If you missed last week’s runZero Hour with Caroline Wong, author of The AI Cybersecurity Handbook, here’s a peek at what you missed.
Watch the full episode now for more AI insights, CVE program updates, AI trivia, and notable vulns from the month.
Full episode: www.runzero.com/resources/ru...
Recently back from VulnCon 2026, runZero's @todb.hugesuccess.org shares his insights on AI's dual role in vuln discovery & defense, CVE ecosystem updates, and a cautiously optimistic outlook for the future of vuln disclosure and remediation.
Read his blog today! 👇️
www.runzero.com/blog/vulncon...
Are you attending the DoW MPE Summit in Ft. Lauderdale this week?
Be sure to connect with our team onsite to learn how runZero provides a single source of truth for exposure management across the total attack surface—without the friction of agents.
👉️ More details: www.ncsi.com/event/mpe/ag...
Need some downtime today during #BSidesSF 2026? Escape to the runZero sponsored Bar & Chill Out Space (inside) or Lounge (outside) from 9 AM-5:30 PM PT.
Stop by, say hello, and snag some swag! 👉 Remember, two complimentary drink tickets were provided at registration!
Tomorrow on the runZero Hour: Deep dive into OT retroencabulation
Join @todb.hugesuccess.org, Rob King, & Ulises Fuentes Venado from GuidePoint Security for an in-depth discussion on the evolving security challenges facing OT.
📅 March 18 | 1 PM ET / 10 AM PT
www.runzero.com/research/run...
One way to read the AI/Pentagon news from last night (I covered it but didn't skeet) is that the Department of Defense wants AI to automate weapons and/or spy on Americans and that Anthropic would have the best AI to do that, but OpenAI is at least the second-best so they'll just use that instead.
If everything is a priority, nothing is.
@todb.hugesuccess.org helped build CISA KEV and his new runZero research finally makes it actionable.
He sat down with Casey Ellis on @riskybusiness to talk about what KEV actually is and how to use it right.
🎧 www.runzero.com/resources/ri...
NEW: U.S. prosecutors say the hacking tools that Peter "Doogie" Williams stole from defense contractor L3Harris Trenchant could have been used against "millions of computers and devices" worldwide.
Williams said he didn't know the tools could end up in the hands of Russia or other governments.
Prosecutors have confirmed for the first time that Peter Williams, who ran L3Harris' Trenchant unit (which makes hacking tools for the U.S. govermment and its allies), sold the company's exploits to a Russian broker that were capable of accessing "millions of computers and devices" around the world.
🚨 New report + tool: CISA KEV analysis by former Section Chief @todb.hugesuccess.org + KEV Collider to help prioritize real exploits over noise.
📄 Report: www.runzero.com/resources/ke...
🧪 Tool: www.runzero.com/kev-collider/
✍️ Blog: www.runzero.com/blog/making-...
Ready to make KEV actionable?
Joseph Menn has been writing about cybersecurity since well before most journalists even understood it as a beat. Big loss for the Post and its readers, but also for the industry and the wider public, who will be less informed - and less safe - as a result.
Why are pubs laying off talented journalists? We need reporters who understand security to continue covering it. It is disheartening to see this happening over and over again.
Good stuff here, folks! When you have a few minutes, read the article and the research (links below). #LLMsecurity
Story: www.reuters.com/technology/o...
Research: www.sentinelone.com/labs/silent-...
The Federal Aviation Administration ignored warnings about a dangerous level of air traffic at Reagan National Airport before the midair collision between a commercial jet and U.S. Army helicopter that took 67 lives, federal investigators said.
ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.
NEW: Microsoft handed the FBI the recovery keys to decrypt the hard drives of three laptops encrypted with BitLocker.
BitLocker is enabled by default in modern Windows laptops, but Microsoft also prompts users to upload the recovery keys to the company's cloud, which opens up this possibility.
New, by me: Under Armour says it’s aware of data breach claims after 72M customer records were posted online.
A spox. told me a "small percentage" of customers had sensitive information compromised but wouldn't say what it considers "sensitive," nor provide an accurate figure of affected customers.
GPS attacks are increasing, relatively cheap to implement, spreading geographically, and present a significant threat to people's safety and the economy. If your org uses GPS data, it's time to update your threat models. Learn more: shostack.org/26-01
Today is the day…#LABScon2025 is live from Phoenix, AZ. Get ready for two days of unique research and excellent speakers.
New: French phone giant Bouygues confirmed a data breach affects the personal information of 6.4 million customers.
Bouygues disclosed the breach on a dedicated web page; however, the page is currently deliberately excluded from search engines using "noindex" code, making it more difficult to find.
Enjoying the #threebuddyproblem podcast live from BH /Vegas!
If all goes to plan, I’ll be in Vegas for #BlackHat this week. DM me if you would like to meet. See y’all soon and safe travels to all!
Update: Microsoft has released security updates that fully protect customers using all supported versions of SharePoint affected by CVE-2025-53770 and CVE-2025-53771. Customers should apply these updates immediately.
Full guidance and detection details: msft.it/6010sDzSE.
Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers - www.securityweek.com/microsoft-pa...
New from 404 Media: a startup is selling data hacked from peoples' computers to debt collectors, divorce lawyers, more. People already hacked, now being re-vicitmized by startup. I used the tool, found peoples' personal addresses.
“This is so gross and predatory.”
www.404media.co/a-startup-is...
No patch but here’s the suggested mitigations from MSFT:
Configure Antimalware Scan Interface integration in SharePoint and deploy Defender AV on all SharePoint servers, and/or consider disconnecting your server from the internet until a security update is available.
www.forbes.com/sites/daveyw...
A website developed for the UK Home Office's 2022 "flop" anti-encryption campaign has seemingly been hijacked to push a payday loan scheme.
www.theregister.com/2025/06/25/h...
Iran's APT42 (Charming Kitten) hacker team is now conducting targeted spearphishing attacks on high-profile Israeli national security journalists and cybersecurity researchers, according to Check Point. blog.checkpoint.com/security/edu...
