Kevin Poireault
@leekthehack.bsky.social
Tech reporter https://linksta.cc/@kevinpoireault
🚨 𝐎𝐩. 𝐄𝐧𝐝𝐠𝐚𝐦𝐞 3.0 𝐃𝐢𝐬𝐦𝐚𝐧𝐭𝐥𝐞𝐬 𝐑𝐡𝐚𝐝𝐚𝐦𝐚𝐧𝐭𝐡𝐲𝐬, 𝐕𝐞𝐧𝐨𝐦𝐑𝐀𝐓 𝐚𝐧𝐝 𝐄𝐥𝐲𝐬𝐢𝐮𝐦
The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest
📰 www.infosecurity-magazine.com/news/operati...
The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest
📰 www.infosecurity-magazine.com/news/operati...
November 13, 2025 at 1:02 PM
🚨 𝐎𝐩. 𝐄𝐧𝐝𝐠𝐚𝐦𝐞 3.0 𝐃𝐢𝐬𝐦𝐚𝐧𝐭𝐥𝐞𝐬 𝐑𝐡𝐚𝐝𝐚𝐦𝐚𝐧𝐭𝐡𝐲𝐬, 𝐕𝐞𝐧𝐨𝐦𝐑𝐀𝐓 𝐚𝐧𝐝 𝐄𝐥𝐲𝐬𝐢𝐮𝐦
The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest
📰 www.infosecurity-magazine.com/news/operati...
The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest
📰 www.infosecurity-magazine.com/news/operati...
𝐏𝐎𝐃𝐂𝐀𝐒𝐓 - 𝐇𝐨𝐰 𝐏𝐫𝐢𝐯𝐚𝐭𝐞 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡𝐞𝐫𝐬 𝐀𝐫𝐞 𝐓𝐚𝐤𝐢𝐧𝐠 𝐃𝐨𝐰𝐧 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬
I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.
🎧 Listen here: feeds.soundcloud.com/users/soundc...
I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.
🎧 Listen here: feeds.soundcloud.com/users/soundc...
November 5, 2025 at 11:02 AM
𝐏𝐎𝐃𝐂𝐀𝐒𝐓 - 𝐇𝐨𝐰 𝐏𝐫𝐢𝐯𝐚𝐭𝐞 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡𝐞𝐫𝐬 𝐀𝐫𝐞 𝐓𝐚𝐤𝐢𝐧𝐠 𝐃𝐨𝐰𝐧 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬
I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.
🎧 Listen here: feeds.soundcloud.com/users/soundc...
I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.
🎧 Listen here: feeds.soundcloud.com/users/soundc...
Journalists (and politicians) have a responsibility to avoid amplifying unproven claims, no matter how tempting the headline. Let’s demand evidence-first reporting, even when the story is breaking. (4/5)
September 22, 2025 at 7:30 PM
Journalists (and politicians) have a responsibility to avoid amplifying unproven claims, no matter how tempting the headline. Let’s demand evidence-first reporting, even when the story is breaking. (4/5)
EXCLUSIVE - Why Three Vendors Pulled Out of ‘Cybersecurity Olympics’
Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.
I spoke with MITRE CTO to understand what motivated these moves.
www.infosecurity-magazine.com/news/cyber-v...
Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.
I spoke with MITRE CTO to understand what motivated these moves.
www.infosecurity-magazine.com/news/cyber-v...
September 22, 2025 at 1:03 PM
EXCLUSIVE - Why Three Vendors Pulled Out of ‘Cybersecurity Olympics’
Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.
I spoke with MITRE CTO to understand what motivated these moves.
www.infosecurity-magazine.com/news/cyber-v...
Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.
I spoke with MITRE CTO to understand what motivated these moves.
www.infosecurity-magazine.com/news/cyber-v...
𝐂𝐈𝐒𝐀 2015 𝐒𝐚𝐟𝐞 𝐇𝐚𝐫𝐛𝐨𝐫 𝐚𝐭 𝐑𝐢𝐬𝐤 𝐚𝐬 𝐒𝐞𝐩𝐭𝐞𝐦𝐛𝐞𝐫 30 𝐃𝐞𝐚𝐝𝐥𝐢𝐧𝐞 𝐍𝐞𝐚𝐫𝐬
⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.
⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.
September 2, 2025 at 11:04 AM
𝐂𝐈𝐒𝐀 2015 𝐒𝐚𝐟𝐞 𝐇𝐚𝐫𝐛𝐨𝐫 𝐚𝐭 𝐑𝐢𝐬𝐤 𝐚𝐬 𝐒𝐞𝐩𝐭𝐞𝐦𝐛𝐞𝐫 30 𝐃𝐞𝐚𝐝𝐥𝐢𝐧𝐞 𝐍𝐞𝐚𝐫𝐬
⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.
⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.
🔎 VulnWatch Friday: CVE-2025-57819 🔓
The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.
FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.
The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.
FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.
August 29, 2025 at 2:53 PM
🔎 VulnWatch Friday: CVE-2025-57819 🔓
The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.
FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.
The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.
FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.
🧐 VulnWatch Wednesday: CVE-2025-7775 🔓
Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.
According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.
Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.
According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.
August 27, 2025 at 10:55 AM
🧐 VulnWatch Wednesday: CVE-2025-7775 🔓
Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.
According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.
Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.
According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.
🧐 VulnWatch Wednesday: CVE-2025-31324 🔓
A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.
🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.
A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.
🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.
August 20, 2025 at 4:10 PM
🧐 VulnWatch Wednesday: CVE-2025-31324 🔓
A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.
🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.
A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.
🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.
𝐋𝐞𝐠𝐢𝐭𝐢𝐦𝐚𝐭𝐞 𝐂𝐡𝐫𝐨𝐦𝐞 𝐕𝐏𝐍 𝐄𝐱𝐭𝐞𝐧𝐬𝐢𝐨𝐧 𝐓𝐮𝐫𝐧𝐬 𝐭𝐨 𝐁𝐫𝐨𝐰𝐬𝐞𝐫 𝐒𝐩𝐲𝐰𝐚𝐫𝐞
FreeVPN.One, a popular Google-featured browser VPN extension, recently turned malicious and is now spying on users’ every move online.
A good read from Koi Security on 𝑰𝒏𝒕𝒆𝒓𝒏𝒂𝒕𝒊𝒐𝒏𝒂𝒍 𝑽𝑷𝑵 𝑫𝒂𝒚
www.infosecurity-magazine.com/news/chrome-...
FreeVPN.One, a popular Google-featured browser VPN extension, recently turned malicious and is now spying on users’ every move online.
A good read from Koi Security on 𝑰𝒏𝒕𝒆𝒓𝒏𝒂𝒕𝒊𝒐𝒏𝒂𝒍 𝑽𝑷𝑵 𝑫𝒂𝒚
www.infosecurity-magazine.com/news/chrome-...
August 19, 2025 at 1:01 PM
𝐋𝐞𝐠𝐢𝐭𝐢𝐦𝐚𝐭𝐞 𝐂𝐡𝐫𝐨𝐦𝐞 𝐕𝐏𝐍 𝐄𝐱𝐭𝐞𝐧𝐬𝐢𝐨𝐧 𝐓𝐮𝐫𝐧𝐬 𝐭𝐨 𝐁𝐫𝐨𝐰𝐬𝐞𝐫 𝐒𝐩𝐲𝐰𝐚𝐫𝐞
FreeVPN.One, a popular Google-featured browser VPN extension, recently turned malicious and is now spying on users’ every move online.
A good read from Koi Security on 𝑰𝒏𝒕𝒆𝒓𝒏𝒂𝒕𝒊𝒐𝒏𝒂𝒍 𝑽𝑷𝑵 𝑫𝒂𝒚
www.infosecurity-magazine.com/news/chrome-...
FreeVPN.One, a popular Google-featured browser VPN extension, recently turned malicious and is now spying on users’ every move online.
A good read from Koi Security on 𝑰𝒏𝒕𝒆𝒓𝒏𝒂𝒕𝒊𝒐𝒏𝒂𝒍 𝑽𝑷𝑵 𝑫𝒂𝒚
www.infosecurity-magazine.com/news/chrome-...
👀 VulnWatch Monday: CVE-2025-25256 🔓
WatchTowr Labs has published a technical analysis of CVE-2025-25256, a critical pre-auth command injection vulnerability in Fortinet's FortiSIEM, as well as a detection artifact generator.
🔧 Fix? Yes (see Fortinet's security advisory)
WatchTowr Labs has published a technical analysis of CVE-2025-25256, a critical pre-auth command injection vulnerability in Fortinet's FortiSIEM, as well as a detection artifact generator.
🔧 Fix? Yes (see Fortinet's security advisory)
August 18, 2025 at 5:42 PM
👀 VulnWatch Monday: CVE-2025-25256 🔓
WatchTowr Labs has published a technical analysis of CVE-2025-25256, a critical pre-auth command injection vulnerability in Fortinet's FortiSIEM, as well as a detection artifact generator.
🔧 Fix? Yes (see Fortinet's security advisory)
WatchTowr Labs has published a technical analysis of CVE-2025-25256, a critical pre-auth command injection vulnerability in Fortinet's FortiSIEM, as well as a detection artifact generator.
🔧 Fix? Yes (see Fortinet's security advisory)
💸 Both agencies have decided to add $1.4m to the overall prizes (across all teams, more info to come)
August 8, 2025 at 7:13 PM
💸 Both agencies have decided to add $1.4m to the overall prizes (across all teams, more info to come)
🥈 Team Trail of Bits: $3m
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
August 8, 2025 at 7:13 PM
🥈 Team Trail of Bits: $3m
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
NEW 🏆Team Atlanta is the winner of DARPA’s and ARPA-H’s AI Cybersecurity Challenge (AIxCC)
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
August 8, 2025 at 7:13 PM
NEW 🏆Team Atlanta is the winner of DARPA’s and ARPA-H’s AI Cybersecurity Challenge (AIxCC)
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
💸 Both agencies have decided to add $1.4m to the overall prizes (across all teams, more info to come)
August 8, 2025 at 7:13 PM
💸 Both agencies have decided to add $1.4m to the overall prizes (across all teams, more info to come)
🥈 Team Trail of Bits: $3m
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
August 8, 2025 at 7:13 PM
🥈 Team Trail of Bits: $3m
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
NEW 🏆Team Atlanta is the winner of DARPA’s and ARPA-H’s AI Cybersecurity Challenge (AIxCC)
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
August 8, 2025 at 7:13 PM
NEW 🏆Team Atlanta is the winner of DARPA’s and ARPA-H’s AI Cybersecurity Challenge (AIxCC)
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
⚖️ Butera and Costello stated they are "very hopeful" that the Cybersecurity Information Sharing Act 2015 (deadline: Sept 30, 2025) can be renewed.
August 7, 2025 at 10:43 PM
⚖️ Butera and Costello stated they are "very hopeful" that the Cybersecurity Information Sharing Act 2015 (deadline: Sept 30, 2025) can be renewed.
🔴 CISA Update Session at @BlackHatEvents
USA 2025 🔴
Robert Costello, CIO of CISA, believes reports of the agency's demise are greatly exaggerated. He quoted Ernest Hemingway: "We're not retrieving, we're advancing to a new direction."
USA 2025 🔴
Robert Costello, CIO of CISA, believes reports of the agency's demise are greatly exaggerated. He quoted Ernest Hemingway: "We're not retrieving, we're advancing to a new direction."
August 7, 2025 at 10:35 PM
🔴 CISA Update Session at @BlackHatEvents
USA 2025 🔴
Robert Costello, CIO of CISA, believes reports of the agency's demise are greatly exaggerated. He quoted Ernest Hemingway: "We're not retrieving, we're advancing to a new direction."
USA 2025 🔴
Robert Costello, CIO of CISA, believes reports of the agency's demise are greatly exaggerated. He quoted Ernest Hemingway: "We're not retrieving, we're advancing to a new direction."
🔍 APT28’s ‘Lamehug’ is the first LLM-powered malware
🧪 MITRE's Gianpaolo Russo and Marissa Dotter broke it down at @blackhatevents.bsky.social USA, showing how this shifts cyber threats. Their OCCULT suite tests these threats.
🔜 Stay tuned for deeper insights on Infosecurity Magazine
🧪 MITRE's Gianpaolo Russo and Marissa Dotter broke it down at @blackhatevents.bsky.social USA, showing how this shifts cyber threats. Their OCCULT suite tests these threats.
🔜 Stay tuned for deeper insights on Infosecurity Magazine
August 7, 2025 at 1:59 PM
🔍 APT28’s ‘Lamehug’ is the first LLM-powered malware
🧪 MITRE's Gianpaolo Russo and Marissa Dotter broke it down at @blackhatevents.bsky.social USA, showing how this shifts cyber threats. Their OCCULT suite tests these threats.
🔜 Stay tuned for deeper insights on Infosecurity Magazine
🧪 MITRE's Gianpaolo Russo and Marissa Dotter broke it down at @blackhatevents.bsky.social USA, showing how this shifts cyber threats. Their OCCULT suite tests these threats.
🔜 Stay tuned for deeper insights on Infosecurity Magazine
🚨 A US defense contractor’s domain was compromised by ethical hackers in just 77 seconds
Part of the NSA's CAPT program, which offers free pentesting for DIB suppliers, this test was run by @horizon3ai.bsky.social.
🔜 More to come on Infosecurity Magazine
Part of the NSA's CAPT program, which offers free pentesting for DIB suppliers, this test was run by @horizon3ai.bsky.social.
🔜 More to come on Infosecurity Magazine
August 7, 2025 at 1:44 PM
🚨 A US defense contractor’s domain was compromised by ethical hackers in just 77 seconds
Part of the NSA's CAPT program, which offers free pentesting for DIB suppliers, this test was run by @horizon3ai.bsky.social.
🔜 More to come on Infosecurity Magazine
Part of the NSA's CAPT program, which offers free pentesting for DIB suppliers, this test was run by @horizon3ai.bsky.social.
🔜 More to come on Infosecurity Magazine
🔎 VulnWatch Friday: CVE-2025-7624 🔓
In a July 21 security advisory, Sophos shared the patches for 5️⃣ vulnerabilities affecting its products.
One of the two critical vulnerabilities, tracked as CVE-2025-7624 is an SQL injection in the legacy SMTP proxy of some Sophos Firewall versions.
In a July 21 security advisory, Sophos shared the patches for 5️⃣ vulnerabilities affecting its products.
One of the two critical vulnerabilities, tracked as CVE-2025-7624 is an SQL injection in the legacy SMTP proxy of some Sophos Firewall versions.
July 25, 2025 at 3:47 PM
🔎 VulnWatch Friday: CVE-2025-7624 🔓
In a July 21 security advisory, Sophos shared the patches for 5️⃣ vulnerabilities affecting its products.
One of the two critical vulnerabilities, tracked as CVE-2025-7624 is an SQL injection in the legacy SMTP proxy of some Sophos Firewall versions.
In a July 21 security advisory, Sophos shared the patches for 5️⃣ vulnerabilities affecting its products.
One of the two critical vulnerabilities, tracked as CVE-2025-7624 is an SQL injection in the legacy SMTP proxy of some Sophos Firewall versions.
🧐 VulnWatch Wednesday: CVE-2025-54309 🔓
At least 10,000 CrushFTP instances are vulnerable to a critical flaw, which is currently being exploited by attackers, affecting the file transfer solution, according to @shadowserver.bsky.social and @rapid7.com.
www.infosecurity-magazine.com/news/crushft...
At least 10,000 CrushFTP instances are vulnerable to a critical flaw, which is currently being exploited by attackers, affecting the file transfer solution, according to @shadowserver.bsky.social and @rapid7.com.
www.infosecurity-magazine.com/news/crushft...
July 23, 2025 at 4:13 PM
🧐 VulnWatch Wednesday: CVE-2025-54309 🔓
At least 10,000 CrushFTP instances are vulnerable to a critical flaw, which is currently being exploited by attackers, affecting the file transfer solution, according to @shadowserver.bsky.social and @rapid7.com.
www.infosecurity-magazine.com/news/crushft...
At least 10,000 CrushFTP instances are vulnerable to a critical flaw, which is currently being exploited by attackers, affecting the file transfer solution, according to @shadowserver.bsky.social and @rapid7.com.
www.infosecurity-magazine.com/news/crushft...
In a statement sent to me, Cognizant denied being responsible for the cyber-attack.
💬 Cognizant's response (part 1): "It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack." [3/4]
💬 Cognizant's response (part 1): "It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack." [3/4]
July 23, 2025 at 3:34 PM
In a statement sent to me, Cognizant denied being responsible for the cyber-attack.
💬 Cognizant's response (part 1): "It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack." [3/4]
💬 Cognizant's response (part 1): "It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack." [3/4]
In a lawsuit filed in California on July 22, Clorox accused Cognizant of being responsible for an attack that cost it months of operational disruption and at least $49m in expenses.
Cognizant allegedly handed over a password to the cybercriminal w/o asking any authentication questions. [2/4]
Cognizant allegedly handed over a password to the cybercriminal w/o asking any authentication questions. [2/4]
July 23, 2025 at 3:34 PM
In a lawsuit filed in California on July 22, Clorox accused Cognizant of being responsible for an attack that cost it months of operational disruption and at least $49m in expenses.
Cognizant allegedly handed over a password to the cybercriminal w/o asking any authentication questions. [2/4]
Cognizant allegedly handed over a password to the cybercriminal w/o asking any authentication questions. [2/4]
𝐍𝐄𝐖 ⚖️ The Clorox Company 𝐒𝐮𝐞𝐬 Cognizant 𝐟𝐨𝐫 𝐂𝐚𝐮𝐬𝐢𝐧𝐠 2023 𝐂𝐲𝐛𝐞𝐫-𝐀𝐭𝐭𝐚𝐜𝐤
Clorox, a leading US producer of cleaning products, is suing its former IT service desk provider, London-based Cognizant, over the August 2023 cyber-attack. [1/4]
www.infosecurity-magazine.com/news/clorox-...
Clorox, a leading US producer of cleaning products, is suing its former IT service desk provider, London-based Cognizant, over the August 2023 cyber-attack. [1/4]
www.infosecurity-magazine.com/news/clorox-...
July 23, 2025 at 3:34 PM
𝐍𝐄𝐖 ⚖️ The Clorox Company 𝐒𝐮𝐞𝐬 Cognizant 𝐟𝐨𝐫 𝐂𝐚𝐮𝐬𝐢𝐧𝐠 2023 𝐂𝐲𝐛𝐞𝐫-𝐀𝐭𝐭𝐚𝐜𝐤
Clorox, a leading US producer of cleaning products, is suing its former IT service desk provider, London-based Cognizant, over the August 2023 cyber-attack. [1/4]
www.infosecurity-magazine.com/news/clorox-...
Clorox, a leading US producer of cleaning products, is suing its former IT service desk provider, London-based Cognizant, over the August 2023 cyber-attack. [1/4]
www.infosecurity-magazine.com/news/clorox-...