Securityish
@securityish.bsky.social
๐ค 7
๐ฅ 28
๐ 186
๐ Cybersecurity news made simple. โ๏ธ newsletter.securityish.com ๐ securityish.com
A misconfiguration in AWS CodeBuild, identified as CodeBreach, allowed potential attackers to take over AWSโs GitHub repositories, including the AWS JavaScript SDK.
securityish.com/security_br...
loading . . .
AWS CodeBuild Misconfiguration Exposes GitHub Repositories to Supply Chain Risks
A misconfiguration in AWS CodeBuild, identified as CodeBreach, allowed potential attackers to take over AWS's GitHub repositories, including the AWS JavaScript SDK. This vulnerability, discovered on August 25, 2025, was fixed by AWS in September 2025
https://securityish.com/security_brief/aws-codebuild-misconfiguration-exposes-github-repositories-to-supply-chain-risks/
9 days ago
0
0
0
๐ DDoS (Distributed Denial of Service): An attack that floods a target with excessive traffic from many devices, overwhelming systems and making services slow or unavailable.
9 days ago
0
0
0
๐ Enable purchase alerts. Fraud hates speed.
11 days ago
0
0
0
๐ Defense-in-Depth: A security strategy that layers multiple protective controls so if one fails, others still reduce risk or block the attack.
12 days ago
0
0
0
A Dutch appeals court confirmed a seven-year prison sentence for a man who hacked port IT systems to assist cocaine smugglers.
securityish.com/security_br...
loading . . .
Dutch Court Upholds Seven-Year Sentence for Port Hacker Involved in Cocaine Smuggling
A Dutch appeals court confirmed a seven-year prison sentence for a man who hacked port IT systems to assist cocaine smugglers. The defendant was convicted of computer hacking, cocaine importation, and attempted extortion after using malware-laden USB
https://securityish.com/security_brief/dutch-court-upholds-seven-year-sentence-for-port-hacker-involved-in-cocaine-smuggling/
12 days ago
0
0
0
From July to December 2025, botnet Command & Controller (C&C) activity rose by 24%, with Remote Access Trojans (RATs) making up 42% of the top 20 malware linked to botnets.
12 days ago
1
0
0
๐ Set up account recovery now. Future-you will be locked out without it.
12 days ago
0
0
0
๐๐ฐ Our weekly cybersecurity news briefing is free and takes five minutes to read. It keeps you ahead of scams, breaches, and privacy risks. Subscribe here:
newsletter.securityish.com
12 days ago
0
0
0
๐จ Hackers claim to have stolen internal source code from Target Corporation.
#cybersecurity
#target
#infosec
securityish.com/security_br...
loading . . .
Target's Git Server Taken Offline After Alleged Source Code Theft
Hackers claim to have stolen internal source code from Target Corporation, posting samples on Gitea. The repositories included over 57,000 lines of code and were advertised as part of an 860 GB dataset for sale. Following inquiries from BleepingCompu
https://securityish.com/security_brief/targets-git-server-taken-offline-after-alleged-source-code-theft/
12 days ago
0
0
0
๐ Code Injection: An attack where malicious code is inserted into a legitimate program or system so it executes unintended commands or actions.
13 days ago
0
0
0
As AI tools like Claude and ChatGPT Health become integrated into healthcare, users should remain vigilant about the accuracy of the information provided. Both platforms acknowledge their limitations and advise users to consult healthcare professionals for personalized guidance.
#health
#security
loading . . .
Anthropic Launches Claude AI for Healthcare with Secure Record Access
On January 12, 2026, Anthropic introduced Claude for Healthcare, enabling U.S. subscribers to connect their health records securely. This feature allows Claude to summarize medical histories, explain test results, and prepare questions for doctor vis
https://securityish.com/security_brief/anthropic-launches-claude-ai-for-healthcare-with-secure-record-access/
13 days ago
0
0
0
๐จ BREAKING: Malaysia and Indonesia have suspended access to the social network X due to its failure to prevent the creation of non-consensual sexual deepfakes.
securityish.com/security_br...
13 days ago
0
0
0
In 2025, the number of active Phishing-as-a-Service (PhaaS) kits doubled, allowing less-skilled attackers to conduct sophisticated phishing campaigns.
#cybersecurity
#security
#phishing
#saas
13 days ago
0
3
0
Instagram has addressed claims of a data leak affecting over 17 million accounts, stating that a bug allowed external parties to request password reset emails.
securityish.com/security_br...
loading . . .
Instagram Denies Data Breach Amid Claims of 17 Million Accounts Leaked
Instagram has addressed claims of a data leak affecting over 17 million accounts, stating that a bug allowed external parties to request password reset emails. Meta, Instagram's parent company, insists there was no breach of their systems and that us
https://securityish.com/security_brief/instagram-denies-data-breach-amid-claims-of-17-million-accounts-leaked/
13 days ago
0
0
0
Donโt click unknown links. Curiosity is expensive on the internet.
14 days ago
0
0
0
Europol announced the arrest of 34 individuals in Spain linked to the Black Axe criminal organization, known for various crimes including cyber fraud.
#cybercrime
#fraud
#cybersecurity
securityish.com/security_br...
loading . . .
Europol Arrests 34 Black Axe Members in Major Fraud Operation
Europol announced the arrest of 34 individuals in Spain linked to the Black Axe criminal organization, known for various crimes including cyber fraud. The operation, conducted with the Spanish National Police, resulted in damages exceeding โฌ5.93 mill
https://securityish.com/security_brief/europol-arrests-34-black-axe-members-in-major-fraud-operation/
14 days ago
0
0
0
๐ Session Hijacking: An attack where someone takes over a userโs active login session, often by stealing cookies or tokens, to access accounts without needing the password.
14 days ago
0
0
0
Poetic justice?
securityish.com/security_br...
loading . . .
BreachForums Hacking Forum Exposes 324,000 User Accounts in Data Leak
BreachForums, a hacking forum for trading stolen data, has experienced a significant data breach, leaking a user database containing 323,988 accounts. The leak includes sensitive information such as member display names, registration dates, and IP ad
https://securityish.com/security_brief/breachforums-hacking-forum-exposes-324000-user-accounts-in-data-leak/
14 days ago
0
0
0
๐ Check your privacy settings. Youโre sharing more than you think.
14 days ago
0
0
0
A significant data breach has exposed the personal information of approximately 17.5 million Instagram users, with sensitive details now circulating on dark web forums.
#cybersecurity
#databreach
#infosec
securityish.com/security_br...
loading . . .
17.5 Million Instagram Accounts Exposed in Data Breach
A significant data breach has exposed the personal information of approximately 17.5 million Instagram users, with sensitive details now circulating on dark web forums. The breach, identified by Malwarebytes, involved an API leak that allowed unautho
https://securityish.com/security_brief/17-5-million-instagram-accounts-exposed-in-data-breach/
15 days ago
0
0
0
๐ Supply Chain Attack: A tactic where attackers compromise a third-party provider, vendor, or software dependency to infiltrate downstream organizations or users.
15 days ago
0
0
0
Europol announced the arrest of 34 individuals in Spain linked to the Black Axe criminal organization, known for various crimes including cyber fraud.
securityish.com/security_br...
loading . . .
Europol Arrests 34 Black Axe Members in Major Fraud Operation
Europol announced the arrest of 34 individuals in Spain linked to the Black Axe criminal organization, known for various crimes including cyber fraud. The operation, conducted with the Spanish National Police, resulted in damages exceeding โฌ5.93 mill
https://securityish.com/security_brief/europol-arrests-34-black-axe-members-in-major-fraud-operation/
15 days ago
0
0
0
๐ Donโt reuse passwords. One breach shouldnโt become ten.
15 days ago
0
0
0
โ ๏ธ The FBI has issued a warning about North Korean hackers, specifically the Kimsuky group, using malicious QR codes in spear-phishing campaigns targeting U.S. think tanks, academic institutions, and government entities.
#cybersecurity
#phishing
#cyberattacks
securityish.com/security_br...
loading . . .
FBI Alerts to North Korean Hackers Using QR Codes in Phishing Attacks
The FBI has issued a warning about North Korean hackers, specifically the Kimsuky group, using malicious QR codes in spear-phishing campaigns targeting U.S. think tanks, academic institutions, and government entities. This tactic, known as 'quishing,
https://securityish.com/security_brief/fbi-alerts-to-north-korean-hackers-using-qr-codes-in-phishing-attacks/
16 days ago
0
0
0
Palo Altoโs crosswalk signals were hacked last year because the city did not change the default passwords.
securityish.com/security_br...
#cybersecurity
#security
#paloalto
loading . . .
Palo Alto Crosswalk Signals Compromised Due to Default Passwords
Palo Alto's crosswalk signals were hacked last year because the city did not change the default passwords. This oversight raises significant cybersecurity concerns as it highlights vulnerabilities in public infrastructure. Such incidents can lead to
https://securityish.com/security_brief/palo-alto-crosswalk-signals-compromised-due-to-default-passwords/
16 days ago
0
0
0
Did you know we have a weekly newsletter? It is a 5 minute brief that covers breaches, scams, privacy tips, and emerging threats. Simplified so anyone can understand what matters and why. Subscribe:
newsletter.securityish.com/
loading . . .
Securityish
Cybersecurity news made simple.
https://newsletter.securityish.com/
16 days ago
0
0
0
๐ Credential Stuffing: An attack where stolen usernames and passwords are automatically tested across many websites in hopes that people reused the same login.
16 days ago
0
0
0
๐ Use a password manager. Your brain wasnโt built for 200 logins.
16 days ago
0
0
0
CrowdStrike acquires SGNL for $740 million to enhance identity security.
16 days ago
0
1
0
๐ Botnet: A network of compromised devices remotely controlled by an attacker, often used for spam, DDoS attacks, credential stuffing, or other automated malicious activity.
17 days ago
0
0
0
โ ๏ธ Microsoft will enforce multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting February 9, 2026.
#security
#microsoft
securityish.com/security_br...
loading . . .
Microsoft Enforces MFA for Microsoft 365 Admin Center Sign-Ins Starting February 2026
Microsoft will enforce multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting February 9, 2026. This requirement, which began rolling out in February 2025, aims to enhance security by preventing unauthorized
https://securityish.com/security_brief/microsoft-enforces-mfa-for-microsoft-365-admin-center-sign-ins-starting-february-2026/
17 days ago
0
0
0
BREAKING: China has hacked email systems used by congressional staff on key committees in the US House of Representatives as part of a cyber espionage campaign known as Salt Typhoon.
17 days ago
0
0
0
โ ๏ธ New research shows IBMโs AI Agent Bob vulnerable to malware execution risks.
17 days ago
0
0
0
๐จ A severe vulnerability known as Ni8mare (CVE-2026-21858) allows remote attackers to take control of n8n servers, affecting over 100,000 instances.
17 days ago
0
0
0
โ ๏ธโ ๏ธโ ๏ธ
securityish.com/security_br...
loading . . .
Black Cat Cybercrime Group Targets Users with SEO Poisoning Malware
The Black Cat cybercrime gang has launched an SEO poisoning campaign that leads users to fraudulent sites promoting popular software, such as Notepad++. This campaign has been active since at least 2022 and has compromised approximately 277,800 hosts
https://securityish.com/security_brief/black-cat-cybercrime-group-targets-users-with-seo-poisoning-malware/
17 days ago
0
0
0
Hackers are increasingly using artificial intelligence as a tool for cybercrime, framing it as a shortcut for those lacking technical skills.
securityish.com/security_br...
#cybersecurity
#infosec
#ai
loading . . .
Hackers Embrace AI for Cybercrime: The Rise of Vibe Hacking
Hackers are increasingly using artificial intelligence (AI) as a tool for cybercrime, framing it as a shortcut for those lacking technical skills. This trend, termed 'vibe hacking,' emphasizes intuition over mastery, allowing even inexperienced indiv
https://securityish.com/security_brief/hackers-embrace-ai-for-cybercrime-the-rise-of-vibe-hacking/
18 days ago
0
0
0
Wegmanโs supermarket chain in New York City is reportedly collecting biometric information about its customers. This practice raises significant privacy concerns as it involves the use of facial recognition technology.
securityish.com/security_br...
#privacy
#security
loading . . .
Wegmanโs Supermarket Chain Collects Biometric Data from Customers
Wegmanโs supermarket chain in New York City is reportedly collecting biometric information about its customers. This practice raises significant privacy concerns as it involves the use of facial recognition technology. The implications of such data c
https://securityish.com/security_brief/wegmans-supermarket-chain-collects-biometric-data-from-customers/
18 days ago
0
0
0
๐ DNS Hijacking: An attack where DNS settings or responses are manipulated to redirect users from legitimate websites to malicious or fake ones without their knowledge.
18 days ago
0
0
0
Elon Muskโs Grok AI has been generating thousands of nonconsensual images of women in sexualized contexts on X, following reports of similar misuse involving children.
securityish.com/security_br...
#privacy
#ai
#AIsecurity
loading . . .
Grok AI Generates Nonconsensual Images, Raising Privacy Concerns
Elon Musk's Grok AI has been generating thousands of nonconsensual images of women in sexualized contexts on X, following reports of similar misuse involving children. In a review, Grok produced at least 90 bikini images in under five minutes, often
https://securityish.com/security_brief/grok-ai-generates-nonconsensual-images-raising-privacy-concerns/
18 days ago
0
0
0
In the realm of cybersecurity, understanding the concept of a threat actor is crucial for both individuals and organizations.
securityish.com/what-is-a-t...
#cybersecurity
#threatactor
#security
18 days ago
0
0
0
๐จ Sedgwick has confirmed a security breach at its subsidiary, Sedgwick Government Solutions, which serves over 20 government agencies. The TridentLocker ransomware group claims to have stolen 3.39 GB of documents and published some on their leak site.
#cybersecurity
19 days ago
0
0
0
๐ Living-off-the-Land (LOTL): A stealthy attack technique where hackers abuse built-in system tools and legitimate software to carry out malicious actions while avoiding detection.
19 days ago
0
0
0
Attackers use a fake blue screen of death (BSoD) lure to execute PowerShell commands that install DCRat, a remote access trojan.
securityish.com/security_br...
#cybersecurity
#malware
#infosec
loading . . .
Fake Booking Emails Target Hotels with DCRat Malware
A new phishing campaign named PHALT#BLYX is targeting the European hospitality sector by sending fake Booking.com emails that lead to malicious downloads. The attackers use a fake blue screen of death (BSoD) lure to execute PowerShell commands that i
https://securityish.com/security_brief/fake-booking-emails-target-hotels-with-dcrat-malware/
19 days ago
0
1
0
Email is still the easiest way in. New data: malware delivered via email is up 130% YoY (scams +30%, phishing +20%).
19 days ago
0
0
0
๐ Juice Jacking: A type of attack where compromised public USB charging ports or cables are used to steal data or install malware on a device while it is charging.
19 days ago
0
0
0
A multi-stage malware campaign, likely run by Russian threat actors, is targeting the hospitality industry using fake
Booking.com
reservation cancellation messages.
securityish.com/security_br...
19 days ago
0
0
0
Discovered in December 2025, the botnet is linked to record-setting DDoS attacks and monetizes through app installs and proxy bandwidth sales. The majority of infections are in Vietnam, Brazil, India, and Saudi Arabia.
securityish.com/security_br...
#cybersecurity
#infosec
#android
loading . . .
Kimwolf Android Botnet Infects Over 2 Million Devices Through Exposed ADB
The Kimwolf botnet has infected over 2 million Android devices by exploiting exposed Android Debug Bridge (ADB) services and residential proxy networks. Discovered in December 2025, the botnet is linked to record-setting DDoS attacks and monetizes th
https://securityish.com/security_brief/kimwolf-android-botnet-infects-over-2-million-devices-through-exposed-adb/
19 days ago
0
0
0
Google to discontinue POP3 mail fetching in Gmail by January 2026. Securityish Brief: Google will stop letting Gmail pull in emails from other inboxes using an old method in January 2026, so some people may need to update their email settings to keep everything working.
20 days ago
0
0
0
โ ๏ธ NordVPN has denied claims of a data breach after a threat actor alleged they stole over 10 databases containing sensitive information.
#cybersecurity
#vpn
#infosec
20 days ago
0
0
0
๐ Data Minimization: A privacy principle that limits data collection and retention to only what is necessary, reducing the risk and impact of misuse or breaches.
20 days ago
0
0
0
Load more
feeds!
log in
