Kevin Kosh

Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers | TechCrunch Flock said around 3% of its law enforcement customers do not use multi-factor authentication, potentially leaving dozens of law enforcement agency accounts open to compromise and improper access.

Sheep: Police plate reader tech maker Flock reaches 97% MFA enablement after FTC accuses them of not being good shepherds of customer security with default controls. 3% have "reasons". Woof. techcrunch.com/2025/11/03/l...

Heed the call of the Tacos....

F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data F5 was recently targeted by state-sponsored threat actors who managed to steal sensitive information from the company’s systems.

Refresh...Refresh...Refresh: F5 reports that nation state actors maintained long-term, persistent access to systems that revealed source code, vuln data and even some customer config and implementation data www.securityweek.com/f5-blames-na...

(Open) House Party: Envious of "party people"? Don't be. Partiful apparently lets you join, since location data of user-uploaded images is invitingly there for the taking... photos.https://techcrunch.com/2025/10/04/event-startup-partiful-wasnt-stripping-gps-locations-from-user-uploaded-photos/

SonicWall: 100% of Firewall Backups Were Breached SonicWall said the breach affected firewall configuration files for all customers using SonicWall’s cloud backup service — up from a previous 5% estimate.

SonicBoom: network security vendor's breach estimates shatter the sound (security) barrier, speeding from 5% to 100% of customers affected by a "cloud backup file incident"that exposed encrypted credentials and backup firewall configuration files. www.darkreading.com/cyberattacks...

Jaguar Land Rover Operations 'Severely Disrupted' by Cyberattack British automobile manufacturer Jaguar Land Rover (JLR) is scrambling to restore applications and operations that were impacted by a cyberattack.

One if by Land...: British automaker sees another significant ransomware attack, marking number two this year for the company, and the Jaguar maker is unable to outrun a significant operational outage. www.securityweek.com/jaguar-land-...

Dutch prosecution service attack keeps speed cameras offline : Who knew zero-days could be so useful to highway speedsters?

Screeching halt: speed cameras crash across the Netherlands due to a cyberattack on the Dutch Public Prosecution Service exploiting Citrix vulns. www.theregister.com/2025/08/15/c...

Nearly 2,000 MCP Servers Possess No Security Whatsoever Authentication in MCP — the backbone of agentic AI — is optional, and nobody's implementing it. Instead, they're allowing any passing attackers full control of their servers.

End of Line: AI customers seem without a CLU as nearly all MCP servers are exposed with no authentication checks of any kind www.darkreading.com/vulnerabilit...

750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service The Alcohol & Drug Testing Service (TADTS) says personal information was stolen in a July 2024 ransomware attack.

High and Dry: Alcohol and Drug Testing Service gets smoked by ransomware gang, losing PII on more than 750K individuals. www.securityweek.com/750000-impac...

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’ Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

Not lovin it...: Researchers find an unhappy meal of 64 million records containing candidate chats with McDonald's AI hiring chatbot, driving thru the data with a kids meal password of 123456. www.wired.com/story/mcdona...

Steel Giant Nucor Confirms Data Stolen in Cyberattack America's largest steel producer initially disclosed the breach in May and took potentially affected systems offline to investigation the intrusion and contain any malicious activity.

American Steal: Largest stateside producer, Nucor, reports the theft of "internal data" via system compromise. www.darkreading.com/cyberattacks...

Controversial Firms Cellebrite and Corellium Announce $200 Million Acquisition Deal Cellebrite and Corellium, whose names have been mentioned in spyware stories, are joining forces to provide advanced investigative solutions.

Spy purchase Spy: Surveillance boaster child Cellebrite acquires US-based Corellium for $200M www.securityweek.com/controversia...

35,000 Solar Power Systems Exposed to Internet Forescout has analyzed the prevalence of internet-exposed solar power devices and shared a list of the top vendors and devices.

Sun burned: Researchers shine a harsh light on more than 90 unscreened vulnerabilities in the management interfaces of solar power system management interfaces. www.securityweek.com/35000-solar-...

Thousands Hit by The North Face Credential Stuffing Attack Threat actors steal personal information from thenorthface.com user accounts in a recent credential stuffing campaign.

Punch to the Face: cred stuffing attack hits major sports apparel brand as the trend in retail security overall seems to be going south. www.securityweek.com/thousands-hi...

Cartier discloses data breach amid fashion brand cyberattacks Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised.

A Rough in the Diamond: luxury jewelry brand Cartier discloses heist of basic PII in which a 3rd party gained access to systems, but light on details. www.bleepingcomputer.com/news/securit...

That clacking little thing is a gateway drug right back into rotary phones.

I need that chalice...

Vulnerability exposes Raw dating app user information TechCrunch reports that Raw a dating app touting more authentic interactions that has amassed over 500,000 Android installations since its launch two years ago has been impacted by an insecure direct ...

Open relationship: vuln in Raw dating app lays bare sensitive info including PII, sexual preference and even location details. www.scworld.com/brief/vulner...

Non-hackers could be accidentally invited to coffee....

Hertz says customers' personal data and driver's licenses stolen in data breach | TechCrunch The car rental giant attributed the breach to Cleo, whose customers had data stolen by a ransomware gang in 2024.

The truth Hertz: Rental giant shifts gears regarding cyberattack on a 3rd party partner in late 2024, now saying significant customer PII was taken in multiple countries techcrunch.com/2025/04/14/h...

Let's all be careful out there today. #WWAAD

Poultry Company Reports $1M Loss After Cyberattack The company reports that no sensitive information was breached or stolen in the cyber intrusion and that its operations are running normally again.

It hacks like chicken: South African poultry producer suffers more than $1M loss in profits due to an undisclosed cyberattack www.darkreading.com/cyberattacks...

Tomcat CVE-2025-24813: What You Need to Know

A lot of noise is swirling around this Apache Tomcat RCE chain—but should you be worried? Our security researcher Jon Williams breaks it down.

Subscribe to our blog for all the latest updates: bishopfox.com/blog

a cybersecurity bracket looking at red team tools? Count me in.

Horror Movie Trope:

Tired: Friday, Feb 13 - Let's go question that shadowy figure in the woods

Wired: Friday, Feb 14: Let's go question my wife about a decision she made

GrubHub data breach impacts customers, drivers, and merchants ​Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, merchants, and drivers after attackers breached its systems using a ser...

Get your Grubby hands off my data: Attackers snatch basic PII from food delivery go to via a 3rd party contractor. Could present a tasty meal for phishers. www.bleepingcomputer.com/news/securit...

They banned them all...

They just remove the seatbelt after they white label it from the airlines.

a man with a beard stands in front of a sign that says 6 10 3 and 6 ALT: a man with a beard stands in front of a sign that says 6 10 3 and 6

@mattjay.com Ask McGee what his streak is at.

a close up of a man 's face with the year 2015 fox in the corner ALT: a close up of a man 's face with the year 2015 fox in the corner

Mine is still out there....