabilities of both F5 Client-Side Defense and Radware Client-Side Protection. Thanks! submitted by /u/Jeremy_G224 [link] [comments]

Exactly the title. The traditional app sec pen testing and pen testing an AI agent are different things. I know the underlying vulnerability is still same but the way you attack and get it exposed are different. Example: Social Engineering. You need to be good at that to be able to test properly. I am just curious, how teams are up skilling? Any tools you are using that assist you in testing or something else? submitted by /u/Ecstatic-Night4222 [link] [comments]

submitted by /u/Altruism7 [link] [comments]

yo, wrote a blog regarding a macOS/Windows malware dubbed SstarAgent RAT deployed through fake job interview campaigns. Distribution relies on installing malicious npm package. submitted by /u/Few-Calligrapher2797 [link] [comments]

Their process is super similar, target game devs, inject into their pipeline. Once they're in they get kernel access, then seem to be using metasploit in IoT devices for more persistence. They push a spoofed Windows update from their C2 on port 80 that quickly forces updates into the firmware on new devices. The malware itself hollows out vswhere, exploits unity hub and svchost plus many other PIDs. The credential harvesting happens every time you click play in unity editor (haven't tested the build exe yet). Their process is such a wide net. The suspected folks are also releasing their own games and demos right now on steam. I filed an IC3 report into the void, but what's the best/safest way to bundle the info for the companies affected? Or just share it with HybridAnalysis or similar sites? I'm new to the world of malware and hope to drop the info and get back to game dev honestly. Any help is super appreciated submitted by /u/-ConsciousObserver [link] [comments]

https://www.helpnetsecurity.com/2026/06/08/cisa-patch-actively-exploited-solarwinds-serv-u-dos-vulnerability-cve-2026-28318/ submitted by /u/sunychoudhary [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

The worm initially struck the redhat-cloud-services npm namespace by compromising a Red Hat employee’s GitHub account. It skipped the npm registry entirely for several targets, planting a payload runner straight into multiple public repos. The dropper then automatically executes when an infected repository is cloned and opened inside AI dev tooling like Claude Code, Gemini CLI and Cursor. The self-replicating worm fully spread into Microsoft's GitHub orgs. Over 70 repositories are already known to be compromised and subsequently disabled by GitHub. If you click into the below repos you'll still see the same error notification for entire weekend. This includes core tools like Azure/azure-functions-host and the entire ecosystem surrounding durabletask (spanning .NET, Go, Java, JS, MSSQL, and Python). Short blog post on the Miasma malware: https://cloudsmith.com/blog/miasma-worms-path-of-destruction submitted by /u/ExtensionSuccess8539 [link] [comments]

Meta says roughly 20,000 Instagram accounts may have been hacked in a recent attack abusing an AI-powered account recovery support tool. submitted by /u/rkhunter_ [link] [comments]

https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html submitted by /u/sunychoudhary [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]

submitted by /u/InvestigatorSoft5764 [link] [comments]