Direct Links | Infosec News Feeds

The San Francisco Beat

SFInfoSec aggregates the latest news, podcasts and books covering Cyber Security, Hacking, Infosec, Online Privacy, Cryptography, Threat Research and Vulnerability Disclosures from all the leading sources.

Threatpost The First Stop For Security News

Krebs on Security In-depth security news and investigation

    Blog RSS Feed Fortra Blog

    Security Latest Channel Description

      Schneier on Security

          Comments on:

            BleepingComputer BleepingComputer – All Stories

            TechCrunch Startup and Technology News

            The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]

            The DFIR Report Actionable Cyber Threat Intelligence

            • Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
              by editor on May 11, 2026 at 2:05 pm

              The EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In March 2026, a Windows variant campaign was reported by Atos, with their investigation showing evidence of activity going back to the previous December. In April, we The post Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware appeared first on The DFIR Report.

            • Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting
              by editor on April 22, 2026 at 2:51 pm

              Key Takeaways We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator’s day-to-day workflow, supporting troubleshooting, orchestration, and refinement of the collection pipeline. This AI-assisted workflow resulted in the modular platform Bissa scanner The post Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting appeared first on The DFIR Report.

            • Apache ActiveMQ Exploit Leads to LockBit Ransomware
              by editor on February 23, 2026 at 2:09 pm

              Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Amazon.  This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java Spring The post Apache ActiveMQ Exploit Leads to LockBit Ransomware appeared first on The DFIR Report.

              Biz & IT – Ars Technica Serving the Technologist since 1998. News, reviews, and analysis.

              Websec Cybersecurity Blog Expert insights, trends, research findings, and best practices from Websec security team to help you strengthen your organization’s security posture.