Jim Mahony
@jpmahony.bsky.social
CISO, Cybersecurity Researcher, PhD, OSINT, SecOps, IoTSec, Yinzer, Coffee, Guitars, Fly Fishing, Lock Picking Carpenter. Good Trouble. Peace.
Reposted by Jim Mahony
🚨Cyber Alert‼️
🇺🇸USA - Crowdstrike
CrowdStrike has identified and terminated a malicious insider who leaked internal screenshots to hackers.
Status: Confirmed
Source: www.bleepingcomputer.com/news/securit...
🇺🇸USA - Crowdstrike
CrowdStrike has identified and terminated a malicious insider who leaked internal screenshots to hackers.
Status: Confirmed
Source: www.bleepingcomputer.com/news/securit...
CrowdStrike catches insider feeding information to hackers
American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters thre...
www.bleepingcomputer.com
November 21, 2025 at 5:50 PM
🚨Cyber Alert‼️
🇺🇸USA - Crowdstrike
CrowdStrike has identified and terminated a malicious insider who leaked internal screenshots to hackers.
Status: Confirmed
Source: www.bleepingcomputer.com/news/securit...
🇺🇸USA - Crowdstrike
CrowdStrike has identified and terminated a malicious insider who leaked internal screenshots to hackers.
Status: Confirmed
Source: www.bleepingcomputer.com/news/securit...
Reposted by Jim Mahony
Reposted by Jim Mahony
Never forget this: Working people outnumber the billionaires and CEOs by a huge margin.
If workers stand together, they will win.
Solidarity.
If workers stand together, they will win.
Solidarity.
September 2, 2025 at 12:01 AM
Never forget this: Working people outnumber the billionaires and CEOs by a huge margin.
If workers stand together, they will win.
Solidarity.
If workers stand together, they will win.
Solidarity.
Reposted by Jim Mahony
The DOGE team at SSA might have violated FISMA and other laws by not following security protocols as spelled out in NIST's SP 800-53, which are mandatory for all government agencies. 1/2
www.csoonline.com/article/4046...
www.csoonline.com/article/4046...
Whistleblower: DOGE put Social Security database covering 300 million Americans on insecure cloud
The complaint accuses DOGE of bypassing security protocols to move Americans’ sensitive personal data outside federal oversight and onto an insecure AWS cloud instance, potentially violating establish...
www.csoonline.com
August 27, 2025 at 6:29 PM
The DOGE team at SSA might have violated FISMA and other laws by not following security protocols as spelled out in NIST's SP 800-53, which are mandatory for all government agencies. 1/2
www.csoonline.com/article/4046...
www.csoonline.com/article/4046...
Reposted by Jim Mahony
You really should read this article on how criminal groups routinely bypass EDR. This isn’t state stuff. I see it all the time, and have for a while. The sad truth is EDR is one rung in defense in depth and it surviving tampering is a perpetual cat mouse game. www.theregister.com/2025/08/14/e...
Ransomware crews don't care about your EDR
: Some custom malware, some legit software tools
www.theregister.com
August 16, 2025 at 11:52 AM
You really should read this article on how criminal groups routinely bypass EDR. This isn’t state stuff. I see it all the time, and have for a while. The sad truth is EDR is one rung in defense in depth and it surviving tampering is a perpetual cat mouse game. www.theregister.com/2025/08/14/e...
This mess needs to be taken care of.
Roblox Corp responds to Louisiana lawsuit that claims it built 'the perfect place for pedophiles'
#cybersecurity #infosec
www.gamedeveloper.com/business/rob...
Roblox Corp responds to Louisiana lawsuit that claims it built 'the perfect place for pedophiles'
#cybersecurity #infosec
www.gamedeveloper.com/business/rob...
Roblox Corp responds to Louisiana lawsuit that claims it built 'the perfect place for pedophiles'
A new lawsuit has accused Roblox of knowingly enabling the 'systemic sexual exploitation and abuse of children across the United States.'
www.gamedeveloper.com
August 18, 2025 at 8:16 PM
This mess needs to be taken care of.
Roblox Corp responds to Louisiana lawsuit that claims it built 'the perfect place for pedophiles'
#cybersecurity #infosec
www.gamedeveloper.com/business/rob...
Roblox Corp responds to Louisiana lawsuit that claims it built 'the perfect place for pedophiles'
#cybersecurity #infosec
www.gamedeveloper.com/business/rob...
A now-patched flaw in the #PostSMTP WordPress plugin let Subscriber-level users take over Admin accounts by accessing email logs like password reset links. Update to stay safe.
🔗 hackread.com/post-smtp-pl...
#CyberSecurity #WordPress #Vulnerability #Plugin #Privacy
🔗 hackread.com/post-smtp-pl...
#CyberSecurity #WordPress #Vulnerability #Plugin #Privacy
Post SMTP Plugin Flaw Allowed Subscribers to Take Over Admin Accounts
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
July 28, 2025 at 4:55 PM
350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE
Four vulnerabilities in a popular Bluetooth implementation can be chained together to enable remote code execution (RCE) in untold millions of vehicles and miscellaneous devices.
#cybersecurity #infosec
www.darkreading.com/vulnerabilit...
Four vulnerabilities in a popular Bluetooth implementation can be chained together to enable remote code execution (RCE) in untold millions of vehicles and miscellaneous devices.
#cybersecurity #infosec
www.darkreading.com/vulnerabilit...
350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE
Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be vulnerable to an attack chain called "PerfektBlue."
www.darkreading.com
July 21, 2025 at 6:31 PM
350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE
Four vulnerabilities in a popular Bluetooth implementation can be chained together to enable remote code execution (RCE) in untold millions of vehicles and miscellaneous devices.
#cybersecurity #infosec
www.darkreading.com/vulnerabilit...
Four vulnerabilities in a popular Bluetooth implementation can be chained together to enable remote code execution (RCE) in untold millions of vehicles and miscellaneous devices.
#cybersecurity #infosec
www.darkreading.com/vulnerabilit...
This is awesome
#Lego
#Lego
July 10, 2025 at 7:53 PM
This is awesome
#Lego
#Lego
yup, this is what happens, and this is why we can't have nice things ...
🍔🍟 McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456' • Wired
#mcdonalds #privacy #cybersecurity
#mcdonalds #privacy #cybersecurity
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
www.wired.com
July 10, 2025 at 7:32 PM
yup, this is what happens, and this is why we can't have nice things ...
Reposted by Jim Mahony
This is utterly unethical. If you let the make-shit-up-machine be your lawyer, you deserve the pain brought on by your stupidity.
I just received a contract on Docusign for review and signing, and it offered to give me an AI-generated summary that I could read instead to save time.
That's AN AI-GENERATED SUMMARY ***OF A CONTRACT***, in case you need to let that sink in.
That's AN AI-GENERATED SUMMARY ***OF A CONTRACT***, in case you need to let that sink in.
June 30, 2025 at 11:48 PM
This is utterly unethical. If you let the make-shit-up-machine be your lawyer, you deserve the pain brought on by your stupidity.
Reposted by Jim Mahony
Think your Smart TV is just showing you movies? It's also a data goldmine for advertisers, learning your habits. A good reminder that *you* often have some control in the settings! 🕵️♂️📺 #Cybersecurity #AI
archive.is/FIJx0
archive.is/FIJx0
June 23, 2025 at 5:23 PM
Think your Smart TV is just showing you movies? It's also a data goldmine for advertisers, learning your habits. A good reminder that *you* often have some control in the settings! 🕵️♂️📺 #Cybersecurity #AI
archive.is/FIJx0
archive.is/FIJx0
Reposted by Jim Mahony
WordPress Motors theme flaw mass-exploited to hijack admin accounts
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site.
www.bleepingcomputer.com
June 22, 2025 at 10:20 PM
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Reposted by Jim Mahony
Holy shit. www.wired.com/story/cbp-dn...
The US Is Storing Migrant Children’s DNA in a Criminal Database
Customs and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future.
www.wired.com
May 30, 2025 at 2:30 AM
Holy shit. www.wired.com/story/cbp-dn...
Reposted by Jim Mahony
*pretends to be surprised*
Colossal scientist now admits they haven’t really made dire wolves
Despite a huge media fanfare in which Colossal Biosciences claimed to have resurrected the extinct dire wolf, the company's chief scientist now concedes that the animals are merely modified grey wolve...
www.newscientist.com
May 22, 2025 at 6:10 PM
*pretends to be surprised*
Reposted by Jim Mahony
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites.
Premium WordPress 'Motors' theme vulnerable to admin takeover attacks
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites.
www.bleepingcomputer.com
May 20, 2025 at 7:46 PM
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites.
Reposted by Jim Mahony
Just read this very real supply chain risk story: rogue comms devices found inside Chinese solar inverters.
If hardware can be compromised at this level, what are we missing in software? Especially in open source and gov procurement.
The implications are bigger than solar.
#SupplyChain #ZeroTrust
If hardware can be compromised at this level, what are we missing in software? Especially in open source and gov procurement.
The implications are bigger than solar.
#SupplyChain #ZeroTrust
www.reuters.com
U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.
www.reuters.com
May 19, 2025 at 1:06 PM
Just read this very real supply chain risk story: rogue comms devices found inside Chinese solar inverters.
If hardware can be compromised at this level, what are we missing in software? Especially in open source and gov procurement.
The implications are bigger than solar.
#SupplyChain #ZeroTrust
If hardware can be compromised at this level, what are we missing in software? Especially in open source and gov procurement.
The implications are bigger than solar.
#SupplyChain #ZeroTrust
Reposted by Jim Mahony
Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition
Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition
cybersecuritynews.com
May 14, 2025 at 12:57 PM
Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition
Reposted by Jim Mahony
Song of the day: Life During War Time
"This ain't no party, this ain't no disco, this ain't no fooling around."
My nomination for the soundtrack song of 2025.
www.youtube.com/watch?v=8al5...
"This ain't no party, this ain't no disco, this ain't no fooling around."
My nomination for the soundtrack song of 2025.
www.youtube.com/watch?v=8al5...
Talking Heads - Life During Wartime (live)
YouTube video by forcedcoitus
www.youtube.com
May 9, 2025 at 11:05 AM
Song of the day: Life During War Time
"This ain't no party, this ain't no disco, this ain't no fooling around."
My nomination for the soundtrack song of 2025.
www.youtube.com/watch?v=8al5...
"This ain't no party, this ain't no disco, this ain't no fooling around."
My nomination for the soundtrack song of 2025.
www.youtube.com/watch?v=8al5...
Reposted by Jim Mahony
Another day of reminding everyone of Carl Sagan’s eerily accurate warning about the dangers of not being able to ask skeptical scientific questions to those in power or authority.
May 8, 2025 at 1:14 PM
Another day of reminding everyone of Carl Sagan’s eerily accurate warning about the dangers of not being able to ask skeptical scientific questions to those in power or authority.
At least 500 e-commerce sites hacked in Supply-Chain Attack
Supply-chain security is important, very important Companies need to hold themselves accountable, too Monitoring of sites and due diligence pre-contract is super important
#cybersecurity #vulnerability
arstechnica.com/security/202...
Supply-chain security is important, very important Companies need to hold themselves accountable, too Monitoring of sites and due diligence pre-contract is super important
#cybersecurity #vulnerability
arstechnica.com/security/202...
Hundreds of e-commerce sites hacked in supply-chain attack
Attack that started in April and remains ongoing runs malicious code on visitors’ devices.
arstechnica.com
May 5, 2025 at 9:11 PM
At least 500 e-commerce sites hacked in Supply-Chain Attack
Supply-chain security is important, very important Companies need to hold themselves accountable, too Monitoring of sites and due diligence pre-contract is super important
#cybersecurity #vulnerability
arstechnica.com/security/202...
Supply-chain security is important, very important Companies need to hold themselves accountable, too Monitoring of sites and due diligence pre-contract is super important
#cybersecurity #vulnerability
arstechnica.com/security/202...
Unofficial Signal app used by Trump officials investigates hack
Unofficial Signal app used by Trump officials investigates hack
TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked.
www.bleepingcomputer.com
May 5, 2025 at 7:48 PM
Reposted by Jim Mahony
Proof this guy is full of SITH.
In Star Wars. those who have embraced the Dark Side of the Force wield red lightsabers. So, in other words, perfect.
May 4, 2025 at 7:44 PM
Proof this guy is full of SITH.
Reposted by Jim Mahony
FBI releases list of 42,000 phishing domains linked to dismantled LabHost platform. #Cybersecurity #Phishing #FBI
FBI Shares List of 42,000 LabHost Phishing Domains
FBI releases list of 42,000 phishing domains linked to dismantled LabHost platform. #Cybersecurity #Phishing #FBI
www.bleepingcomputer.com
May 1, 2025 at 4:54 PM
FBI releases list of 42,000 phishing domains linked to dismantled LabHost platform. #Cybersecurity #Phishing #FBI