Matt Kapko

The operational impact of worforce reductions at CISA YouTube video by CyberScoop

In this episode of Safe Mode, @gregotto.bsky.social dives in with @timstarks.bsky.social to unpack what’s happened inside CISA—and what it could mean for the country’s ability to withstand the next major cyber crisis.
www.youtube.com/watch?v=ZUDX... | cyberscoop.com/cisa-personn...

Across party lines and industry, the verdict is the same: CISA is in trouble One year into the second Trump administration, CISA faces a 33% loss in personnel and shuttered divisions. Experts warn of "decimated" capabilities and a leadership vacuum as the agency struggles to m...

Seeing the lengthy list of changes/cutbacks to CISA catalogued in this one piece makes it clear there is little left of it. The agency is less than a decade old and struggled for years to find its footing before it started to make progress. But all advances it made have been gutted in last 12 months

Gottumukkala out, Andersen in as acting CISA director Madhu Gottumukkala steps down as acting director of CISA, replaced by Nick Andersen. The move follows criticism of agency performance and leadership shifts at DHS.

Gottumukkala out, Andersen in as acting CISA director cyberscoop.com/cisa-leaders...

Governments issue warning over Cisco zero-day attacks dating back to 2023 Hackers exploited zero-day flaws in Cisco network devices for three years undetected. CISA issued an emergency directive as the global campaign continues.

The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there. via @mattkapko.com cyberscoop.com/cisco-zero-d...

Tim dug up all the dirt on CISA. His reporting captures the agency's decline and serves stark warnings about the messes that could unravel when the next major crisis hits.

You deserve so much better, Joe.

A new wave of 'vishing' attacks is breaking into SSO accounts in real time Cybercrime groups, including one that identifies as ShinyHunters, are targeting single sign-on services to gain access to victim networks and steal data.

Cybercrime groups, including one that identifies as ShinyHunters, are targeting single sign-on services to gain access to victim networks and steal data. via @mattkapko.com cyberscoop.com/shinyhunters...

The thin line between saving a company and funding a crime YouTube video by CyberScoop

Ransomware negotiators dish on being in a ‘moral gray zone,’ unrestricted by accountability or industrywide rules of engagement. @mattkapko.com @gregotto.bsky.social www.youtube.com/watch?v=iAMe... | cyberscoop.com/ransomware-n...

Thank you, @ransomwaresommelier.com. That’s very kind of you.

Aw, shucks. Thank you, Tim!

The thin line between saving a company and funding a crime Ransomware negotiators dish on being in a ‘moral gray zone,’ unrestricted by accountability or industrywide rules of engagement.

Ransomware negotiators dish on being in a ‘moral gray zone,’ unrestricted by accountability or industrywide rules of engagement. via @mattkapko.com cyberscoop.com/ransomware-n...

I have a 1994 Strat and had this same realization recently.

React2Shell fallout spreads to sensitive targets as public exploits hit all-time high Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever.

Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever. via @mattkapko.com cyberscoop.com/react2shell-...

Hey everybody @lindseywilkinson.bsky.social has joined the FedScoop team (and Bluesky)! Give her a follow

Attackers hit React defect as researchers quibble over proof A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.

Attackers of different origins and motivations swiftly exploited a critical vulnerability dubbed React2Shell, affecting one of the most extensively used application frameworks. Unit 42 has confirmed more than 30 organizations across various sectors are impacted. cyberscoop.com/attackers-ex...

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been uncovered in the last four months.

The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been uncovered in the last four months. via @mattkapko.com cyberscoop.com/china-bricks...

Sean Plankey nomination to lead CISA appears to be over after Thursday vote Sean Plankey’s nomination to lead the Cybersecurity and Infrastructure Security Agency looks to be over following his exclusion from a Senate vote Thursday on a panel of Trump administration picks.

SCOOP: Sean Plankey's nomination to lead CISA is seemingly over, after DHS partially terminated a Coast Guard contract with Florida-based Eastern Shipbuilding Group. Plankey had been an adviser to CG. Sen. Rick Scott became a hurdle to Plankey's confirmation. cyberscoop.com/sean-plankey...

Developers scramble as critical React flaw threatens major apps The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.

The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments. via @mattkapko.com cyberscoop.com/react-server...

Gainsight CEO downplays impact of attack that spread to Salesforce environments Details about the attack are scattered, and discrepancies remain about the number of companies impacted and the extent to which they are compromised.

Details about the attack are scattered, and discrepancies remain about the number of companies impacted and the extent to which they are compromised. via @mattkapko.com cyberscoop.com/gainsight-ce...

Thank you for sharing my article @joshsternberg.com. Longtime reader and fan.

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work Anthropic and AI security experts told CyberScoop that behind the hype, effective AI-driven cyberattacks still require skilled humans, with the attack possibly done to send a message as what’s possibl...

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work by @derekbjohnson.bsky.social at @cyberscoop.bsky.social. cyberscoop.com/anthropic-ai...

Please do!

While White House demands deterrence, Trump shrugs U.S. cyber officials have pushed for strong action against foreign hacking, while President Trump has downplayed threats, creating mixed signals on cyber defense policy.

I took a look at how Trump officials' comments on cyber deterrence contrast with the man himself, and what it means or reflects for the global scene. cyberscoop.com/trump-cyber-...

In Memoriam: Lucas Mearian, 1962-2025 Computerworld Senior Reporter Lucas Mearian passed away suddenly last week. Here’s a look at his professional career and his life.

An incredibly sad loss for Computerworld, the larger tech journalism community, and for me personally....

Here is the email Clop attackers sent to Oracle customers The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.

The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment. via @mattkapko.com cyberscoop.com/extortion-em...

Oracle customers being bombarded with emails claiming widespread data theft Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.

CYBERSCOOP AFTER DARK: Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant’s E-Business Suite. Early signs point to it being legit cyberscoop.com/clop-claims-...

Oracle customers being bombarded with emails claiming widespread data theft Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.

New from me. CyberScoop after dark. cyberscoop.com/clop-claims-...

Hi, Kevin -- I'd like to learn more about your findings. Can we please chat 1:1? My DMs are open on Bluesky or I can be reached at matt.kapko AT cyberscoop.com

Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial Ianis Aleksandrovich Antropenko allegedly committed ransomware attacks from 2018 to 2022. He’s been out on bond since his arrest almost a year ago, despite multiple run-ins with police.

The DOJ recently announced it seized $2.8M from an alleged ransomware operator living in California back in early 2024. The Russian national was arrested and charged a year ago, but released on bail the same day. He's still out, despite multiple run-ins with police. cyberscoop.com/ianis-antrop...

Likewise, and your story on this is fantastic.