Kevin Kosh
@kidko92.bsky.social
PR elder, cybersecurity roadie, proud papa of 2 boys, accomplished wiseacre, Multiversal social entity.
-net loss: Firewall vendor discloses 2nd zero day in less than a week, prompting questions of gross disclosure practices. www.darkreading.com/vulnerabilit...
Fortinet Woes Continue With Another WAF Zero-Day Flaw
A second zero-day vulnerability in Fortinet's web application firewall (WAF) line has raised more questions about the vendor's disclosure practices.
www.darkreading.com
November 20, 2025 at 11:06 AM
-net loss: Firewall vendor discloses 2nd zero day in less than a week, prompting questions of gross disclosure practices. www.darkreading.com/vulnerabilit...
Reposted by Kevin Kosh
𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴... 𝘁𝗵𝗲 𝗘𝗰𝗵𝗼 𝗔𝘄𝗮𝗿𝗱𝘀! 🏆✨
It’s about time that we recognize the excellent journalists who bring clarity to the fast-moving, complex world of the U.S. Public Sector- from Federal to State & Local to Education.
Stay tuned for more information coming soon! theechoawards.com
It’s about time that we recognize the excellent journalists who bring clarity to the fast-moving, complex world of the U.S. Public Sector- from Federal to State & Local to Education.
Stay tuned for more information coming soon! theechoawards.com
November 17, 2025 at 2:54 PM
𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴... 𝘁𝗵𝗲 𝗘𝗰𝗵𝗼 𝗔𝘄𝗮𝗿𝗱𝘀! 🏆✨
It’s about time that we recognize the excellent journalists who bring clarity to the fast-moving, complex world of the U.S. Public Sector- from Federal to State & Local to Education.
Stay tuned for more information coming soon! theechoawards.com
It’s about time that we recognize the excellent journalists who bring clarity to the fast-moving, complex world of the U.S. Public Sector- from Federal to State & Local to Education.
Stay tuned for more information coming soon! theechoawards.com
Sheep: Police plate reader tech maker Flock reaches 97% MFA enablement after FTC accuses them of not being good shepherds of customer security with default controls. 3% have "reasons". Woof. techcrunch.com/2025/11/03/l...
Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers | TechCrunch
Flock said around 3% of its law enforcement customers do not use multi-factor authentication, potentially leaving dozens of law enforcement agency accounts open to compromise and improper access.
techcrunch.com
November 6, 2025 at 11:55 AM
Sheep: Police plate reader tech maker Flock reaches 97% MFA enablement after FTC accuses them of not being good shepherds of customer security with default controls. 3% have "reasons". Woof. techcrunch.com/2025/11/03/l...
Heed the call of the Tacos....
If you're looking for an opportunity to showcase your company at #RSAC2026, CYBERTACOS is a great way to connect with top cybersecurity executives and innovators!
Contact us today at cybertacos@w2comm.com to learn about our sponsorship opportunities and secure your spot!
Contact us today at cybertacos@w2comm.com to learn about our sponsorship opportunities and secure your spot!
November 4, 2025 at 2:49 PM
Heed the call of the Tacos....
Refresh...Refresh...Refresh: F5 reports that nation state actors maintained long-term, persistent access to systems that revealed source code, vuln data and even some customer config and implementation data www.securityweek.com/f5-blames-na...
F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data
F5 was recently targeted by state-sponsored threat actors who managed to steal sensitive information from the company’s systems.
www.securityweek.com
October 16, 2025 at 10:58 AM
Refresh...Refresh...Refresh: F5 reports that nation state actors maintained long-term, persistent access to systems that revealed source code, vuln data and even some customer config and implementation data www.securityweek.com/f5-blames-na...
(Open) House Party: Envious of "party people"? Don't be. Partiful apparently lets you join, since location data of user-uploaded images is invitingly there for the taking... photos.https://techcrunch.com/2025/10/04/event-startup-partiful-wasnt-stripping-gps-locations-from-user-uploaded-photos/
October 16, 2025 at 10:57 AM
(Open) House Party: Envious of "party people"? Don't be. Partiful apparently lets you join, since location data of user-uploaded images is invitingly there for the taking... photos.https://techcrunch.com/2025/10/04/event-startup-partiful-wasnt-stripping-gps-locations-from-user-uploaded-photos/
SonicBoom: network security vendor's breach estimates shatter the sound (security) barrier, speeding from 5% to 100% of customers affected by a "cloud backup file incident"that exposed encrypted credentials and backup firewall configuration files. www.darkreading.com/cyberattacks...
SonicWall: 100% of Firewall Backups Were Breached
SonicWall said the breach affected firewall configuration files for all customers using SonicWall’s cloud backup service — up from a previous 5% estimate.
www.darkreading.com
October 10, 2025 at 11:10 AM
SonicBoom: network security vendor's breach estimates shatter the sound (security) barrier, speeding from 5% to 100% of customers affected by a "cloud backup file incident"that exposed encrypted credentials and backup firewall configuration files. www.darkreading.com/cyberattacks...
One if by Land...: British automaker sees another significant ransomware attack, marking number two this year for the company, and the Jaguar maker is unable to outrun a significant operational outage. www.securityweek.com/jaguar-land-...
Jaguar Land Rover Operations 'Severely Disrupted' by Cyberattack
British automobile manufacturer Jaguar Land Rover (JLR) is scrambling to restore applications and operations that were impacted by a cyberattack.
www.securityweek.com
September 3, 2025 at 10:56 AM
One if by Land...: British automaker sees another significant ransomware attack, marking number two this year for the company, and the Jaguar maker is unable to outrun a significant operational outage. www.securityweek.com/jaguar-land-...
Screeching halt: speed cameras crash across the Netherlands due to a cyberattack on the Dutch Public Prosecution Service exploiting Citrix vulns. www.theregister.com/2025/08/15/c...
Dutch prosecution service attack keeps speed cameras offline
: Who knew zero-days could be so useful to highway speedsters?
www.theregister.com
August 20, 2025 at 1:08 PM
Screeching halt: speed cameras crash across the Netherlands due to a cyberattack on the Dutch Public Prosecution Service exploiting Citrix vulns. www.theregister.com/2025/08/15/c...
End of Line: AI customers seem without a CLU as nearly all MCP servers are exposed with no authentication checks of any kind www.darkreading.com/vulnerabilit...
Nearly 2,000 MCP Servers Possess No Security Whatsoever
Authentication in MCP — the backbone of agentic AI — is optional, and nobody's implementing it. Instead, they're allowing any passing attackers full control of their servers.
www.darkreading.com
July 21, 2025 at 11:54 AM
End of Line: AI customers seem without a CLU as nearly all MCP servers are exposed with no authentication checks of any kind www.darkreading.com/vulnerabilit...
High and Dry: Alcohol and Drug Testing Service gets smoked by ransomware gang, losing PII on more than 750K individuals. www.securityweek.com/750000-impac...
750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service
The Alcohol & Drug Testing Service (TADTS) says personal information was stolen in a July 2024 ransomware attack.
www.securityweek.com
July 21, 2025 at 10:33 AM
High and Dry: Alcohol and Drug Testing Service gets smoked by ransomware gang, losing PII on more than 750K individuals. www.securityweek.com/750000-impac...
Not lovin it...: Researchers find an unhappy meal of 64 million records containing candidate chats with McDonald's AI hiring chatbot, driving thru the data with a kids meal password of 123456. www.wired.com/story/mcdona...
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
www.wired.com
July 10, 2025 at 10:27 AM
Not lovin it...: Researchers find an unhappy meal of 64 million records containing candidate chats with McDonald's AI hiring chatbot, driving thru the data with a kids meal password of 123456. www.wired.com/story/mcdona...
American Steal: Largest stateside producer, Nucor, reports the theft of "internal data" via system compromise. www.darkreading.com/cyberattacks...
Steel Giant Nucor Confirms Data Stolen in Cyberattack
America's largest steel producer initially disclosed the breach in May and took potentially affected systems offline to investigation the intrusion and contain any malicious activity.
www.darkreading.com
June 25, 2025 at 11:43 AM
American Steal: Largest stateside producer, Nucor, reports the theft of "internal data" via system compromise. www.darkreading.com/cyberattacks...
Spy purchase Spy: Surveillance boaster child Cellebrite acquires US-based Corellium for $200M www.securityweek.com/controversia...
Controversial Firms Cellebrite and Corellium Announce $200 Million Acquisition Deal
Cellebrite and Corellium, whose names have been mentioned in spyware stories, are joining forces to provide advanced investigative solutions.
www.securityweek.com
June 5, 2025 at 1:14 PM
Spy purchase Spy: Surveillance boaster child Cellebrite acquires US-based Corellium for $200M www.securityweek.com/controversia...
Sun burned: Researchers shine a harsh light on more than 90 unscreened vulnerabilities in the management interfaces of solar power system management interfaces. www.securityweek.com/35000-solar-...
35,000 Solar Power Systems Exposed to Internet
Forescout has analyzed the prevalence of internet-exposed solar power devices and shared a list of the top vendors and devices.
www.securityweek.com
June 4, 2025 at 11:37 AM
Sun burned: Researchers shine a harsh light on more than 90 unscreened vulnerabilities in the management interfaces of solar power system management interfaces. www.securityweek.com/35000-solar-...
Punch to the Face: cred stuffing attack hits major sports apparel brand as the trend in retail security overall seems to be going south. www.securityweek.com/thousands-hi...
Thousands Hit by The North Face Credential Stuffing Attack
Threat actors steal personal information from thenorthface.com user accounts in a recent credential stuffing campaign.
www.securityweek.com
June 4, 2025 at 10:59 AM
Punch to the Face: cred stuffing attack hits major sports apparel brand as the trend in retail security overall seems to be going south. www.securityweek.com/thousands-hi...
A Rough in the Diamond: luxury jewelry brand Cartier discloses heist of basic PII in which a 3rd party gained access to systems, but light on details. www.bleepingcomputer.com/news/securit...
Cartier discloses data breach amid fashion brand cyberattacks
Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised.
www.bleepingcomputer.com
June 3, 2025 at 9:38 AM
A Rough in the Diamond: luxury jewelry brand Cartier discloses heist of basic PII in which a 3rd party gained access to systems, but light on details. www.bleepingcomputer.com/news/securit...
Open relationship: vuln in Raw dating app lays bare sensitive info including PII, sexual preference and even location details. www.scworld.com/brief/vulner...
Vulnerability exposes Raw dating app user information
TechCrunch reports that Raw a dating app touting more authentic interactions that has amassed over 500,000 Android installations since its launch two years ago has been impacted by an insecure direct ...
www.scworld.com
May 6, 2025 at 11:36 AM
Open relationship: vuln in Raw dating app lays bare sensitive info including PII, sexual preference and even location details. www.scworld.com/brief/vulner...
The truth Hertz: Rental giant shifts gears regarding cyberattack on a 3rd party partner in late 2024, now saying significant customer PII was taken in multiple countries techcrunch.com/2025/04/14/h...
Hertz says customers' personal data and driver's licenses stolen in data breach | TechCrunch
The car rental giant attributed the breach to Cleo, whose customers had data stolen by a ransomware gang in 2024.
techcrunch.com
April 14, 2025 at 7:06 PM
The truth Hertz: Rental giant shifts gears regarding cyberattack on a 3rd party partner in late 2024, now saying significant customer PII was taken in multiple countries techcrunch.com/2025/04/14/h...
It hacks like chicken: South African poultry producer suffers more than $1M loss in profits due to an undisclosed cyberattack www.darkreading.com/cyberattacks...
Poultry Company Reports $1M Loss After Cyberattack
The company reports that no sensitive information was breached or stolen in the cyber intrusion and that its operations are running normally again.
www.darkreading.com
March 28, 2025 at 12:09 PM
It hacks like chicken: South African poultry producer suffers more than $1M loss in profits due to an undisclosed cyberattack www.darkreading.com/cyberattacks...
Reposted by Kevin Kosh
Tomcat CVE-2025-24813: What You Need to Know
A lot of noise is swirling around this Apache Tomcat RCE chain—but should you be worried? Our security researcher Jon Williams breaks it down.
Subscribe to our blog for all the latest updates: bishopfox.com/blog
A lot of noise is swirling around this Apache Tomcat RCE chain—but should you be worried? Our security researcher Jon Williams breaks it down.
Subscribe to our blog for all the latest updates: bishopfox.com/blog
March 19, 2025 at 3:48 PM
Tomcat CVE-2025-24813: What You Need to Know
A lot of noise is swirling around this Apache Tomcat RCE chain—but should you be worried? Our security researcher Jon Williams breaks it down.
Subscribe to our blog for all the latest updates: bishopfox.com/blog
A lot of noise is swirling around this Apache Tomcat RCE chain—but should you be worried? Our security researcher Jon Williams breaks it down.
Subscribe to our blog for all the latest updates: bishopfox.com/blog
Reposted by Kevin Kosh
a cybersecurity bracket looking at red team tools? Count me in.
🚨 The 2025 Ultimate Red Team Tool Showdown is here! 🚨
We’re putting the top offensive security tools head-to-head, but only ONE will take the crown. And it’s all up to YOU!
Check out the full bracket & cast your votes:
bishopfox.com/redteam-tool...
We’re putting the top offensive security tools head-to-head, but only ONE will take the crown. And it’s all up to YOU!
Check out the full bracket & cast your votes:
bishopfox.com/redteam-tool...
March 12, 2025 at 4:05 PM
a cybersecurity bracket looking at red team tools? Count me in.
Horror Movie Trope:
Tired: Friday, Feb 13 - Let's go question that shadowy figure in the woods
Wired: Friday, Feb 14: Let's go question my wife about a decision she made
Tired: Friday, Feb 13 - Let's go question that shadowy figure in the woods
Wired: Friday, Feb 14: Let's go question my wife about a decision she made
February 14, 2025 at 1:48 PM
Horror Movie Trope:
Tired: Friday, Feb 13 - Let's go question that shadowy figure in the woods
Wired: Friday, Feb 14: Let's go question my wife about a decision she made
Tired: Friday, Feb 13 - Let's go question that shadowy figure in the woods
Wired: Friday, Feb 14: Let's go question my wife about a decision she made
Get your Grubby hands off my data: Attackers snatch basic PII from food delivery go to via a 3rd party contractor. Could present a tasty meal for phishers. www.bleepingcomputer.com/news/securit...
GrubHub data breach impacts customers, drivers, and merchants
Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, merchants, and drivers after attackers breached its systems using a ser...
www.bleepingcomputer.com
February 13, 2025 at 4:55 PM
Get your Grubby hands off my data: Attackers snatch basic PII from food delivery go to via a 3rd party contractor. Could present a tasty meal for phishers. www.bleepingcomputer.com/news/securit...