Shawn Waldman

"I've been working in cybersecurity for 3 years and I feel great!" - Dave, 24

The Space Shuttle Challenger gave us all PTSD. We watched it blow up during class and then went on with our day, no counseling, no trauma response. We were expected to carry on so we did. No wonder we're tough and DGAF.

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously. To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts. 1/4

Just found out we're being audited by our cyber insurance provider. They want to verify we actually have all the security controls we claimed we have. Problem: we don't have all the security controls we claimed we have. When we applied for the insurance, the application asked if we had multi-factor authentication on all admin accounts. I checked "yes" because we were planning to implement it. We never implemented it. Now the auditor wants to see our MFA logs.I have 48 hours to either: 1. Admit we lied and probably lose our coverage 2. Implement MFA across the entire company in two days 3. Get creative I'm going with option 3.I just enabled MFA on every admin account. Forced enrollment. Everyone had to set it up in the last hour. Then I backdated our MFA implementation logs to show it was enabled six months ago. Is this fraud? Technically maybe. But the security is actually in place now. We're just adjusting the timeline of when we claim we did it. The auditor comes on Monday. By then we'll have 48 hours of MFA logs that I'll present as "recent activity" from our "six-month implementation." Did we lie on the application? Yes. Are we fixing it before anyone finds out? Also yes. Corporate compliance is just staying one step ahead of getting caught.

Breaking news- The cybersecurity firm Malwarebytes confirmed a data leak exposing the personal information of approximately 17.5 million Instagram users. The breach has been linked to a potential Instagram API exposure that occurred in late 2024. The details regarding this incident include: Exposed Information: The leaked dataset includes usernames, full names, verified email addresses, phone numbers, user IDs, and partial physical addresses. Method of Leak: A threat actor using the alias "Solonik" posted the data for free on BreachForums on January 7, 2026. The hacker claimed the data was scraped through an API vulnerability that allowed automated harvesting of profiles. Active Exploitation: Millions of users worldwide have reported receiving unsolicited password reset emails. Experts warn that hackers are using the leaked contact info to trigger these requests en masse to identify active accounts for phishing or hijacking. Meta's Response: As of January 10, 2026, Meta (Instagram's parent company) has not officially confirmed the breach or issued a public statement addressing the specific 17.5 million record leak. Recommended Security Steps To protect your account, cybersecurity experts suggest the following actions: Enable Two-Factor Authentication (2FA): Use an authenticator app rather than SMS to prevent SIM swapping. Ignore Unsolicited Emails: Do not click links in unexpected password reset emails. If you need to change your password, do so manually through the official Instagram Settings. Review Logged-in Devices: Check for unrecognized active sessions in the Meta Accounts Center.