SC Media
@SCMagazine
Followers
119K
Following
1K
Media
6K
Statuses
98K
The official Twitter feed for all things IT security. A CyberRisk Alliance Resource.
NYC
Joined November 2008
React2Shell took the security world by storm last week when @AWS researchers reported that the bug was actively exploited, and @Cloudflare determined it was dangerous enough to have a 25-minute outage while adding protections against it. #cybersecurity
scworld.com
10.0 RSC flaw actively exploited in the wild by China-based threat groups within hours of public disclosure leads the pack for December's Patch Tuesday.
0
1
2
#AI adoption is surging — but so are hallucinations. You can’t build on unreliable foundations without governance, says Bytewhisper Security's Kyle Hankins. Stop hoping models won’t fail and start building controls that can survive it. #cybersecurity #CISO
scworld.com
If you’re part of an organization that’s currently rushing into the AI fray, do you have the controls and guidance in place to handle hallucinations when they come to call? Or are you trusting that...
0
0
0
Your biggest risk isn’t the breach — it’s what happens after, says @NETSCOUT's Jerry Mancini in this commentary. Internal blind spots let attackers sprint through your network. Only east-west visibility can stop them. #cybersecurity #infosec #CISO
scworld.com
Internal east-west traffic often goes unmonitored, leaving attackers free to move undetected.
0
0
0
North Korea–linked attackers are exploiting React2Shell to deploy a new EtherRAT backdoor, using Ethereum smart contracts for resilient C2. Patch React now and watch for persistence. #cybersecurity #CISO #infosec #ITsecurity
scworld.com
The malware retrieves C2 addresses from Ethereum smart contracts to avoid takedowns.
0
0
0
.@Google resolved a weakness in Gemini Enterprise and Vertex AI Search that researchers said could have enabled the theft of emails, calendars and documents via indirect prompt injection. #cybersecurity #infosec #CISO #ITsecurity #AI
scworld.com
An indirect prompt injection could have exfiltrated data from emails, documents or calendars.
1
0
2
The @USTreasury’s Financial Crimes Enforcement Network found that total #ransomware payments since 2013 have reached $4.5 billion, according to a December 2025 study. #cybersecurity #infosec #CISO #ITsecurity
scworld.com
Even though there was a drop in 2024, the pace of ransomware payments accelerated.
0
0
0
MCP servers are emerging as a major #AI supply chain risk. Recent attacks show how privileged, unmonitored MCP components can be exploited. A new @owasp guide says to lock down access, validate behavior, and monitor continuously. #cybersecurity #CISO
scworld.com
Recent MCP breaches show how privileged servers enable data theft, stressing need for strict controls.
0
0
0
React2Shell took the security world by storm last week when @AWS researchers reported that the bug was actively exploited, and @Cloudflare determined it was dangerous enough to have a 25-minute outage while adding protections against it. #cybersecurity
scworld.com
10.0 RSC flaw actively exploited in the wild by China-based threat groups within hours of public disclosure leads the pack for December's Patch Tuesday.
0
0
0
AI agents promise huge efficiency gains for private equity, but their autonomy brings major data and privacy risks, says @WeilGotshal's Olivia Greer. Smart, controlled deployment is now the edge that will separate leaders from laggards. #cybersecurity #AI
scworld.com
AI agents boost efficiency for private equity, but their autonomy heightens privacy and security risks.
0
0
1
Fraudsters are three moves ahead — and detection-only tools can’t keep up, says @GalileoFintech's Max Spivakovsky in this commentary. Predictive, real-time #AI flips the script, stopping fraud before it lands and cutting losses by up to 55%. #cybersecurity
scworld.com
Here’s how teams can catch fraud before it happens – instead of after the fact.
0
0
0
A Gogs zero-day has been actively exploited since Dec. 1, with 700-plus compromised servers. Until a patch lands, lock down permissions, disable open registration, and secure all self-hosted repos. #cybersecurity #infosec #ITsecurity
scworld.com
A patch hasn’t been released yet – here are five tips for security pros.
0
0
0
.@Docusign impersonation is the most common phishing threat hitting corporate inboxes, according to a recent StrongestLayer analysis shared with SC Media. #cybersecurity #infosec #CISO #ITsecurity
scworld.com
DocuSign was the most impersonated brand among phishing emails that bypassed secure email gateways.
0
0
0
Cloud Security Posture Management (#CSPM) can’t keep up with today’s cloud. CISOs need real-time, AI-driven detection, automated remediation, and outcome-focused security to cut noise and boost resilience. #CloudSecurity #AI #CISO #cybersecurity #infosec
scworld.com
CISO roundtable report argues that CSPM is necessary but insufficient on its own. To reduce real cloud risk under staffing and budget constraints, security teams must move from static posture...
0
0
1
.@salesforce has outgrown its CRM roots — and unmanaged configs, excessive permissions, and rapid low-code development are creating real risk. It’s time for policy-as-code governance. #cybersecurity #infosec #CISO #AppSec #ZeroTrust
scworld.com
In many companies, Salesforce instances are chaotic, unsecured messes. Here's how to tame them with proper governance and security controls.
0
0
2
Phishing-resistant authentication is surging. As FastPass and passkeys grow fast, passwords keep fading. If trends hold, over half of @Okta users could be phishing-proof by 2028. #cybersecurity #infosec #CISO #ITsecurity
scworld.com
The use of phishing-resistant authentication nearly doubled year-over-year, according to Okta's latest Secure Sign-In Trends Report.
0
0
1
.@TheJusticeDept on Dec. 9 announced that it indicted a Ukrainian national for participating in dozens of attacks on critical infrastructure worldwide, including an April 2024 attack on a U.S. water treatment facility in Muleshoe, Texas. #cybersecurity
scworld.com
In a rare case, the FBI aims to bring a nation-state-backed cybercriminal to justice.
0
0
3
#AI browsers boost productivity but expand risk, says @CatoNetworks' Guy Waizel. New threats like HashJack show why identity-first controls, data-aware policies, and session isolation are essential for safe AI-powered browsing. #cybersecurity #CISO
scworld.com
Govern with identity-first controls, data-aware policies, session isolation, and continuous validation.
0
0
0
An evolving fake resume scheme conducted by the threat group GOLD BLADE spreads RedLoader malware and QWCrypt #ransomware, pilfering data in targeted campaigns, @Sophos reported. #cybersecurity #infosec #CISO #ITsecurity
scworld.com
A threat group known as GOLD BLADE is evolving its tactics to deploy RedLoader and QWCrypt.
0
1
2
Startup @7ai_agentic announced Dec. 4 that it raised $130 million 10 months after emerging from stealth, stating the funding round was the largest Series A in history for #cybersecurity. #infosec #AI #ITsecurity #CISO
scworld.com
7AI’s record funding underscores rising confidence in agentic AI to transform security operations.
0
0
1
.@Google resolved a weakness in Gemini Enterprise and Vertex AI Search that researchers said could have enabled the theft of emails, calendars and documents via indirect prompt injection. #cybersecurity #infosec #CISO #ITsecurity #AI
scworld.com
An indirect prompt injection could have exfiltrated data from emails, documents or calendars.
0
1
1
#AI adoption is surging — but so are hallucinations. You can’t build on unreliable foundations without governance, says Bytewhisper Security's Kyle Hankins. Stop hoping models won’t fail and start building controls that can survive it. #cybersecurity #CISO
scworld.com
If you’re part of an organization that’s currently rushing into the AI fray, do you have the controls and guidance in place to handle hallucinations when they come to call? Or are you trusting that...
0
0
1