Commonwealth Sentinel Cyber Security
@cwealthsentinel.bsky.social
At Commonwealth Sentinel, we focus on cyber security so you can focus on other things.# CyberSecurity for local government, non-profit, and small business. #FemaleFounder
This is a very bad idea!
White House Scraps 'Burdensome' Software Security Rules
White House Scraps 'Burdensome' Software Security Rules
ift.tt
January 31, 2026 at 9:16 PM
This is a very bad idea!
White House Scraps 'Burdensome' Software Security Rules
White House Scraps 'Burdensome' Software Security Rules
The Mob Museum, Las Vegas: Explore the Past, Present and Future of Cybercrime
The Mob Museum, Las Vegas: Explore the Past, Present and Future of Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine
buff.ly
January 31, 2026 at 6:18 PM
The Mob Museum, Las Vegas: Explore the Past, Present and Future of Cybercrime
Patch or perish: Vulnerability exploits now dominate intrusions
Vulnerability exploits now dominate intrusions
: Apply fixes within a few hours or face the music, say the pros
buff.ly
January 31, 2026 at 5:08 PM
Patch or perish: Vulnerability exploits now dominate intrusions
Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers
Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers
Fortinet warns that attackers are actively exploiting CVE-2026-24858 to bypass FortiCloud SSO authentication and gain privileged access across FortiOS and related products.
ift.tt
January 31, 2026 at 3:57 PM
Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers
Cyberattack on Poland's power grid could have turned deadly in winter cold
Cyberattack on Poland's power grid could have been lethal
: Close call after an apparently deliberate attempt to starve a country of energy at the worst time
buff.ly
January 31, 2026 at 2:18 PM
Cyberattack on Poland's power grid could have turned deadly in winter cold
Multiple Vulnerabilities in SolarWinds Web Help Desk Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in SolarWinds Web Help Desk Could Allow for Arbitrary Code Execution
<p>Multiple vulnerabilities have been discovered in SolarWinds Web Help Desk, the most severe of which could allow for arbitrary code execution. SolarWinds Web Help Desk (WHD) is a web-based software…
ift.tt
January 31, 2026 at 1:07 PM
Multiple Vulnerabilities in SolarWinds Web Help Desk Could Allow for Arbitrary Code Execution
Fortinet unearths another critical bug as SSO accounts borked post-patch
Fortinet SSO patch bypass gets a separate critical CVE
: More work for admins on the cards as they await a full dump of fixes
buff.ly
January 30, 2026 at 9:16 PM
Fortinet unearths another critical bug as SSO accounts borked post-patch
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
ift.tt
January 30, 2026 at 6:18 PM
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Old Windows quirks help punch through new admin defenses
Old Windows quirks help punch through new admin defenses
: Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature
buff.ly
January 30, 2026 at 5:08 PM
Old Windows quirks help punch through new admin defenses
Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim
ShinyHunters claims Panera Bread in alleged data theft
: Plus, the gang says it got in via Microsoft Entra SSO
buff.ly
January 30, 2026 at 3:57 PM
Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim
Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP
Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP
This emergency zero-day patch blocks attackers from slipping past built-in protections and compromising your system.
buff.ly
January 30, 2026 at 2:18 PM
Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP
WinRAR path traversal flaw still exploited by numerous hackers
WinRAR path traversal flaw still exploited by numerous hackers
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads.
ift.tt
January 30, 2026 at 1:07 PM
WinRAR path traversal flaw still exploited by numerous hackers
China-linked group accused of spying on phones of UK prime ministers' aides – for years
Hackers suspected of spying on UK officials' calls for years
: Reports say Salt Typhoon attackers accessed handsets of senior govt folk
buff.ly
January 29, 2026 at 9:16 PM
China-linked group accused of spying on phones of UK prime ministers' aides – for years
US charges 31 more suspects linked to ATM malware attacks
US charges 31 more suspects linked to ATM malware attacks
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua.
ift.tt
January 29, 2026 at 6:18 PM
US charges 31 more suspects linked to ATM malware attacks
Nike investigates data breach after extortion gang leaks files
Nike investigates data breach after extortion gang leaks files
Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant.
ift.tt
January 29, 2026 at 5:08 PM
Nike investigates data breach after extortion gang leaks files
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
ift.tt
January 29, 2026 at 3:57 PM
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
WP Go Maps Plugin Vulnerability Affects Up To 300K WordPress Sites via @sejournal, @martinibuster
WP Go Maps Plugin Vulnerability Affects Up To 300K WordPress Sites
Vulnerability in the WP Go Maps plugin enables attackers with low level permissions to switch map engines.
buff.ly
January 29, 2026 at 2:18 PM
WP Go Maps Plugin Vulnerability Affects Up To 300K WordPress Sites via @sejournal, @martinibuster
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability.
ift.tt
January 29, 2026 at 1:07 PM
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Dell Hack Debacle: Digital Fortress Breached » Cyber News
Dell Hack Debacle: Digital Fortress Breached » Cyber News
In April 2024, Dell Technologies suffered a three-week-long Dell hack impacting 49 million customers who purchased products between 2017 and 2024.
buff.ly
January 28, 2026 at 9:16 PM
Dell Hack Debacle: Digital Fortress Breached » Cyber News
You can't make this stuff up!
January 28, 2026 at 9:03 PM
You can't make this stuff up!
Storing your BitLocker key in the cloud? Microsoft can give it to the FBI - what to do instead
Storing your BitLocker key in the cloud? Microsoft can give it to the FBI - what to do instead
Microsoft says it may give your encryption key to law enforcement upon a valid request. Here's how to protect your privacy.
buff.ly
January 28, 2026 at 6:18 PM
Storing your BitLocker key in the cloud? Microsoft can give it to the FBI - what to do instead
Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
Canva among ~100 ShinyHunters credential-theft targets
: Atlassian, RingCentral, ZoomInfo also among tech targets
buff.ly
January 28, 2026 at 5:08 PM
Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
New malware service guarantees phishing extensions on Chrome web store
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store.
ift.tt
January 28, 2026 at 3:57 PM
New malware service guarantees phishing extensions on Chrome web store
Happy Data Privacy Day and Change Your Password Day buff.ly/ZqhuPwH
Data Privacy Day and Change Your Password Day
Data Privacy Day and Change Your Password Day arrive at a time when privacy concerns have shifted from niche technical debates to everyday business and personal
buff.ly
January 28, 2026 at 3:01 PM
Happy Data Privacy Day and Change Your Password Day buff.ly/ZqhuPwH
Insider threats aren’t just “bad employees.” There are also mistakes by trusted people with real access. Limit permissions, enforce MFA, monitor unusual activity, and tighten offboarding.
Read:
Read:
Insider Threats: Trusted to Dangerous and How to Stop Them
Insider threats are the risks that live behind your login screen. They aren't always malicious. An insider threat is caused by someone with legitimate access.
buff.ly
January 28, 2026 at 2:18 PM
Insider threats aren’t just “bad employees.” There are also mistakes by trusted people with real access. Limit permissions, enforce MFA, monitor unusual activity, and tighten offboarding.
Read:
Read: