The back episodes finally make it online, this is number 1 is a series of episodes that did not get posted, but are now!
Brett is out (which is why these didn't…

Brian Krebs found a public GitHub repository with sensitive internal CISA credentials "including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets."

L'agence américaine de cybersécurité CISA a exposé publiquement ses identifiants cloud et mots de passe via un dépôt GitHub maintenu par un contractant. Cette fuite, qualifiée de "pire leak" jamais observé par les experts, révèle des défaillances majeures au cœur de l'appareil de défense cyber américain.

Wazuh can improve security without surrendering endpoint telemetry to a closed vendor, but only if you control what it logs, who can access it, and how long the data lives.

"I think there's optimism, from an industry perspective, that we'll be better than where we started at the beginning of the administration," John Miller said.

The U.S. CISA has mandated government agencies to urgently patch Citrix NetScaler appliances against the CVE-2026-3055 vulnerability before April 2.

Betroffen sind die Messenger WhatsApp und Signal. – Alle Rechte vorbehalten IMAGO / photothekSeit Monaten versuchen bislang unbekannte Angreifer, die Accounts von Personen aus Politik, Militär und Journalismus auf Messengern zu übernehmen. Eine Medienrecherche hat nun weitere Spuren entdeckt, die auf eine russische Urheberschaft hinweisen.

As the United States continues to pursue war with Iran, the infrastructure that would have helped respond to threats has been hollowed out by the Trump administration’s efforts to dramatically shrink the federal government. The overall loss in institutional knowledge wrought by massive personnel cuts and other efforts to decimate the civil service might not just affect the future of this war, it…

修正前から攻撃されていた。世界で最も使われているウェブブラウザで、すでに実環境で悪用が確認された脆弱性が見つかりました。Googleは3月12日と13日、Chromeに存在する2件のゼロデイ脆弱性に対処する緊急セキュリティアップデートを公開しました。Chrome利用者は世界で約3...

[smhn.infoにアクセスすると、全文を読むことができます。

](https://smhn.info/202603-google-chrome-two-zero-day-vulnerabilities-emergency-update)

US agencies race to meet a CISA deadline after a critical Cisco SD-WAN Flaw exposed federal networks to long-term intrusion and forced security action.

Zero trust solves the wrong problem in OT

Zero trust has become the dominant security narrative of the past decade, and rightly so. Its core principles, never trust, always verify; assume breach; enforce least privilege, have reshaped how organizations think about identity, access and lateral movement. In enterprise IT environments, these principles have produced measurable gains. Identity is…

Googles Threat Intelligence Group (GTIG) and Mandiants recent Disrupting the GRIDTIDE Global Cyber Espionage Campaign report is great and it has lots of good Indicators of Compromise (IOC). Many of these IOCs had already been shared by CISA last year as part of their Alert AA25-141A titled Russian G[...]

"This gives flexibility to adopt software that brings innovation, but may not be able to afford to provide SBOM attestation," Jean‑Paul Bergeaux said.

Roughly 90% of the more than 260,000 employees at the Department of Homeland Security will continue working through the DHS shutdown that began Saturday, and many of them will do so without pay.

Each month, the team at Readiness analyzes the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. The company’s Patch Tuesday release for February addresses 59 CVEs across the company’s product family — roughly half the volume of January’s 159 patches.

Six vulnerabilities, affecting Windows Shell, MSHTML, Desktop Window Manager, Remote Desktop, Remote…