#Tag · bonfire.cafe

Y’all! Personal friend of Kristy PuppyKiller #Noem, a completely unqualified #infosec wannabe, who couldn’t pass pen testeing, or a polygraph saying he didn’t want to sell data; the director of the Cybersecurity and Infrastructure Security Agency ( #CISA), Madhu #Gottumukkala, uploaded sensitive information to a public version of #ChatGPT, because of course he fucking did.

The info leaked was marked “for official use only.” That designation is used within #DHS to identify information of a sensitive nature that, if shared, could adversely impact a person’s privacy or welfare or impede how federal and other programs essential to the national interest operate.

There’s now a concern that the sensitive info could be used to answer prompts from any of ChatGPT’s 700 million users. Critics have questioned whether Gottumukkala knows what he’s doing.

Gee, ya think?

https://arstechnica.com/tech-policy/2026/01/us-cyber-defense-chief-accidentally-uploaded-secret-government-info-to-chatgpt/

Ars Technica

US cyber defense chief accidentally uploaded secret government info to ChatGPT

Congress recently grilled the acting chief on mass layoffs and a failed polygraph.

MissConstrue

@MissConstrue@mefi.social · 2 weeks ago

There’s now a concern that the sensitive info could be used to answer prompts from any of ChatGPT’s 700 million users. Critics have questioned whether Gottumukkala knows what he’s doing.

Gee, ya think?

https://arstechnica.com/tech-policy/2026/01/us-cyber-defense-chief-accidentally-uploaded-secret-government-info-to-chatgpt/

Ars Technica

US cyber defense chief accidentally uploaded secret government info to ChatGPT

Congress recently grilled the acting chief on mass layoffs and a failed polygraph.

Ars Technica

@arstechnica@mastodon.social · 2 weeks ago

US cyber defense chief accidentally uploaded secret government info to ChatGPT
Congress recently grilled the acting chief on mass layoffs and a failed polygraph.
https://arstechnica.com/tech-policy/2026/01/us-cyber-defense-chief-accidentally-uploaded-secret-government-info-to-chatgpt/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Ars Technica

US cyber defense chief accidentally uploaded secret government info to ChatGPT

Congress recently grilled the acting chief on mass layoffs and a failed polygraph.

Ehay2k

@Ehay2k@mastodon.social replied · 2 weeks ago

@arstechnica

Wow. I'm SHOCKED that Noem's choice to lead #CISA turned out to be incompetent.

Bill

@Sempf@infosec.exchange · 4 months ago

Hey threat intel folx:

Is CISA and the KEV something even worth paying attention to any more given, you know, everything? Still accurate?

https://securityaffairs.com/183659/uncategorized/u-s-cisa-adds-oracle-windows-kentico-apple-flaws-to-its-known-exploited-vulnerabilities-catalog.html

#cisa #uspol

Security Affairs

U.S. CISA adds Oracle, Windows, Kentico, Apple flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Oracle, Windows, Kentico, and Apple vulnerabilities to its Known Exploited Vulnerabilities catalog.

Tim Chambers boosted

jbz

@jbz@indieweb.social · 4 months ago

🚨 CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info

｢ The federal government has issued an emergency directive ordering all civilian agencies to update products from F5 after the security company said a nation-state actor had long-term persistent access to source code and information about undisclosed vulnerabilities during a breach discovered in August ｣

https://therecord.media/cisa-directive-f5-nation-state-incident

#cyberattack #cisa #cybersecurity

CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info

The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22.

jbz

@jbz@indieweb.social · 4 months ago

🚨 CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info

https://therecord.media/cisa-directive-f5-nation-state-incident

#cyberattack #cisa #cybersecurity

CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info

The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22.

der.hans and 3 others boosted

Dissent Doe :cupofcoffee:

@PogoWasRight@infosec.exchange · 4 months ago

NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

Dissent Doe :cupofcoffee:

@PogoWasRight@infosec.exchange · 4 months ago

NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

informapirata ⁂ :privacypride:

@informapirata@mastodon.uno · 4 months ago

Protezioni scadute, reti esposte: con la #CISA, l'infrastruttura di sicurezza informatica americana potrebbe pericolosamente scomparire da un giorno all'altro

Domani scade il Cybersecurity Information Sharing Act (CISA) e le tutele legali che consentono alle organizzazioni di condividere informazioni sulle minacce con il governo.
Se il Congresso non lo riautorizza, possiamo dire addio alla difesa informatica collaborativa occidentale.

https://cyberscoop.com/cybersecurity-information-sharing-act-expiration-date/

@informatica

Greg Lloyd

@Roundtrip@federate.social · 7 months ago

“Microsoft has released patches to “fully protect” SharePoint 2019 and SharePoint Subscription Edition servers, and the company is actively working on a patch for SharePoint 2016.

#CISA …says that the scope and impact of the attacks are still being assessed, and that any servers that have been impacted by the exploit should be disconnected from the internet until an official resolution is available.”

#Sharepoint #zeroday https://mastodon.social/@verge/114890559136880575

Benjamin Carr, Ph.D. 👨🏻‍💻🧬

@BenjaminHCCarr@hachyderm.io · 9 months ago

As #US #vulnerability-tracking falters, #EU enters with its own #security bug database
The European Vulnerability Database ( #EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems. The EUVD is similar to the US government's National Vulnerability Database ( #NVD).
https://www.theregister.com/2025/05/13/eu_security_bug_database/ #CISA