CuraSec

tag: Insider-Threat · 2 items

2026-07-11 · BleepingComputer · source ↗ #supply-chain#open-source#insider-threat
  • Engineer — Learn: A reminder that contributor-level insider threats exist in open-source projects; no specific packages or artifacts were confirmed compromised, and OpenMandriva is niche enough that most teams have no direct exposure.
  • SOC/IR — Skip
  • Leader — Skip
2026-07-11 · BleepingComputer · source ↗ #ransomware#insider-threat#blackcat
  • Engineer — Skip
  • SOC/IR — Learn: Insider-threat angle is notable: attacker was a trusted IR professional with access to victim environments, illustrating how responders can become adversaries — relevant context for vetting IR vendors and monitoring privileged access during incidents.
  • Leader — Learn: The case highlights vendor-risk and insider-threat exposure when engaging external IR firms — useful framing for board discussions on third-party access controls and contractual accountability during incident response engagements.