@ccoloff profile picture
Cathy Coloff @ccoloff

Mother, friend, business owner, computer geek and proud Duke grad

Joined April 2010
  • Tweets 4,210
  • Following 59
  • Followers 282
Photos and videos
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. ow.ly/4imk50Z9qg1 #cybersecurity #theweb

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

thehackernews.com
2
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. ow.ly/OfYn50Z9q6l #chatgpt #cybersecurity #itsecurity

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

OpenAI Lockdown Mode limits outbound ChatGPT requests to reduce prompt injection data exfiltration risk for eligible accounts.

thehackernews.com
18
A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. ow.ly/FmmR50Z9pTu #ai #chrome #ffmpeg #cybersecurity

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

AI found 21 FFmpeg zero-days, some 20 years old; Chrome 149 patched 429 bugs, including 100 critical/high flaws.

thehackernews.com
14
Talk Nerdy to Me... #techtip
World Cup teams review every match. Do the same with your IT. Our FREE IT Assessment checks security, backups, and defenses—so your business is ready for a championship run. #itservices #itsupport it-radix.com/headache-soccer…

GOAAALLL! A Win Over IT Challenges!| IT Radix - New Jersey

Tired of headaches caused by computer issues? IT Radix is offering you a FREE IT Assessment—a no-obligation, no-sales-pressure playbook.

it-radix.com
6
Minecraft players! Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. ow.ly/vEEq50Z7ch0 #minecraft #malware #cybersecurity

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Weedhack malware targets Minecraft players via YouTube and SEO poisoning since Jan 2026, enabling credential theft and remote access.

thehackernews.com
32
Cybersecurity experts have warned about the new class of cyber threat emanating from computer worms that operate in association with AI chatbots, such as ChatGPT. ow.ly/nef150Z7cxO #ai #chatbots #cybersecurity

AI-powered worms could become cybersecurity’s next nightmare, experts warn

With the rapid evolution of artificial intelligence, the cybersecurity landscape is facing unprecedented AI-powered cyber threats. Cybersecurity experts have warned about the new class of cyber...

thenews.com.pk
8
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. ow.ly/gabh50Z7c5s #google #android

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google patched 124 Android flaws in June 2026, including exploited CVE-2025-48595, reducing privilege-escalation risks.

thehackernews.com
2
Don’t be a sitting duck for cyberthreats. Our free report shares 7 urgent security protections every business should have in place—simple, practical steps to stay proactive and protected. #itservices #itsupport it-radix.com/are-you-a-sitti…

Are You A Sitting Duck? | IT Radix - New Jersey

Are You A Sitting Duck? A Free Offer of Critical Information You Need Fill our the form below to download the free report “Seven Urgent Security Protections Every Business Should Have in Place Now”...

it-radix.com
1
7
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. ow.ly/Uk5U50Z4GZB #litespeed #cybersecurity #itsecurity

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

CVE-2026-48172 lets cPanel users run scripts as root, affecting LiteSpeed plugin 2.3–2.4.4 and exposing servers.

thehackernews.com
10
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. ow.ly/eXwz50Z4GUJ #microsoft #itsecurity #sharepoint

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft released fixes for SharePoint remote code execution vulnerability CVE-2026-45659 with a CVSS score of 8.8.

thehackernews.com
10
Since at least early 2025, GlassWorm operators have systematically targeted software developers, a population with access to source code repositories, cloud platforms, CI/CD pipelines, and package registries," CrowdStrike said. ow.ly/tuJp50Z4GPE #malware #cybersecurity

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

thehackernews.com
30
Talk Nerdy to Me... #techtip
10
Today, we remember and honor the brave men and women who made the ultimate sacrifice in service to our country. Wishing everyone a safe and reflective Memorial Day.
4
A hacking group known as Storm-2949 is abusing the password reset feature in Microsoft’s services to steal people's login credentials, access their accounts, and exfiltrate as much sensitive data as possible. ow.ly/kuXj50Z2HrI #hacking #passwordreset #itsecurity

Microsoft warns hackers are exploiting password resets to gain access to user accounts - here's how...

Storm-2949 is engaged in a "methodical, sophisticated, and multi-layered" campaign

techradar.com
66
A new SecureBoot folder appeared in Windows 11 after May's update. Here's what it is, what it does, and why you shouldn't delete it. ow.ly/O4at50Z2lvs #microsoft11 #secureboot #itsecurity

Windows 11's new SecureBoot folder isn't malware. Here's what it does

A new SecureBoot folder appeared in Windows 11 after May's update. Here's what it is, what it does, and why you shouldn't delete it.

pcworld.com
32
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code. ow.ly/EMzo50Z2lg6 #supplychain #itsecurity #cybersecurity

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

GitHub Action tags point to malicious commits, exposing CI/CD credentials; 15 second-action tags also compromised.

thehackernews.com
30
Talk Nerdy to Me... #techtip #itsecurity
2
What are the 3 biggest mistakes made when a company makes an office move? Learn more about these mistakes here and get a free Office Move Checklist that will help you avoid them all! #itservices #itsupport #officemove it-radix.com/is-your-office-…

Is Your Office Moving? | IT Radix - New Jersey

Office relocation can be a pain in the rump. But with a little up-front planning, it can be less stressful. We hear quite often, “I didn’t know I needed to…” or “I completely forgot that.” Quite...

it-radix.com
8
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. ow.ly/9ZLy50YZ2T2 #microsoft #tech #itsecurity

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft patched 138 flaws, including 30 Critical bugs, as AI discovery expands Patch Tuesday risk.

thehackernews.com
5
Load more