Workers report watching Ray-Ban Meta-shot footage of people using the bathroom
View post on Reddit.
Workers report watching Ray-Ban Meta-shot footage of people using the bathroom
06.03.2026 18:42
π 0
π 0
π¬ 0
π 0
Self-taught in infosec, whatβs the one resource youβd recommend above everything else, and why?
Iβm working my way through security topics on my own (networking, some reversing, basic exploit dev) and the amount of resources out there is honestly overwhelming. YouTube, TryHackMe, books, CTFs,...
Self-taught in infosec, whatβs the one resource youβd recommend above everything else, and why?
06.03.2026 11:42
π 0
π 0
π¬ 0
π 0
Why didnβt managed MDR alert to password spray?
We had an incident last week. During a 4.15 hour window we had 16 users hit with 271 unique passwords. They were hitting our SSL VPN authentication portal, which was relaying that auth to the DC vi...
A Reddit user questions why their managed MDR service, Arctic Wolf, failed to alert them about a password spraying attack targeting 16 users over a 48-hour period. The attack involved 271 unique passwords, over 3600 failed attempts, and 300 lockouts, but no alert was issued.
06.03.2026 05:42
π 1
π 0
π¬ 0
π 0
Proton Mail Helped FBI Unmask Anonymous βStop Cop Cityβ Protester
View post on Reddit.
Proton Mail Helped FBI Unmask Anonymous βStop Cop Cityβ Protester
05.03.2026 21:42
π 2
π 0
π¬ 0
π 1
Security awareness training: the basics weren't that obvious
We just had our first security awareness training this week and the first session was eye-opening. Things we assumed people knew, like checking the actual sender domain instead of just the display ...
The first security awareness training revealed that basic practices like checking sender domains and hovering over links were new to many. The poster seeks to gather more personal cybersecurity practices to share with their team.
05.03.2026 20:42
π 0
π 0
π¬ 0
π 0
With CVE-2026-29000, what are the most notable CVSS 10.0 vulnerabilities of all time?
A new CVSS 10.0 just dropped, pac4j-jwt authentication bypass. An attacker can impersonate any user (including admin) using just the server's public key. No credentials needed, no user interaction,...
A new CVSS 10.0 vulnerability, CVE-2026-29000, allows attackers to impersonate users with just the server's public key. Other notable CVSS 10.0 vulnerabilities include Log4Shell, EternalBlue, Heartbleed, and BlueKeep. What are other notable vulnerabilities, and which had the most impact?
05.03.2026 13:42
π 4
π 1
π¬ 0
π 1
Check Point Experts on CTEM in the Real World & What Actually Gets You Hacked
Weβre hosting a live Ask Me Anything on CTEM (Continuous Threat Exposure Management) in the real world.
For 24 hours, weβll answer questions in real time.
This AMA is about how CTEM actually works ...
Check Point is hosting a live 24-hour AMA on CTEM, with experts discussing how CTEM functions in the real world, addressing exposure risks, attacker tactics, and organizational challenges. Experts include senior threat researchers, CISOs, and cyber evangelists. Drop questions!
05.03.2026 12:42
π 1
π 0
π¬ 0
π 0
Feeling lost about the future of secure coding as a pentester. Anyone else?
I've been a pentester for a few years and lately I just can't find the motivation to keep studying for certs. Honestly it's because of what I've seen AI do to secure coding lately.
I did some tests...
A pentester feels uncertain about the future of secure coding as AI models are increasingly better at identifying vulnerabilities during code reviews. They wonder if focusing on high-level tasks like architecture and threat modeling might be more beneficial and seek advice on shifting career paths.
05.03.2026 03:42
π 0
π 0
π¬ 0
π 0
'Mysterious' leaked US government tool is breaking into iPhones
View post on Reddit.
A leaked US government tool allegedly capable of breaking into iPhones has surfaced, raising concerns about privacy and security. Details about the tool's origin and capabilities remain unclear, generating speculation and worries about governmental surveillance on personal devices.
05.03.2026 02:42
π 0
π 0
π¬ 0
π 0
Online ads just became the internet's biggest malware machine, report says
View post on Reddit.
A report indicates that online ads have become one of the largest sources of malware on the internet, posing significant cybersecurity risks to users.
04.03.2026 22:42
π 1
π 1
π¬ 0
π 0
Where do you draw the line between security incident and IT incident?
Hey folks,
I need some perspective from people whoβve actually lived through this.
Background:
weβre a newly merged company (3+ companies combined). Governance is still in its early stage, not just...
A newly merged company with a nascent InfoSec team is struggling to define the boundaries between security and IT incidents. They seek clarity on categorizing incidents based on impact, root cause, or intent. Practical guidance, beyond textbook definitions, is needed to address these challenges.
04.03.2026 17:42
π 0
π 0
π¬ 0
π 0
To every manager who thinks they have AI under control, think again
Found out last week three people on our team had been feeding actual customer data into random AI tools for months. Not the approved ones, just stuff they googled, signed up for with their work ema...
A manager sharing concerns about AI misuse at work discovered employees were using unauthorized AI tools with customer data, believing it enhanced productivity. No malice involved, but highlights the need for better data security measures and awareness of AI tool usage policies.
04.03.2026 12:42
π 1
π 0
π¬ 0
π 0
Cybersecurity professionals are burning out on extra hours every week
Cybersecurity professionals in the U.S. are working an average of 10.8 extra hours per week beyond their contracted schedules. That figure effectively adds a sixth working day to the standard week ...
Cybersecurity professionals in the U.S. are experiencing burnout due to excessive overtime. On average, they work 10.8 extra hours weekly, effectively adding a sixth working day. Nearly half reported 11+ overtime hours, and 20% logged more than 16 additional hours.
04.03.2026 11:42
π 0
π 0
π¬ 0
π 0
Hungerrush compromised?
Just got an interesting email from the support email for a POS company for restaurants. Interesting approach to get a businesses attention by letting their consumers know you possibly have access t...
A potentially compromised POS company, HungerRush, received a threatening email claiming millions of restaurant and customer data are at risk. The sender demands contact, hinting at previous ignored requests and the possibility of malicious actions if unaddressed.
04.03.2026 10:42
π 0
π 0
π¬ 0
π 0
Israel hacked Iranβs traffic cameras to pinpoint Khamenei
Israel is said to have hacked into Iranβs traffic camera networks to spy on Ayatollah Ali Khamenei and Iranian officials for years before his assassination
Israel allegedly hacked Iran's traffic camera networks to monitor Ayatollah Ali Khamenei and other officials, potentially contributing to intelligence gathering leading to Khamenei's assassination.
04.03.2026 03:42
π 0
π 0
π¬ 0
π 0
An update on the UK cybersecurity job market
I was talking to a recruiter who used to recruit for me at a previous employer. When I was hiring around 2020/21 I had maybe 2 or 3 applicants for any given role (mainly in AppSec, Cloud Security)....
A recruiter from a previous employer shared that the number of applicants for cybersecurity roles in the UK has skyrocketed. Compared to 2020/21, where only a few applied, a recent senior role now received over 200 applications, with 70 meeting criteria, signaling a highly competitive market.
03.03.2026 23:42
π 0
π 0
π¬ 0
π 0
LexisNexis confirms breach of some internal and customer data
Well, this is gonna SUCK.
For those who aren't familiar with the company, they basically hold data on everyone and everything. When I did background investigations back in the late 1990's , they al...
LexisNexis has confirmed a breach affecting both internal and customer data. The company, known for holding extensive data on individuals and entities, has been a key resource for background investigations since the late 1990s. This breach could have widespread implications.
03.03.2026 22:42
π 0
π 0
π¬ 0
π 0
2,863 Google API keys on public websites now silently authenticate to Gemini. One developer was billed $82,314 in 48 hours. Google's initial response: "Intended Behavior."
View post on Reddit.
Public exposure of 2,863 Google API keys allows silent authentication to Gemini services. One user faced an unexpected $82,314 charge in two days. Google's initial response labeled it as "Intended Behavior."
03.03.2026 17:42
π 0
π 0
π¬ 0
π 0
I was attacked and almost lost it all even though I knew better.
Pre-cleared with the mods.
I'm posting this because I think the community can learn from it. I'm an IT professional with 13+ years in cloud infrastructure/IAM and 30+ years in IT/Communications ...
An IT professional with 30+ years of experience was nearly compromised by a sophisticated phishing attack but used AI tool Claude to investigate and manage the incident within 48 hours. Compartmentalized security, FIDO tokens, and Claude enabled a swift response and prevented major damage.
03.03.2026 14:42
π 0
π 0
π¬ 0
π 0
