Check out today's Metacurity to catch up on the crucial infosec developments you might have missed over the weekend, including
--StopICE platform reportedly hit by a breach, 100k users' data exposed,
--Hot social media site for AI agents Moltbook left APIs exposed,
--28 malicious skills are targeting Claude Code and Moltbot users
--Russian Legion warned Denmark of large-scale cyberattack,
--Notepad++ is probing reported security incidents,
--US DoJ seized pirated content domains,
--The Vladimir Bread Factory in Russia was knocked out by cyber incident,
--Jeffrey Epstein had a personal hacker,
--175k exposed Ollama hosts are operating without guard rails,
--Coupang CEO was grilled for 12 hours by Korean cops,
--DHS is using Palantir AI to sort immigration tips,
--Step Finance was compromised in $27m breach,
--CrossCurve lost $3m in security exploit,
--Bangladesh Jamaat-e-Islami claims its X account was hacked,
--Google violated its own AI policy in helping Israel analyze drone footage,
--One home honeypot caught few hackers,
--Musk intentionally forced xAI to produce sexualized material
https://www.metacurity.com/stopice-platform-reportedly-hit-by-a-breach-100k-users-data-exposed-to-us-feds/
So, it's really going to happen. My next book to be published by Wiley is slated for release in April.
I have analyzed some high-profile cyber incidents and mapped them to the outcomes in the NIST 2.0 Framework.
The goal is to give real-world relevance to what can sometimes be dry but absolutely necessary cybersecurity fundamentals that all defenders should take to heart.
Even more exciting is that Wiley will be offering corporate and government purchasers some interesting options for their employees, customers, and clients. Stay tuned! Lots more to come.
Check out today's Metacurity to catch up on the crucial infosec developments you might have missed over the weekend, including
--StopICE platform reportedly hit by a breach, 100k users' data exposed,
--Hot social media site for AI agents Moltbook left APIs exposed,
--28 malicious skills are targeting Claude Code and Moltbot users
--Russian Legion warned Denmark of large-scale cyberattack,
--Notepad++ is probing reported security incidents,
--US DoJ seized pirated content domains,
--The Vladimir Bread Factory in Russia was knocked out by cyber incident,
--Jeffrey Epstein had a personal hacker,
--175k exposed Ollama hosts are operating without guard rails,
--Coupang CEO was grilled for 12 hours by Korean cops,
--DHS is using Palantir AI to sort immigration tips,
--Step Finance was compromised in $27m breach,
--CrossCurve lost $3m in security exploit,
--Bangladesh Jamaat-e-Islami claims its X account was hacked,
--Google violated its own AI policy in helping Israel analyze drone footage,
--One home honeypot caught few hackers,
--Musk intentionally forced xAI to produce sexualized material
https://www.metacurity.com/stopice-platform-reportedly-hit-by-a-breach-100k-users-data-exposed-to-us-feds/
So, it's really going to happen. My next book to be published by Wiley is slated for release in April.
I have analyzed some high-profile cyber incidents and mapped them to the outcomes in the NIST 2.0 Framework.
The goal is to give real-world relevance to what can sometimes be dry but absolutely necessary cybersecurity fundamentals that all defenders should take to heart.
Even more exciting is that Wiley will be offering corporate and government purchasers some interesting options for their employees, customers, and clients. Stay tuned! Lots more to come.
Check out today's Metacurity for the critical infosec developments you should know, including
--European authorities dismantle the Cryptomixer service,
--Indian government wants smartphone makers to preload state-owned security app,
--Indian government wants to bar comms apps from working on SIM-less devices,
--Korea launches probe into Coupang breach and threatens punitive damages,
--DPRK hackers target S. Koreans with fake tax invoices,
--Malware-laden ShadyPanda extensions reach 4.3m installs,
--MuddyWater created malware disguised as Snake video game,
--Google issues fixes for two Android zero days,
--Saporo raises $8.1m in Series A round,
--Mirror Security raises $2.5m in pre-seed round,
--UK ICO probes mobile games for child privacy fails,
--Coupang removed an apology post after only two days
https://www.metacurity.com/european-authorities-dismantle-cryptomixer-service/
Human-centered identity systems were never designed for the coming wave of autonomous AI agents. With identity failures the leading cause of most major cyber incidents, CISOs must quickly rethink how to account for the identities of new AI agents.
Check out my latest CSO piece.
Many thanks to Jim Alkove of Oleria, Ric Smith of Okta, Steve Stone of SentinelOne, Pete Clay of Aireon, Vijay Gajjala of Oleria, Carey Frey of TELUS, and Ely Kahn of SentinelOne.
Rethinking identity for the AI era: CISOs must build trust at machine speed
https://www.csoonline.com/article/4089732/rethinking-identity-for-the-ai-era-cisos-must-build-trust-at-machine-speed.html
Even as much of the internet is inaccessible right now, Metacurity appears unaffected. So check out today's issue for the most critical infosec developments you should know, including
--CISA says it will rebuild with more staff in 2026 to rectify cuts in 2025,
--Microsoftβs Azure cloud computing service was hit with 15.7 Tbps DDoS attack,
--Russian telecom Protei was hacked and site defaced,
--Companies warn of inflexibility if UK bans ransom payments,
--A crew of companies reject efforts to weaken encryption,
--460k FTSE compromised credentials found on the web,
--GAO says DoD ignores publicly accessible digital information for its personnel and ops,
--Attack on PA Attorney General's offices exposed SSNs and medical info,
--Eurofiber France was hit by a data breach,
--Mate raises $15.5M in seed round,
--Meta promises to protect customers' Reels IP,
--Alphabet CEO says don't blindly trust AI,
--Mobile customer died due to out-of-date software,
--ICE gets to track all of us around the country
https://www.metacurity.com/cisa-says-it-will-rebuild-with-more-staff-in-2026-to-redress-cuts-in-2025/
So my other big piece of the day is an inside look at the struggle for the future of the CVE program that just went live at CyberScoop.
Many thanks to Jay Jacobs of Empirical Security, Nick Leiserson of the Institute for Security and Technology, Mitchel Herckis of Wiz, Brian Fox of Sonatype, Peter Allor of the CVE Foundation, Ben Edwards of Bitsight and a few experts who go unnamed for their insight.
https://cyberscoop.com/cve-program-funding-crisis-nvd-cisa-alternatives/
This has only happened once before, but today I have two big stories appearing in two publications.
The first, an exclusive which just kind of dropped in my lap, is my latest CSO piece, which reports that foreign threat actors infiltrated the Kansas City National Security Campus (KCNSC), a manufacturing facility that produces roughly 80% of the non-nuclear parts in the nationβs nuclear weapons stockpile.
Experts say this incident underscores the need to protect operational technology from exploits that primarily affect IT systems.
Many thanks to the team at @resecurity@mastodon.socialspill.com, Jen Sovada at Claroty, and a few others who go unnamed, for their insight.
My second piece of the day will go live at 9 am. Stay tuned!
https://www.csoonline.com/article/4074962/foreign-hackers-breached-a-us-nuclear-weapons-plant-via-sharepoint-flaws.html
Looks like Trump's border nightmares didn't keep that many people away from Black Hat. About 20K attended in person, on par with last year.
https://www.businesswire.com/news/home/20250813362674/en/Black-Hat-USA-2025-Announces-Successful-Close-to-Cybersecurity-Event-in-Las-Vegas
Don't miss today's Metacurity for the most critical infosec developments you should know, including
--Russia implicated in hack of federal court system documents,
--US has secretly placed tracking devices in advanced chips,
--UK will expand live police facial recognition,
--Microsoft fixes over 100 flaws on Patch Tuesday,
--Hackers issued fake nuclear warnings on Moscow buses,
--National Public Data comes back to life,
--Hackers leaked data on 2.8m Allianz Life customers,
--China worries over AI processor backdoors,
--Privacy-focused phone will be made in America,
--XZ-Utils backdoor still present in Linux images,
--1Kosmos1 raises $57m in Series B,
--Designers left cute images on chips decades ago,
--AI is killing the Wayback Machine
And while you're there, please consider signing up for a paid subscription to help keep Metacurity afloat. Thank you.
https://www.metacurity.com/russia-implicated-in-hack-of-federal-court-system-documents/
National Public Data, the site that leaked millions of social security numbers and was shut down in December, is back only this time it's a people finder that is presumably based on its massive trove of everyone's sensitive data.
https://www.pcmag.com/news/site-behind-major-ssn-leak-returns-with-detailed-data-on-millions-how-to
Metacurity