🚨NYC Needs to Re-Investigate These Sewer Incidents from May 2026: At least 3 groups caught entering manholes at night in Astoria (Queens), Gravesend & Williamsburg (Brooklyn). Hip waders, coveralls, headlamps, tools Hours underground Emerged & changed clothes by cars One entry directly near Bowery Bay Wastewater Treatment Plant, a massive facility processing hundreds of millions of gallons daily. Others tie into major sewer networks. Treasure hunting? Possible. But the timing, gear, coordination, and location near critical water infrastructure right before major events is highly suspicious. Quick "nothing found" sweeps aren't enough. New Yorkers should demand a full investigation: identify the people, test water quality, secure access points. Public safety > silence. #NYCSewers #InfrastructureSecurity Manhole mystery grips New York – just what are city’s ‘mole people’ up to? | New York | The Guardian share.google/WgyMywGNd01Hd1r…

Another top Trump adviser abandons ship #DonaldTrump #Infrastructuresecurity #China share.newsbreak.com/ioo9qquz

🇺🇸 Dynatrace Internal Infrastructure Repositories Allegedly Exposed via Compromised Developer PAT A threat actor is claiming to possess a large collection of internal Dynatrace infrastructure repositories allegedly obtained through a compromised developer Personal Access Token (PAT). The actor advertises approximately 246 Git repositories containing infrastructure-as-code, CI/CD configurations, Kubernetes management tooling, cloud provisioning components, and employee-related information. According to the post, the threat actor claims the dataset contains approximately 8.46 GB of compressed data (reported as ~14 GB uncompressed) spanning 164,000 source files across infrastructure, GitOps, cloud operations, deployment automation, and platform engineering repositories. According to the post, the exposed data may include: • Internal GitOps and infrastructure repositories • Kubernetes cluster management configurations • ArgoCD deployment infrastructure and configuration data • Terraform modules and Helm charts • CI/CD pipeline definitions and workflow automation • GitHub App integration configurations • Self-hosted runner deployment infrastructure • AWS account identifiers and cloud infrastructure references • GCP KMS infrastructure references and key management configurations • Vault architecture, secret paths, JWT mounts, and authentication workflows • Container registry and artifact signing infrastructure • Internal policy enforcement and workflow orchestration systems • Employee names, GitHub handles, and corporate email addresses • Internal documentation and operational runbooks The dataset appears to be: • An alleged internal GitHub organization export • Focused primarily on infrastructure engineering and platform operations • Comprised of Git repositories used for cloud, Kubernetes, GitOps, and CI/CD management • Potentially sourced through unauthorized access to a developer account token • Advertised for sale on a cybercrime forum for approximately $12,000 USD If authentic, potential risks may include: • Infrastructure reconnaissance by threat actors • Accelerated post-compromise lateral movement • Identification of privileged systems and trust relationships • Supply-chain attack opportunities targeting build pipelines • Discovery of sensitive cloud resources and deployment workflows • Targeted phishing and social engineering against engineering staff • Increased risk of credential theft and privilege escalation attempts • Exposure of internal architecture that could facilitate future attacks Of particular concern are the claims relating to: • Vault secret-management architecture and authentication paths • Kubernetes and GitOps deployment infrastructure • CI/CD workflow and policy enforcement systems • Cloud provisioning and identity-management repositories • Employee roster information associated with infrastructure teams The post also references alleged signing infrastructure, Sigstore-related repositories, deployment credentials, and administrative deployment tokens. However, the presence, validity, and operational usefulness of any such materials cannot be confirmed from the advertisement alone. At the time of writing, the authenticity of the repositories, the claimed access method, and the extent of any exposure have not been independently verified. Threat actor claims on underground forums should be treated as unverified until confirmed by the affected organization or through independent forensic investigation. #CyberSecurity #ThreatIntelligence #Dynatrace #DataBreach #GitHub #CI_CD #DevSecOps #Kubernetes #GitOps #CloudSecurity #InfrastructureSecurity #SupplyChainSecurity #ThreatActor #DataLeak #OSINT #DarkWebMonitoring #InfoSec #CyberThreats

Alpine Linux continues expanding beyond containers into desktop and workstation deployments. That means more environments are standardizing on musl libc and BusyBox. For operators, compatibility testing becomes just as important as performance gains. Many teams discover application assumptions about glibc only after deployment. Review build and runtime dependencies before wider adoption. zdnet.com/article/alpine-lin… #LinuxSecurity #Linux #InfrastructureSecurity

Cron abuse is often less about malware sophistication and more about operational visibility gaps. Scheduled tasks can quietly survive reboots, process restarts, and partial remediation. Linux servers, cloud instances, and application hosts all rely heavily on automation, making cron a natural persistence target. Many teams focus on package updates and service health while scheduled task reviews happen infrequently. Knowing what "normal" cron activity looks like makes investigations much easier. linuxsecurity.com/features/c… #LinuxSecurity #OpenSourceSecurity #InfrastructureSecurity

IronWorm shows how developer credentials can become an infrastructure security issue. The malware used stolen access to propagate further through repositories and package ecosystems. The blast radius rarely stays on one workstation. Linux environments often connect source control, CI pipelines, registries, and cloud platforms through shared trust. Operators have seen how one leaked token can affect far more than the original system. linuxsecurity.com/news/secur… #Linux #InfrastructureSecurity #DevSecOps

An advanced six-week Cyber Security Training Programme has launched at IIT Madras Pravartak for 35 CISF personnel. Covering cloud computing, digital forensics, AI, and threat identification, the initiative aligns with the national vision to create 5,000 Cyber Commandos. With over 1,600 personnel already trained at premier institutions, this intensive program equips the force with cutting-edge skills to protect India's critical infrastructure, airports, and nuclear installations across both physical and cyber domains. #CyberSecurity #CISF #IITMadras #CyberCommandos #DigitalIndia #InfrastructureSecurity #ArgusNews (Pic Source: CISF/X)

Open ports are often the first thing infrastructure teams discover during a security review. The challenge is that exposed services are not always intentional. In Linux environments, forgotten development services, test databases, and temporary management interfaces can remain reachable long after deployment. Many admins have run a scan and found a service they thought was internal only. Regular port audits help verify actual exposure, not just intended configuration. linuxsecurity.com/howtos/sec… #LinuxSecurity #Linux #InfrastructureSecurity

Chromium V8 zero-day vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog, with active exploitation observed in the wild. A browser issue can quickly become a Linux fleet issue. Many Linux environments rely on Chromium-based browsers for admin portals, cloud consoles, and internal tools. Delayed browser updates can leave workstations and jump hosts exposed. Operators often discover browser versions lag behind OS patch cycles. Inventory Chromium-based deployments alongside regular package reviews. linuxsecurity.com/news/secur… #LinuxSecurity #Linux #InfrastructureSecurity

Supply chain attacks increasingly focus on maintainer accounts, package ownership, and trusted update paths rather than direct server exploitation. The trust chain is often the real target. Linux teams commonly encounter this through automated package updates, CI/CD workflows, and dependency management systems. Many operators discover affected packages only after tracing build dependencies. Reviewing dependency provenance can reveal surprises in mature environments. linuxsecurity.com/news/netwo… #Linux #InfrastructureSecurity #OpenSourceSecurity

Undersea data under attack: The data mapping Russia’s maritime subversion. 🛑⚓ We are witnessing an engineered crisis in Northern Europe's waters. Data shows an unprecedented surge in suspicious "drifting" behavior—where shadow tankers intentionally disable their tracking systems (AIS) or hover aimlessly near critical subsea links. Within Finland’s Exclusive Economic Zone, this anomalous activity near underwater communication cables has skyrocketed by a staggering 849%. The operational threat is tangible. Finnish intelligence and authorities explicitly linked the severe physical damage sustained by the Estlink 2 power cable to highly irregular maneuvers performed by the shadow tanker Eagle S. These are not maritime accidents; they are deniable acts of war. #Estlink2 #EagleS #FinlandEEZ #AISBlackout #InfrastructureSecurity #NorthSea #KremlinTactics #GreyZoneWar

Enterprise Security is evolving, and so is the Lighthouse Technology research initiative. #CyberSecurity #SecurityEngineering #InfrastructureSecurity #CyberResilience #LighthouseTechnology #CloudSecurity #InfoSec

SSH hardening discussions often focus on authentication, but exposed SSH features matter too. Capabilities such as forwarding and unused services can expand the available attack surface. In many Linux environments, configurations evolve over years of operational changes. Teams frequently discover legacy SSH settings that nobody actively uses anymore. Periodic sshd_config reviews can uncover unnecessary exposure before it becomes a problem. linuxsecurity.com/howtos/sec… #LinuxSecurity #InfrastructureSecurity #OpenSourceSecurity

Iranian President Masoud Pezeshkian said that targeting essential infrastructure such as transport, electricity, and water systems reflects weakness rather than strength, stressing that Iran will rely on domestic expertise, national unity, and scientific capability to withstand external pressure and threats. #Iran #Pezeshkian #InfrastructureSecurity #NationalUnity #PakistanTV

SIEM pipelines inherit the quality of the infrastructure feeding them. A noisy data source can overwhelm useful signals. Linux hosts, containers, build systems, and network devices all contribute events that require prioritization. Many teams discover they're collecting everything but monitoring very little effectively. Reviewing high-value log sources first often improves outcomes. linuxsecurity.com/features/s… #Linux #InfrastructureSecurity #DevSecOps

We are delighted to spotlight PLTPRO Data Centre Sdn Bhd as the cover story of CIO Views Magazine’s special edition, “The Most Trusted Companies of 2026.” 🔗cioviews.com/pltpro-data-cen… #MostTrustedCompanies #CyberSecurity #DigitalTransformation #DataCentre #InfrastructureSecurity

Root-owned cron jobs can turn a routine compromise into a much larger operational problem. System-wide scheduled tasks execute with elevated privileges. If attackers gain the ability to modify cron configurations, they can restore accounts, alter configurations, or disable controls automatically. Many teams remove malicious files first and discover they keep coming back. Cron should always be reviewed alongside cleanup efforts. linuxsecurity.com/features/c… #LinuxSecurity #Cybersecurity #InfrastructureSecurity

IronWorm targeted environment variables, credential files, SSH keys, and cloud access tokens on Linux systems. The impact extends beyond the affected package. In many infrastructure environments, CI/CD runners inherit credentials needed to deploy production workloads. Teams often discover how many secrets exist on build hosts only after investigating an incident. linuxsecurity.com/news/secur… #Linux #LinuxSecurity #InfrastructureSecurity