jon greig
@jgreig.bsky.social
cybersecurity reporter for The Record.
formerly: zdnet, techrepublic, blavity, haitian times, cambodia daily
— send tips to jonathangreig11@protonmail.com or signal: jgreig.51
formerly: zdnet, techrepublic, blavity, haitian times, cambodia daily
— send tips to jonathangreig11@protonmail.com or signal: jgreig.51
Sedgwick confirmed that its government subsidiary is dealing with a cyberattack. The company has contracts with DHS, FEMA, ICE, CISA the Dept of Commerce and several federal agencies
A ransomware gang claimed it stole 3GB of data on New Year's Eve
therecord.media/sedgwick-cyb...
A ransomware gang claimed it stole 3GB of data on New Year's Eve
therecord.media/sedgwick-cyb...
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary
The claims administration company Sedgwick confirmed that a subsidiary that contracts with a handful of sensitive federal agencies is dealing with a cybersecurity incident.
therecord.media
January 2, 2026 at 5:46 PM
Sedgwick confirmed that its government subsidiary is dealing with a cyberattack. The company has contracts with DHS, FEMA, ICE, CISA the Dept of Commerce and several federal agencies
A ransomware gang claimed it stole 3GB of data on New Year's Eve
therecord.media/sedgwick-cyb...
A ransomware gang claimed it stole 3GB of data on New Year's Eve
therecord.media/sedgwick-cyb...
Sedgwick confirmed that its government subsidiary is dealing with a cyberattack. The company has contracts with DHS, FEMA, ICE, CISA the Dept of Commerce and several federal agencies
therecord.media/sedgwick-cyb...
therecord.media/sedgwick-cyb...
Sedgwick confirms cyber incident affecting its major federal contractor subsidiary
The claims administration company Sedgwick confirmed that a subsidiary that contracts with a handful of sensitive federal agencies is dealing with a cybersecurity incident.
therecord.media
January 2, 2026 at 5:45 PM
Sedgwick confirmed that its government subsidiary is dealing with a cyberattack. The company has contracts with DHS, FEMA, ICE, CISA the Dept of Commerce and several federal agencies
therecord.media/sedgwick-cyb...
therecord.media/sedgwick-cyb...
Cyber incident responders from DigitalMint and Sygnia plead guilty and are facing 20 years in prison for launching ALPHV/Black Cat ransomware attacks themselves.
The two separately tried to flee to Europe before being arrested
therecord.media/ransomware-r...
The two separately tried to flee to Europe before being arrested
therecord.media/ransomware-r...
Ransomware responders plead guilty to using ALPHV in attacks on US organizations
Two Americans who worked for incident response firms face up to 20 years in prison for turning ransomware upon U.S. businesses.
therecord.media
December 31, 2025 at 4:22 PM
Cyber incident responders from DigitalMint and Sygnia plead guilty and are facing 20 years in prison for launching ALPHV/Black Cat ransomware attacks themselves.
The two separately tried to flee to Europe before being arrested
therecord.media/ransomware-r...
The two separately tried to flee to Europe before being arrested
therecord.media/ransomware-r...
Reposted by jon greig
Geez…ransomware got bad. And these were just the reported payments:
The department noted that the figures from the three-year stretch nearly outpaced all of the reports and ransomware payments from the previous nine-year period of 2013 to 2021
via @jgreig.bsky.social & @therecordmedia.bsky.social
The department noted that the figures from the three-year stretch nearly outpaced all of the reports and ransomware payments from the previous nine-year period of 2013 to 2021
via @jgreig.bsky.social & @therecordmedia.bsky.social
More than $2 billion in payments from 4,000 ransomware incidents reported to Treasury in recent years
The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) released a study last week covering 4,194 ransomware incidents that were reported through the Bank Secrecy Act over the three-ye...
therecord.media
December 9, 2025 at 12:48 PM
Geez…ransomware got bad. And these were just the reported payments:
The department noted that the figures from the three-year stretch nearly outpaced all of the reports and ransomware payments from the previous nine-year period of 2013 to 2021
via @jgreig.bsky.social & @therecordmedia.bsky.social
The department noted that the figures from the three-year stretch nearly outpaced all of the reports and ransomware payments from the previous nine-year period of 2013 to 2021
via @jgreig.bsky.social & @therecordmedia.bsky.social
I spoke to DEF CON Franklin co-founder Jake Braun about the initiative's new phase: localized MSSPs for rural water utilities
therecord.media/cyber-volunt...
therecord.media/cyber-volunt...
Cyber volunteer effort for small water utilities announces new MSSP effort
An organization is looking to develop a first-of-its-kind managed security service provider (MSSP) model tailored specifically for rural water utilities.
therecord.media
December 24, 2025 at 1:54 PM
I spoke to DEF CON Franklin co-founder Jake Braun about the initiative's new phase: localized MSSPs for rural water utilities
therecord.media/cyber-volunt...
therecord.media/cyber-volunt...
Crazy story about the DOJ takedown of the Social Engineering Enterprise - a gang of 20-somethings living like rappers after stealing more than $300 million worth of crypto through social engineering attacks
therecord.media/california-m...
therecord.media/california-m...
California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
Evan Tangeman became the ninth person to plead guilty as part of a wider Justice Department takedown of a criminal group known as the Social Engineering Enterprise.
therecord.media
December 9, 2025 at 9:57 PM
Crazy story about the DOJ takedown of the Social Engineering Enterprise - a gang of 20-somethings living like rappers after stealing more than $300 million worth of crypto through social engineering attacks
therecord.media/california-m...
therecord.media/california-m...
Reposted by jon greig
Cyber incidents in Texas, Tennessee and Indiana impacting critical government services
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Cyber incidents in Texas, Tennessee and Indiana impacting critical government services
A large suburb outside of Dallas, Texas, was one of multiple municipalities across the U.S. this week to report cyber incidents affecting public services.
therecord.media
October 23, 2025 at 11:20 AM
Cyber incidents in Texas, Tennessee and Indiana impacting critical government services
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Reposted by jon greig
US to attend UN cybercrime treaty signing in Hanoi despite industry concerns
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
US to attend UN cybercrime treaty signing in Hanoi despite industry concerns
After years of negotiations, officials from around the world will convene in Hanoi this weekend for the signing of the landmark UN cybercrime convention.
therecord.media
October 27, 2025 at 1:47 AM
US to attend UN cybercrime treaty signing in Hanoi despite industry concerns
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Reposted by jon greig
China-based hackers are scanning for and exploiting a popular line of Cisco firewalls used by governments in the U.S., Europe and Asia.
By @jgreig.bsky.social & me on @therecordmedia.bsky.social
therecord.media/chinese-hack...
By @jgreig.bsky.social & me on @therecordmedia.bsky.social
therecord.media/chinese-hack...
Chinese hackers scanning, exploiting Cisco ASA firewalls used by governments worldwide
In a report shared with Recorded Future News, Unit 42 attributed the targeting of Cisco ASA devices to Storm-1849 — a China-based threat group that Cisco previously said has been attacking the tools s...
therecord.media
October 31, 2025 at 5:40 PM
China-based hackers are scanning for and exploiting a popular line of Cisco firewalls used by governments in the U.S., Europe and Asia.
By @jgreig.bsky.social & me on @therecordmedia.bsky.social
therecord.media/chinese-hack...
By @jgreig.bsky.social & me on @therecordmedia.bsky.social
therecord.media/chinese-hack...
Reposted by jon greig
Russian hacker to plead guilty to aiding Yanluowang ransomware group
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Russian hacker to plead guilty to aiding Yanluowang ransomware group
Court documents show evidence proving Volkov served as an initial access broker for the ransomware gang — breaking into the network of victims and then offering his access for a percentage of the rans...
therecord.media
November 11, 2025 at 3:15 PM
Russian hacker to plead guilty to aiding Yanluowang ransomware group
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Reposted by jon greig
Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission
Via @jgreig.bsky.social & @therecordmedia.bsky.social
Via @jgreig.bsky.social & @therecordmedia.bsky.social
Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission
A bipartisan congressional duo introduced legislation that would beef up cybersecurity protections at the Securities and Exchange Commission.
therecord.media
November 20, 2025 at 2:05 PM
Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission
Via @jgreig.bsky.social & @therecordmedia.bsky.social
Via @jgreig.bsky.social & @therecordmedia.bsky.social
Reposted by jon greig
DOJ takes down Myanmar scam center website spoofing TickMill trading platform
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
DOJ takes down Myanmar scam center website spoofing TickMill trading platform
The FBI said several victims used the domain and told agents that they were shown lucrative returns on what they thought were legitimate investments.
therecord.media
December 3, 2025 at 5:59 PM
DOJ takes down Myanmar scam center website spoofing TickMill trading platform
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Amazon researchers said they saw two Chinese state-backed groups - Earth Lamia and Jackpot Panda - exploiting React2Shell
CISA also added it to the known exploited bugs list today as well
Patch CVE-2025-55182 ASAP
therecord.media/chinese-hack...
CISA also added it to the known exploited bugs list today as well
Patch CVE-2025-55182 ASAP
therecord.media/chinese-hack...
Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say
The bug, tagged as CVE-2025-55182 and referred to colloquially as React2Shell, was reported to Meta by researcher Lachlan Davidson on November 29 and publicly disclosed on Wednesday, when a fix was ro...
therecord.media
December 5, 2025 at 4:29 PM
Amazon researchers said they saw two Chinese state-backed groups - Earth Lamia and Jackpot Panda - exploiting React2Shell
CISA also added it to the known exploited bugs list today as well
Patch CVE-2025-55182 ASAP
therecord.media/chinese-hack...
CISA also added it to the known exploited bugs list today as well
Patch CVE-2025-55182 ASAP
therecord.media/chinese-hack...
Trump’s FCC just removed cyber regulations governing telecoms that were put in place after Chinese hackers stole the call records of Trump and JD Vance last year
Several senators told me telecoms lobbied heavily for the rules to be removed
therecord.media/fcc-removes-...
Several senators told me telecoms lobbied heavily for the rules to be removed
therecord.media/fcc-removes-...
FCC spikes Biden-era cyber regulations prompted by Salt Typhoon telecom breaches
The Republican-led FCC voted to remove cybersecurity rules for telecom companies that were put in place before Donald Trump's inauguration as a response to 2024 breaches attributed to state-backed Chi...
therecord.media
November 20, 2025 at 5:38 PM
Trump’s FCC just removed cyber regulations governing telecoms that were put in place after Chinese hackers stole the call records of Trump and JD Vance last year
Several senators told me telecoms lobbied heavily for the rules to be removed
therecord.media/fcc-removes-...
Several senators told me telecoms lobbied heavily for the rules to be removed
therecord.media/fcc-removes-...
The director of the Congressional Budget Office (CBO) told lawmakers on Tuesday morning that the agency has removed hackers from its systems following a cyberattack disclosed two weeks ago
therecord.media/congressiona...
therecord.media/congressiona...
CBO director testifies that hackers have been expelled from email systems
Officials at the Congressional Budget Office “have not observed further evidence of unauthorized access" to the legislative branch agency's systems, Director Phillip Swagel told lawmakers.
therecord.media
November 19, 2025 at 3:30 PM
The director of the Congressional Budget Office (CBO) told lawmakers on Tuesday morning that the agency has removed hackers from its systems following a cyberattack disclosed two weeks ago
therecord.media/congressiona...
therecord.media/congressiona...
South Korea-based LG Energy Solution confirmed it was affected by a ransomware attack following claims made by the Akira group spotlighted by the FBI last week
therecord.media/lg-energy-so...
therecord.media/lg-energy-so...
LG battery subsidiary says ransomware attack targeted overseas facility
A "specific overseas facility" fell prey to a ransomware attack but is now operating normally, according to LG Energy Solution — the South Korean multinational's battery-making subsidiary.
therecord.media
November 19, 2025 at 3:28 PM
South Korea-based LG Energy Solution confirmed it was affected by a ransomware attack following claims made by the Akira group spotlighted by the FBI last week
therecord.media/lg-energy-so...
therecord.media/lg-energy-so...
CISA warned that several federal agencies have not sufficiently patched the Cisco ASA bugs being exploited by Chinese hackers
therecord.media/federal-cisc...
therecord.media/federal-cisc...
Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns
Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an active hacking campaign, the Cybersecurity and Infrastructure Security Agency warned.
therecord.media
November 12, 2025 at 9:58 PM
CISA warned that several federal agencies have not sufficiently patched the Cisco ASA bugs being exploited by Chinese hackers
therecord.media/federal-cisc...
therecord.media/federal-cisc...
Reposted by jon greig
the newly released Epstein emails are getting coverage on Fox News 👀
November 12, 2025 at 9:13 PM
the newly released Epstein emails are getting coverage on Fox News 👀
Seems bad!
"The Mandiant investigation is now complete. Their findings confirm that the malicious activity – carried out by a state-sponsored threat actor. The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices."
www.sonicwall.com/blog/cloud-b...
"The Mandiant investigation is now complete. Their findings confirm that the malicious activity – carried out by a state-sponsored threat actor. The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices."
www.sonicwall.com/blog/cloud-b...
www.sonicwall.com
November 5, 2025 at 6:57 PM
Seems bad!
"The Mandiant investigation is now complete. Their findings confirm that the malicious activity – carried out by a state-sponsored threat actor. The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices."
www.sonicwall.com/blog/cloud-b...
"The Mandiant investigation is now complete. Their findings confirm that the malicious activity – carried out by a state-sponsored threat actor. The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices."
www.sonicwall.com/blog/cloud-b...
The countries that signed the controversial cybercrime treaty today in Hanoi include:
Vietnam, Maldives, Algeria, Australia, Azerbaijan, Belarus, Belgium, Brazil, Burkina Faso, Cambodia, Chile, China, Costa Rica, Cuba, Czech Republic, South Korea…
therecord.media/cybercrime-t...
Vietnam, Maldives, Algeria, Australia, Azerbaijan, Belarus, Belgium, Brazil, Burkina Faso, Cambodia, Chile, China, Costa Rica, Cuba, Czech Republic, South Korea…
therecord.media/cybercrime-t...
US to attend UN cybercrime treaty signing in Hanoi despite industry concerns
After years of negotiations, officials from around the world will convene in Hanoi this weekend for the signing of the landmark UN cybercrime convention.
therecord.media
October 25, 2025 at 2:26 PM
The countries that signed the controversial cybercrime treaty today in Hanoi include:
Vietnam, Maldives, Algeria, Australia, Azerbaijan, Belarus, Belgium, Brazil, Burkina Faso, Cambodia, Chile, China, Costa Rica, Cuba, Czech Republic, South Korea…
therecord.media/cybercrime-t...
Vietnam, Maldives, Algeria, Australia, Azerbaijan, Belarus, Belgium, Brazil, Burkina Faso, Cambodia, Chile, China, Costa Rica, Cuba, Czech Republic, South Korea…
therecord.media/cybercrime-t...
Reposted by jon greig
American Airlines subsidiary Envoy Air confirmed it was impacted by a recent Clop campaign targeting customers of Oracle's EBS application
Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”
therecord.media/regional-air...
Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”
therecord.media/regional-air...
Regional airline Envoy Air confirms Oracle E-Business Suite compromise
The regional American airline Envoy Air confirmed that its IT system was impacted by a recent hacking campaign targeting Oracle E-Business Suite.
therecord.media
October 17, 2025 at 3:08 PM
American Airlines subsidiary Envoy Air confirmed it was impacted by a recent Clop campaign targeting customers of Oracle's EBS application
Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”
therecord.media/regional-air...
Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”
therecord.media/regional-air...
American Airlines subsidiary Envoy Air confirmed it was impacted by a recent Clop campaign targeting customers of Oracle's EBS application
Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”
therecord.media/regional-air...
Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”
therecord.media/regional-air...
Regional airline Envoy Air confirms Oracle E-Business Suite compromise
The regional American airline Envoy Air confirmed that its IT system was impacted by a recent hacking campaign targeting Oracle E-Business Suite.
therecord.media
October 17, 2025 at 3:08 PM
American Airlines subsidiary Envoy Air confirmed it was impacted by a recent Clop campaign targeting customers of Oracle's EBS application
Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”
therecord.media/regional-air...
Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”
therecord.media/regional-air...
Reposted by jon greig
Ransomware attack on Ohio county impacts over 45,000 residents, employees
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social
Ransomware attack on Ohio county impacts over 45,000 residents, employees
The hackers stole documents that had names, Social Security numbers, driver’s license numbers, financial account information, fingerprint data, medical information, passport numbers and more.
therecord.media
September 29, 2025 at 5:32 AM
Ransomware attack on Ohio county impacts over 45,000 residents, employees
via @jgreig.bsky.social & @therecordmedia.bsky.social
via @jgreig.bsky.social & @therecordmedia.bsky.social