Kevin Kosh
@kidko92.bsky.social
PR elder, cybersecurity roadie, proud papa of 2 boys, accomplished wiseacre, Multiversal social entity.
Wagging the Dog: Petco discloses that an app "setting" allowed certain data to get off the leash.
techcrunch.com/2025/12/05/p...
techcrunch.com/2025/12/05/p...
Petco confirms security lapse exposed customers’ personal data | TechCrunch
The pet company has published almost no details about what happened, who was affected, and what personal data was exposed.
techcrunch.com
December 5, 2025 at 3:03 PM
Wagging the Dog: Petco discloses that an app "setting" allowed certain data to get off the leash.
techcrunch.com/2025/12/05/p...
techcrunch.com/2025/12/05/p...
Reposted by Kevin Kosh
This Gov & Beyond episode, the team hosts Breaking Defense’s Publisher and Managing Director, David Smith, and the publication’s Editor in Chief, Aaron Mehta to talk about what goes on in the largest news organization dedicated to defense.
Tune in here: w2comm.com/gov-beyond-d...
Tune in here: w2comm.com/gov-beyond-d...
December 4, 2025 at 3:09 PM
This Gov & Beyond episode, the team hosts Breaking Defense’s Publisher and Managing Director, David Smith, and the publication’s Editor in Chief, Aaron Mehta to talk about what goes on in the largest news organization dedicated to defense.
Tune in here: w2comm.com/gov-beyond-d...
Tune in here: w2comm.com/gov-beyond-d...
Encraption: It seems the end-to-end ass-et security claims of a smart toilet end at your own backend, and are worth pretty much what comes out. techcrunch.com/2025/12/03/e...
‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted | TechCrunch
Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.
techcrunch.com
December 3, 2025 at 8:06 PM
Encraption: It seems the end-to-end ass-et security claims of a smart toilet end at your own backend, and are worth pretty much what comes out. techcrunch.com/2025/12/03/e...
Reposted by Kevin Kosh
W2 Communications was proud to serve as a sponsor of the SpaceNews' 2025 ICON Awards! Our team had a great time recognizing and celebrating the excellence and innovation of the space community over the past year. Congratulations to this year's honorees!
December 3, 2025 at 6:13 PM
W2 Communications was proud to serve as a sponsor of the SpaceNews' 2025 ICON Awards! Our team had a great time recognizing and celebrating the excellence and innovation of the space community over the past year. Congratulations to this year's honorees!
Reposted by Kevin Kosh
Communications programs are often measured by interview and coverage counts. Our new blog explains why securing these results requires methodically building relationships with journalists, and how communicators can establish these connections. w2comm.com/how-to-estab...
December 3, 2025 at 3:06 PM
Communications programs are often measured by interview and coverage counts. Our new blog explains why securing these results requires methodically building relationships with journalists, and how communicators can establish these connections. w2comm.com/how-to-estab...
-net loss: Firewall vendor discloses 2nd zero day in less than a week, prompting questions of gross disclosure practices. www.darkreading.com/vulnerabilit...
Fortinet Woes Continue With Another WAF Zero-Day Flaw
A second zero-day vulnerability in Fortinet's web application firewall (WAF) line has raised more questions about the vendor's disclosure practices.
www.darkreading.com
November 20, 2025 at 11:06 AM
-net loss: Firewall vendor discloses 2nd zero day in less than a week, prompting questions of gross disclosure practices. www.darkreading.com/vulnerabilit...
Reposted by Kevin Kosh
𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴... 𝘁𝗵𝗲 𝗘𝗰𝗵𝗼 𝗔𝘄𝗮𝗿𝗱𝘀! 🏆✨
It’s about time that we recognize the excellent journalists who bring clarity to the fast-moving, complex world of the U.S. Public Sector- from Federal to State & Local to Education.
Stay tuned for more information coming soon! theechoawards.com
It’s about time that we recognize the excellent journalists who bring clarity to the fast-moving, complex world of the U.S. Public Sector- from Federal to State & Local to Education.
Stay tuned for more information coming soon! theechoawards.com
November 17, 2025 at 2:54 PM
𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴... 𝘁𝗵𝗲 𝗘𝗰𝗵𝗼 𝗔𝘄𝗮𝗿𝗱𝘀! 🏆✨
It’s about time that we recognize the excellent journalists who bring clarity to the fast-moving, complex world of the U.S. Public Sector- from Federal to State & Local to Education.
Stay tuned for more information coming soon! theechoawards.com
It’s about time that we recognize the excellent journalists who bring clarity to the fast-moving, complex world of the U.S. Public Sector- from Federal to State & Local to Education.
Stay tuned for more information coming soon! theechoawards.com
Sheep: Police plate reader tech maker Flock reaches 97% MFA enablement after FTC accuses them of not being good shepherds of customer security with default controls. 3% have "reasons". Woof. techcrunch.com/2025/11/03/l...
Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers | TechCrunch
Flock said around 3% of its law enforcement customers do not use multi-factor authentication, potentially leaving dozens of law enforcement agency accounts open to compromise and improper access.
techcrunch.com
November 6, 2025 at 11:55 AM
Sheep: Police plate reader tech maker Flock reaches 97% MFA enablement after FTC accuses them of not being good shepherds of customer security with default controls. 3% have "reasons". Woof. techcrunch.com/2025/11/03/l...
Heed the call of the Tacos....
If you're looking for an opportunity to showcase your company at #RSAC2026, CYBERTACOS is a great way to connect with top cybersecurity executives and innovators!
Contact us today at [email protected] to learn about our sponsorship opportunities and secure your spot!
Contact us today at [email protected] to learn about our sponsorship opportunities and secure your spot!
November 4, 2025 at 2:49 PM
Heed the call of the Tacos....
Refresh...Refresh...Refresh: F5 reports that nation state actors maintained long-term, persistent access to systems that revealed source code, vuln data and even some customer config and implementation data www.securityweek.com/f5-blames-na...
F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data
F5 was recently targeted by state-sponsored threat actors who managed to steal sensitive information from the company’s systems.
www.securityweek.com
October 16, 2025 at 10:58 AM
Refresh...Refresh...Refresh: F5 reports that nation state actors maintained long-term, persistent access to systems that revealed source code, vuln data and even some customer config and implementation data www.securityweek.com/f5-blames-na...
(Open) House Party: Envious of "party people"? Don't be. Partiful apparently lets you join, since location data of user-uploaded images is invitingly there for the taking... photos.https://techcrunch.com/2025/10/04/event-startup-partiful-wasnt-stripping-gps-locations-from-user-uploaded-photos/
October 16, 2025 at 10:57 AM
(Open) House Party: Envious of "party people"? Don't be. Partiful apparently lets you join, since location data of user-uploaded images is invitingly there for the taking... photos.https://techcrunch.com/2025/10/04/event-startup-partiful-wasnt-stripping-gps-locations-from-user-uploaded-photos/
SonicBoom: network security vendor's breach estimates shatter the sound (security) barrier, speeding from 5% to 100% of customers affected by a "cloud backup file incident"that exposed encrypted credentials and backup firewall configuration files. www.darkreading.com/cyberattacks...
SonicWall: 100% of Firewall Backups Were Breached
SonicWall said the breach affected firewall configuration files for all customers using SonicWall’s cloud backup service — up from a previous 5% estimate.
www.darkreading.com
October 10, 2025 at 11:10 AM
SonicBoom: network security vendor's breach estimates shatter the sound (security) barrier, speeding from 5% to 100% of customers affected by a "cloud backup file incident"that exposed encrypted credentials and backup firewall configuration files. www.darkreading.com/cyberattacks...
One if by Land...: British automaker sees another significant ransomware attack, marking number two this year for the company, and the Jaguar maker is unable to outrun a significant operational outage. www.securityweek.com/jaguar-land-...
Jaguar Land Rover Operations 'Severely Disrupted' by Cyberattack
British automobile manufacturer Jaguar Land Rover (JLR) is scrambling to restore applications and operations that were impacted by a cyberattack.
www.securityweek.com
September 3, 2025 at 10:56 AM
One if by Land...: British automaker sees another significant ransomware attack, marking number two this year for the company, and the Jaguar maker is unable to outrun a significant operational outage. www.securityweek.com/jaguar-land-...
Screeching halt: speed cameras crash across the Netherlands due to a cyberattack on the Dutch Public Prosecution Service exploiting Citrix vulns. www.theregister.com/2025/08/15/c...
Dutch prosecution service attack keeps speed cameras offline
: Who knew zero-days could be so useful to highway speedsters?
www.theregister.com
August 20, 2025 at 1:08 PM
Screeching halt: speed cameras crash across the Netherlands due to a cyberattack on the Dutch Public Prosecution Service exploiting Citrix vulns. www.theregister.com/2025/08/15/c...
End of Line: AI customers seem without a CLU as nearly all MCP servers are exposed with no authentication checks of any kind www.darkreading.com/vulnerabilit...
Nearly 2,000 MCP Servers Possess No Security Whatsoever
Authentication in MCP — the backbone of agentic AI — is optional, and nobody's implementing it. Instead, they're allowing any passing attackers full control of their servers.
www.darkreading.com
July 21, 2025 at 11:54 AM
End of Line: AI customers seem without a CLU as nearly all MCP servers are exposed with no authentication checks of any kind www.darkreading.com/vulnerabilit...
High and Dry: Alcohol and Drug Testing Service gets smoked by ransomware gang, losing PII on more than 750K individuals. www.securityweek.com/750000-impac...
750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service
The Alcohol & Drug Testing Service (TADTS) says personal information was stolen in a July 2024 ransomware attack.
www.securityweek.com
July 21, 2025 at 10:33 AM
High and Dry: Alcohol and Drug Testing Service gets smoked by ransomware gang, losing PII on more than 750K individuals. www.securityweek.com/750000-impac...
Not lovin it...: Researchers find an unhappy meal of 64 million records containing candidate chats with McDonald's AI hiring chatbot, driving thru the data with a kids meal password of 123456. www.wired.com/story/mcdona...
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
www.wired.com
July 10, 2025 at 10:27 AM
Not lovin it...: Researchers find an unhappy meal of 64 million records containing candidate chats with McDonald's AI hiring chatbot, driving thru the data with a kids meal password of 123456. www.wired.com/story/mcdona...
American Steal: Largest stateside producer, Nucor, reports the theft of "internal data" via system compromise. www.darkreading.com/cyberattacks...
Steel Giant Nucor Confirms Data Stolen in Cyberattack
America's largest steel producer initially disclosed the breach in May and took potentially affected systems offline to investigation the intrusion and contain any malicious activity.
www.darkreading.com
June 25, 2025 at 11:43 AM
American Steal: Largest stateside producer, Nucor, reports the theft of "internal data" via system compromise. www.darkreading.com/cyberattacks...
Spy purchase Spy: Surveillance boaster child Cellebrite acquires US-based Corellium for $200M www.securityweek.com/controversia...
Controversial Firms Cellebrite and Corellium Announce $200 Million Acquisition Deal
Cellebrite and Corellium, whose names have been mentioned in spyware stories, are joining forces to provide advanced investigative solutions.
www.securityweek.com
June 5, 2025 at 1:14 PM
Spy purchase Spy: Surveillance boaster child Cellebrite acquires US-based Corellium for $200M www.securityweek.com/controversia...
Sun burned: Researchers shine a harsh light on more than 90 unscreened vulnerabilities in the management interfaces of solar power system management interfaces. www.securityweek.com/35000-solar-...
35,000 Solar Power Systems Exposed to Internet
Forescout has analyzed the prevalence of internet-exposed solar power devices and shared a list of the top vendors and devices.
www.securityweek.com
June 4, 2025 at 11:37 AM
Sun burned: Researchers shine a harsh light on more than 90 unscreened vulnerabilities in the management interfaces of solar power system management interfaces. www.securityweek.com/35000-solar-...
Punch to the Face: cred stuffing attack hits major sports apparel brand as the trend in retail security overall seems to be going south. www.securityweek.com/thousands-hi...
Thousands Hit by The North Face Credential Stuffing Attack
Threat actors steal personal information from thenorthface.com user accounts in a recent credential stuffing campaign.
www.securityweek.com
June 4, 2025 at 10:59 AM
Punch to the Face: cred stuffing attack hits major sports apparel brand as the trend in retail security overall seems to be going south. www.securityweek.com/thousands-hi...
A Rough in the Diamond: luxury jewelry brand Cartier discloses heist of basic PII in which a 3rd party gained access to systems, but light on details. www.bleepingcomputer.com/news/securit...
Cartier discloses data breach amid fashion brand cyberattacks
Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised.
www.bleepingcomputer.com
June 3, 2025 at 9:38 AM
A Rough in the Diamond: luxury jewelry brand Cartier discloses heist of basic PII in which a 3rd party gained access to systems, but light on details. www.bleepingcomputer.com/news/securit...
Open relationship: vuln in Raw dating app lays bare sensitive info including PII, sexual preference and even location details. www.scworld.com/brief/vulner...
Vulnerability exposes Raw dating app user information
TechCrunch reports that Raw a dating app touting more authentic interactions that has amassed over 500,000 Android installations since its launch two years ago has been impacted by an insecure direct ...
www.scworld.com
May 6, 2025 at 11:36 AM
Open relationship: vuln in Raw dating app lays bare sensitive info including PII, sexual preference and even location details. www.scworld.com/brief/vulner...
The truth Hertz: Rental giant shifts gears regarding cyberattack on a 3rd party partner in late 2024, now saying significant customer PII was taken in multiple countries techcrunch.com/2025/04/14/h...
Hertz says customers' personal data and driver's licenses stolen in data breach | TechCrunch
The car rental giant attributed the breach to Cleo, whose customers had data stolen by a ransomware gang in 2024.
techcrunch.com
April 14, 2025 at 7:06 PM
The truth Hertz: Rental giant shifts gears regarding cyberattack on a 3rd party partner in late 2024, now saying significant customer PII was taken in multiple countries techcrunch.com/2025/04/14/h...
