Over Security

Over Security

33623 bookmarks
Custom sorting
An Open Call To Flipper Devices
An Open Call To Flipper Devices
The community's problems with Flipper Devices, and how the company can improve.
·spicemesh.de·
An Open Call To Flipper Devices
Sysco - 2,691,852 breached accounts
Sysco - 2,691,852 breached accounts
In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.
·haveibeenpwned.com·
Sysco - 2,691,852 breached accounts
Sysco - 2,691,852 breached accounts
Sysco - 2,691,852 breached accounts
In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.
·haveibeenpwned.com·
Sysco - 2,691,852 breached accounts
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country.
·bleepingcomputer.com·
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country.
·bleepingcomputer.com·
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country.
·bleepingcomputer.com·
Data breach exposes up to 14.2 million email logins at six ISPs
Anche la Cina sviluppa l’AI per la cyber: ecco Tulongfeng, quali impatti
Anche la Cina sviluppa l’AI per la cyber: ecco Tulongfeng, quali impatti
Mentre gli Stati Uniti limitano l'accesso ai modelli AI con capacità cyber più avanzate, la Cina presenta Tulongfeng, un sistema progettato per individuare vulnerabilità software, analizzare codice e assistere i team di sicurezza. L'annuncio conferma che l'intelligenza artificiale per la cybersecurity è ormai una tecnologia strategica
·cybersecurity360.it·
Anche la Cina sviluppa l’AI per la cyber: ecco Tulongfeng, quali impatti
L’economia dei token e il vero prezzo dell’intelligenza artificiale
L’economia dei token e il vero prezzo dell’intelligenza artificiale
Quanto sareste disposti a pagare per usare Claude e ChatGPT? Il passaggio dalle tariffe fisse a quelle a consumo ha fatto esplodere i budget aziendali e sta mostrando la fragilità del sistema AI.
·guerredirete.substack.com·
L’economia dei token e il vero prezzo dell’intelligenza artificiale
L’economia dei token e il vero prezzo dell’intelligenza artificiale
L’economia dei token e il vero prezzo dell’intelligenza artificiale
Quanto sareste disposti a pagare per usare Claude e ChatGPT? Il passaggio dalle tariffe fisse a quelle a consumo ha fatto esplodere i budget aziendali e sta mostrando la fragilità del sistema AI.
·guerredirete.substack.com·
L’economia dei token e il vero prezzo dell’intelligenza artificiale
SecjuiceCON 2026
SecjuiceCON 2026
SecjuiceCON is an online event for infosec and OSINT industry insiders, and we'd love for you to talk to our audience about your wisdom and learnings.
·secjuice.com·
SecjuiceCON 2026
AI Vendor Vetting: An OK Practice Guide
AI Vendor Vetting: An OK Practice Guide
Practical guide to AI vendor vetting, covering key data, security, compliance, and risk questions to assess and manage AI third-party risks.
·secjuice.com·
AI Vendor Vetting: An OK Practice Guide
SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution
SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution
Contents 1. The Ethical Blueprint: Building Trust in Synthetic Media 1. S - Social Benefit 2. C - Consent 3. A - Accountability 4. N - Non-Deception 5. T - Transparency 2. Putting SCANT into Practice 3. TL;DR Checklist 4. It takes work! 5. AI - Embracing the Human 6. Speaking of ISO 42001 The Ethical Blueprint: Building Trust in Synthetic Media Lots of damage has been done with AI, and to keep from deep-sixing the forward-leaning tone I want in this article, I’ll re
·secjuice.com·
SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution
Security Governance & Leadership
Security Governance & Leadership
Part 1 of a series on creating information security policies Contents * Security Starts at the Top (or, Governance Makes or Breaks Your Security Program) * Disclaimer * Why Governance Comes First * The Information Security Policy: Setting the Tone * Risk Management: Replace Guesswork with Discipline * Roles and Responsibilities: Eliminating the Accountability Gap * What Auditors Look For * Common Pitfalls to Avoid * Governance as a Force Multiplier * Afterword about Infosec Policy an
·secjuice.com·
Security Governance & Leadership
CTFs aren't Designed to Train Investigators. Hashclue is.
CTFs aren't Designed to Train Investigators. Hashclue is.
Real investigations start with noise, a fragment, a pattern, something that doesn't fit. Almost nothing in the standard training stack teaches you to work that problem. Hashclue is an attempt to build something that does.
·secjuice.com·
CTFs aren't Designed to Train Investigators. Hashclue is.
People, Policies, and Purpose: Framing Acceptable Use and Human Behavior in Information Security
People, Policies, and Purpose: Framing Acceptable Use and Human Behavior in Information Security
Part 2 of a series on creating information security policies Many breaches don’t start with sophisticated hackers; they start with ordinary users doing ordinary things in unsafe ways. Let’s look at 3 ways to work toward helping people in our organizations understand better how to safeguard everyone’s information. Because there are as many ways to create a policy as there are organizations - compounded with the numerous requirements from regulations - I won’t attempt to provide a one-size-fits-
·secjuice.com·
People, Policies, and Purpose: Framing Acceptable Use and Human Behavior in Information Security
The CTF Ecosystem Is Stagnant and Has Been for Twenty Years
The CTF Ecosystem Is Stagnant and Has Been for Twenty Years
CTFs haven't changed in decades. Better puzzles, same game. The problem isn't technical difficulty, it's that nobody has ever made you commit to anything.
·secjuice.com·
The CTF Ecosystem Is Stagnant and Has Been for Twenty Years
Your OSINT Is Only as Good as Your Thinking
Your OSINT Is Only as Good as Your Thinking
You pulled the threads, mapped the connections, built the timeline. The data looks clean and the narrative holds. Then someone asks a question you didn't consider and the whole picture shifts. The failure was not in your tooling.
·secjuice.com·
Your OSINT Is Only as Good as Your Thinking
Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up
Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up
Part 3 of a series on creating information security policies. Attackers don’t break in…they log in. That’s a bit of a dramatic exaggeration, and it seems cliché, but it’s not really too far off. Consider the 2022 Uber breach. The attacker didn’t exploit a sophisticated vulnerability; they obtained a contractor’s credentials and then bombarded the user with MFA push requests until one was approved. That single moment of fatigue opened the door to internal systems and broader access. Or look a
·secjuice.com·
Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up
For The Dogs
For The Dogs
An introduction to the canine intelligence cell, a volunteer investigative effort focused on exposing the criminal networks exploiting dogs through trafficking, legal loopholes, fraud, violence, and organised abuse.
·secjuice.com·
For The Dogs
Malware Analysis: Is It About Tools or Mindset?
Malware Analysis: Is It About Tools or Mindset?
Malware analysis is more than tools. Learn the mindset, goals, techniques, and workflows analysts need to dissect malware effectively.
·secjuice.com·
Malware Analysis: Is It About Tools or Mindset?
Asset Management & Data Classification: You Can’t Protect What You Can’t See
Asset Management & Data Classification: You Can’t Protect What You Can’t See
Part 4 of a series on creating information security policies. Visibility before Protection Organizations often invest heavily in cybersecurity tools: endpoint protection, firewalls, SIEM platforms, MFA, cloud security solutions, and threat detection services. Unfortunately, many security incidents still come down to a surprisingly simple problem: organizations do not fully understand what they own or where their sensitive data resides. Before an organization can protect its environment, it fi
·secjuice.com·
Asset Management & Data Classification: You Can’t Protect What You Can’t See
SecjuiceCON 2026
SecjuiceCON 2026
SecjuiceCON is an online event for infosec and OSINT industry insiders, and we'd love for you to talk to our audience about your wisdom and learnings.
·secjuice.com·
SecjuiceCON 2026
AI Vendor Vetting: An OK Practice Guide
AI Vendor Vetting: An OK Practice Guide
Practical guide to AI vendor vetting, covering key data, security, compliance, and risk questions to assess and manage AI third-party risks.
·secjuice.com·
AI Vendor Vetting: An OK Practice Guide
SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution
SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution
Contents 1. The Ethical Blueprint: Building Trust in Synthetic Media 1. S - Social Benefit 2. C - Consent 3. A - Accountability 4. N - Non-Deception 5. T - Transparency 2. Putting SCANT into Practice 3. TL;DR Checklist 4. It takes work! 5. AI - Embracing the Human 6. Speaking of ISO 42001 The Ethical Blueprint: Building Trust in Synthetic Media Lots of damage has been done with AI, and to keep from deep-sixing the forward-leaning tone I want in this article, I’ll re
·secjuice.com·
SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution
Security Governance & Leadership
Security Governance & Leadership
Part 1 of a series on creating information security policies Contents * Security Starts at the Top (or, Governance Makes or Breaks Your Security Program) * Disclaimer * Why Governance Comes First * The Information Security Policy: Setting the Tone * Risk Management: Replace Guesswork with Discipline * Roles and Responsibilities: Eliminating the Accountability Gap * What Auditors Look For * Common Pitfalls to Avoid * Governance as a Force Multiplier * Afterword about Infosec Policy an
·secjuice.com·
Security Governance & Leadership