Limor Kessem, CISM, C|ISO

Hello follower! This is my #infosec feed. Expect news on #cybersecurity #cybercrime #regulation #cyberattacks and #databreaches + related worthy shares.💁🏻‍♀️Thanks for the follow!

Researchers left AI agents alone in a virtual town and watched it all unravel: malwarebytes.com/blog/ai/2026/0… | #AIsecurity #infosec

@it4sec Oh boy...

You ever change a database schema late in the project? That’s not coding anymore. That’s just you quietly ruining your own life, one migration at a time.

[3/3] ...including one ransom worth nearly $27 million. You can read more about this story on CNN: edition.cnn.com/2026/04/22/pol… | #cybercrime #ransomware #extortion

[2/n] Instead, he secretly funneled private information such as how much insurance money victims had, to the notorious #ALPHV / #BlackCat hacker group. These tips allowed the attackers to demand much higher payments, leading to massive payouts from non-profits, hospitals...

[1/n] Today on the #WTF corner... a former #ransomware negotiator pleads guilty to betraying the very companies that hired him for help. Working for a professional recovery firm, he was supposed to help businesses minimize damage after cyberattacks.... #cybercrime

There are already at least 45-90 non-human identities in the enterprise for each human user. Check out this video to learn more about securing them #AgenticRuntime #AgenticSecurity #AISecurity youtube.com/watch?v=HtnlUo… | #infosec

I like interesting #cyberbust stories and this one's definitely one of them: Cybercriminal charged with stealing $53 million from the Uranium crypto exchange: bleepingcomputer.com/news/security/… | #cybercrime #cryptojacking #UraniumCrypto #SmartContract

For nearly 30 years, journalists have relied on the Internet Archive to see how stories were originally published, before edits, removals, or changes. We need to safeguard that. eff.org/deeplinks/2026…

Link to the article here. Research by @HuntressLabs : huntress.com/blog/railway-p… | #infosec #cybersecurity #cybercrime #AIThreats #CloudSecurity

New #phishing campaign tied to AI cloud-hosting service #Railway allowed attackers to gain access to hundreds of enterprise Microsoft cloud accounts - no password required! This is one insidious #IoT way that AI is used by #cybercrime brokers for a dangerous initial entry point.

You should read this today... "AI getting vindictive: #OpenClaw agent attacks developer who rejected its code". cybernews.com/security/openc… | #AISecurity #SafeAI #infosec #AIGuardrails #AIEthics #EthicalAI

More here from @CheckPointSW blog.checkpoint.com/research/using… | #infosec #cybercrime #AISecurity #ShadowAI

The malware prompts an AI assistant to retrieve content from attackers' server/URLs, creating a proxy layer that masks the true comms channel. Doesn't require API keys or authentication, bypassing common enterprise countermeasures and takedown mechanisms...

AI assistants with web-browsing capabilities could serve as covert command-and-control infrastructure...

Do you remember when you joined X? I do! #MyXAnniversary

Historically, cybersecurity has never been a true entry-level field. Most people start in IT to learn how networks and systems work, then transition into security roles over time once they have a certain amount of foundational knowledge and experience. That said, many companies, colleges, and training institutions have a strong monetary incentive to present cybersecurity as entry-level. They make significant amounts of money selling bootcamps and certifications to people eager to break into the field. After completing these programs and earning a few credentials, many newcomers discover that employers are looking for things they still do not have, most commonly hands-on experience in IT or adjacent roles. This disconnect often leads to frustration and backlash toward employers, who are accused of setting unrealistic expectations for entry-level security jobs. In reality, though, the expectations themselves are not new. What _is_ new is the narrative that cybersecurity is supposed to be an easy or direct entry point into tech. True entry-level cybersecurity roles do exist, but they are not the norm for most roles. To me, being upfront and honest about that reality would save a lot of newcomers time, money, and frustration.

Hands down, one of the most interesting trainings I have taken, ever. Fascinating stuff, highly recommend it. #QuantumComputing #QuantumResponsible @IBM. credly.com/badges/c716158… via @credly

[3/3] and indiscriminate surveillance. In response, Williams, who pleaded guilty, apologized and said he regrets his actions. techcrunch.com/2026/02/11/doj… | #infosec #cybercrime

[2/3] (which counts the Russian government among its clients). Prosecutors said for the first time that the exploits would have allowed the broker and its customers access to "millions of computers and devices around the world," including in the US, to conduct ransomware attacks

[1/3 via @zackwhittaker] U.S. prosecutors are requesting nine years in prison for Peter Williams, aka "Doogie," the former head of #L3Harris' hacking tools maker #Trenchant, for stealing at least eight exploits from the company's systems and selling them to a Russian broker.