Information Security Buzz

@Info_Sec_Buzz

Delivering the latest in #cybersecurity news, trends, insights, and top #infosec blogs for the cybersecurity community. Stay informed, stay secure!

Global

Joined May 2013

2KFollowing

21KFollowers

Information Security Buzz@Info_Sec_Buzz · 4 h

Amazon has disclosed a near-miss incident involving a malicious hardcoded prompt in the Amazon Q VS Code plugin. The prompt is capable of deleting everything from local files to AWS infrastructure. 🔗 Read more: informationsecuritybuzz.com/clean-to-facto… #ISBNews

Info_Sec_Buzz's tweet card. Amazon has quietly disclosed a near-catastrophic AI security incident that, while not making headlines, should send chills through every cybersecurity

Information Security Buzz@Info_Sec_Buzz · 5 h

A vulnerability in Google’s Gemini CLI could have let attackers execute hidden malicious commands on developers' machines. @tracebit_com's researchers exposed the flaw, leading to a critical fix from Google. 🔗 Read more: informationsecuritybuzz.com/code-execution… #ISBNews

Info_Sec_Buzz's tweet card. A newly discovered vulnerability in Google’s Gemini CLI, an AI-powered tool designed to help developers explore and write code from the command line, has

100

Information Security Buzz@Info_Sec_Buzz · Jul 25

AI is fueling a new era of phishing. Deepfake voices, generative emails, and hyper-targeted scams are rising. Learn how scammers are exploiting our trust: informationsecuritybuzz.com/ai-powered-phi… ✍ Igboanugo David Ugochukwu #Deepfakes #AIPhishing #InformationSecurityBuzz

Info_Sec_Buzz's tweet card. The digital landscape has become a hunting ground, not for traditional predators wielding crude tools of deception, but for sophisticated adversaries armed

142

Information Security Buzz@Info_Sec_Buzz · Jul 25

94% of Americans have unused "zombie accounts" that pose real cybersecurity risks. These abandoned logins can become a gateway for attackers. 🔗 Read more: informationsecuritybuzz.com/the-graveyard-… ✍ Kirsten Doyle #DataPrivacy #ZombieAccounts #ISBNews

Info_Sec_Buzz's tweet card. Lurking in the shadow of the sleek platforms and subscription stacks we see today, lies a forgotten digital world. It’s populated by millions of inactive

115

Information Security Buzz@Info_Sec_Buzz · Jul 25

Cybersecurity researcher Jeremiah Fowler uncovered a massive breach involving 1.1M+ sensitive records tied to the Gladney Center for Adoption. 🔗 Read more: informationsecuritybuzz.com/over-one-milli… ✍ Josh Breaker-Rolfe #DataBreach #Privacy #ISBNews

Info_Sec_Buzz's tweet card. Cybersecurity researcher Jeremiah Fowler discovered a massive data breach exposing over 1.1 million records tied to Gladney Center for Adoption, a well-known

124

Information Security Buzz@Info_Sec_Buzz · Jul 24

President Trump has unveiled three major AI executive orders on infrastructure, export controls, and LLM bias. 🔗 Read more: informationsecuritybuzz.com/trump-to-sign-… Insights from @Darktrace Federal, @LibDefense, @Bugcrowd, @MimotoHQ, @ColorTokensInc, @pathlock, @BlackDuck_SW & @deepwatch_sec

Info_Sec_Buzz's tweet card. President Donald Trump has signed a trio of artificial intelligence-focused executive orders yesterday at an AI summit in Washington.

112

Information Security Buzz@Info_Sec_Buzz · Jul 24

An open Elasticsearch server has leaked 100+ million sensitive records of Swedish citizens and businesses, including identity numbers, tax data, and property histories. 🔗 Read more: informationsecuritybuzz.com/sweden-data-le… ✍ Kirsten Doyle #SwedenDataLeak #ISBNews

Info_Sec_Buzz's tweet card. A misconfigured Elasticsearch server has exposed hundreds of millions of records tied to Swedish citizens and companies. No password. No firewall. Just open

141

Information Security Buzz@Info_Sec_Buzz · Jul 24

A new phishing campaign dubbed FileFix, discovered by @CheckPointSW, is tricking users into installing malicious browser extensions, granting attackers access to visited sites, credentials, and injecting malicious scripts. 🔗 Read more: informationsecuritybuzz.com/filefix-phishi… #Phishing #ISBNews

Info_Sec_Buzz's tweet card. A newly discovered phishing campaign dubbed “FileFix” is raising serious alarms in the cybersecurity community, building on the notorious ClickFix exploit to

119

Information Security Buzz@Info_Sec_Buzz · Jul 23

July's expert panel discusses how one of the most elusive threat groups, Scattered Spider, leverages trust, social engineering, and human vulnerabilities to breach major companies and what leaders can do to fight back. 🔗: informationsecuritybuzz.com/lessons-from-s… #InformationSecurityBuzz

Info_Sec_Buzz's tweet card. When cybercrime makes headlines, the conversation usually turns to ransomware payloads, zero-days, or patching lapses. But in the case of Scattered Spider,

135

Information Security Buzz@Info_Sec_Buzz · Jul 23

The UK wants to outlaw ransomware payments for public sector and critical infrastructure organisations. Experts warn that criminals could shift risk to smaller targets. 🔗 Read more: informationsecuritybuzz.com/uk-proposes-ra… ✍ Kirsten Doyle #Ransomware #UKPolicy #ISBNews

Info_Sec_Buzz's tweet card. The UK government is preparing to outlaw ransomware payments by public sector and critical national infrastructure (CNI) organisations.

123

Information Security Buzz@Info_Sec_Buzz · Jul 23

Phishing tactics evolve, and no brand is off limits. @CheckPointSW's Q2 2025 report breaks down the latest phishing trends and what they mean for users and businesses. 🔗 Read more: informationsecuritybuzz.com/spotify-phishi… ✍ Kirsten Doyle #Phishing #CyberSecurity #ISBNews

Info_Sec_Buzz's tweet card. Phishing remains the blunt instrument of choice for cybercriminals. And in Q2 2025, they wielded it with more precision (and more imagination) than ever.

115

Information Security Buzz@Info_Sec_Buzz · Jul 22

.@Lookout Threat Intelligence uncovered upgraded versions of the Iranian spyware linked to the APT group MuddyWater. 🔗 Read more: informationsecuritybuzz.com/the-vpn-trap-m… ✍ Kirsten Doyle #VPNTrap #MuddyWater #ISBNews

Info_Sec_Buzz's tweet card. One week after Israeli strikes on Iranian nuclear infrastructure, Lookout Threat Intelligence discovered four new samples of DCHSpy, a mobile surveillance

Information Security Buzz@Info_Sec_Buzz · Jul 22

.@BackslashSec researchers uncovered four critical ways to bypass Cursor’s denylist, revealing how agentic AI tools can execute unauthorized commands, even when they’re supposedly blocked. 🔗 Read more: informationsecuritybuzz.com/cursors-denyli… ✍ Kirsten Doyle #AgenticAI #ISBNews

Info_Sec_Buzz's tweet card. When it comes to “vibe coding,” automation is king. Tools like Cursor (an AI-based code editor rapidly gaining popularity among developers) promise faster

Information Security Buzz@Info_Sec_Buzz · Jul 22

Microsoft has issued an out-of-band fix for CVE-2025-53770, a critical SharePoint flaw exploited in the wild. Attackers had a 2-week head start, with breaches impacting US agencies and telecoms. 🔗 Read more: informationsecuritybuzz.com/toolshell-gets… ✍ Kirsten Doyle #ToolShell #ISBNews

Info_Sec_Buzz's tweet card. Microsoft has released an out-of-band security update to address ToolShell, a critical SharePoint vulnerability that’s already being exploited in the wild.

298

Information Security Buzz@Info_Sec_Buzz · Jul 21

Email threats have evolved, but most defenses haven’t. Usman Choudhary of @VIPRESecurity makes the case for intent-aware, behavioral AI-powered email security. 🔗 Read more: informationsecuritybuzz.com/email-security… #InformationSecurityBuzz

Info_Sec_Buzz's tweet card. Cybercriminals have moved on. Most email defenses haven’t.

132

Information Security Buzz@Info_Sec_Buzz · Jul 21

5 million+ public Wi-Fi networks found exposed, Zimperium warns. As summer travel surges, so do mobile security risks, from rogue hotspots to sideloaded apps and phishing disguised as travel alerts. 🔗 Read more: informationsecuritybuzz.com/five-million-p… ✍ Kirsten Doyle #WiFiRisks #ISBNews

Info_Sec_Buzz's tweet card. With summer in full swing, the world is moving again. Airports are crowded, business trips are back, and employees are logging in from cafés, taxis, and

115

Information Security Buzz@Info_Sec_Buzz · Jul 21

ToolShell zero-day in Microsoft SharePoint puts on-premise servers at serious risk. No user interaction needed. No patch yet. CVSS 9.8. CISA has added it to the Known Exploited list. 🔗 Read more: informationsecuritybuzz.com/toolshell-expl… ✍ Kirsten Doyle #ToolShell #MicrosoftSharePoint #ISBNews

Info_Sec_Buzz's tweet card. A critical vulnerability in Microsoft SharePoint is under active attack, putting thousands of on-premise servers at risk. The flaw, tracked as CVE-2025-53770

195

Information Security Buzz@Info_Sec_Buzz · Jul 18

Cloaking-as-a-Service is the new frontier in cybercrime. New research from @slashnextinc uncovers that cybercriminals are using AI-powered cloaking platforms to serve clean pages to scanners and scams to users. 🔗 Read more: informationsecuritybuzz.com/cybercriminals… ✍ Kirsten Doyle #ISBNews

Info_Sec_Buzz's tweet card. Cybercriminals have found a new way to stay hidden in plain sight. They’re using artificial intelligence to cloak phishing sites, fake stores, and malware

107

Information Security Buzz@Info_Sec_Buzz · Jul 18

.@Steel_Con celebrates 10 years of cybersecurity learning, collaboration, and community in Sheffield. Read Dan Raywood’s reflections and key takeaways from the talks he attended ⤵️ 🔗:informationsecuritybuzz.com/lessons-learne… #CyberSecurity #ThreatModelling #InformationSecurityBuzz

Info_Sec_Buzz's tweet card. Every year, the security community attends regional conferences, which offer a combination of educational learning, hands-on training, and the opportunity to

346

Information Security Buzz@Info_Sec_Buzz · Jul 18

Global cyberattacks surged by 21% in Q2 2025, with Europe seeing the sharpest rise, according to @CheckPointSW's latest threat report. 🔗 Read more: informationsecuritybuzz.com/cyber-attacks-… ✍ Kirsten Doyle #ThreatReport #ISBNews

Info_Sec_Buzz's tweet card. Cyber attacks are rising. Fast.

126