Not too long ago, a few gigabytes of data being stolen was a big friggin deal. Now they're swiping data in the terabytes or even petabytes.
jjmarr 22 minutes ago [-]
> In August 2025, three of the most notorious financially-motivated crews on the planet, ShinyHunters, Scattered Spider, and LAPSUS$, formally combined into a coordinated alliance widely tracked as Scattered LAPSUS$ Hunters (SLH), sometimes called “the Trinity of Chaos” (Resecurity; Cyberbit; Infosecurity Magazine; The Hacker News; Computer Weekly; ReliaQuest). Scattered Spider provides initial access through highly-effective social engineering and vishing. ShinyHunters handles exfiltration, leak-site management, and extortion. LAPSUS$ contributes its own brand of identity-system compromise.
Lmao that cybercriminals are closing M&A deals to create vertically integrated SaaS companies.
Do you think anyone was made redundant through kinetic means?
smallmancontrov 9 seconds ago [-]
There's no NDA quite like a kinetic NDA.
john_strinlai 37 minutes ago [-]
>And yet, the public conversation around them has been quiet to the point of being strange.
i dont think its that strange. there are multiple wars raging on, with many people fearing the breakout of a global conflict. a giant pedophile ring has been exposed that no one in power seems interested in doing anything about. prices for everything are haywire. markets are an absolute rollercoaster, hinging completely on one mans late night tweets. and so on.
people just dont have the bandwidth to also learn about what an npm or github is, and why a hack of it is important. news stations are going to pick the news that results in the most people tuning in to watch. that is war, not whatever a mercor is.
the non-tech (and many of the tech) people in my life are also just plain tired of hearing about hacks. they have heard that their information has been stolen 10 times or whatever in the last 5 years. they have heard 100s of "this company was hacked" stories. "another hack? who cares?".
Ray20 11 minutes ago [-]
> a giant pedophile ring has been exposed that no one in power seems interested in doing anything about
But that's not true. The European Union and many other countries are taking extreme measures to ensure that what happened in the United States never happens with them and they are introducing a bunch of different measures to strengthen control over society, the media sphere, and other measures to ensure that no pedophile rings could be exposed.
Der_Einzige 8 minutes ago [-]
Really? The UK never even did anything except sweep the LAST pedophile ring uncovered under the rug too!
"A 2024 report on child sex exploitation in Rochdale from 2004 to 2013 found that there was "compelling evidence" of widespread abuse, and that Greater Manchester Police and Rochdale Council had failed to properly investigate these cases, leaving girls "at the mercy of their abusers". While there were successful prosecutions, the report said that the investigations carried out during the period covered by the report only "scraped the surface" of what had happened, and that many abusers had gone unpunished."
imglorp 9 minutes ago [-]
As fatiguing as legal breach notices are to lay people, it's equally frustrating as a dev because security is not a distinguishing feature we can advertise in our product so we can't prioritize it at all. Let the lawyers figure it out later seems to be best practice now.
And of course vuln finding is now automated so even if we do a good job locking it down this morning, nothing will not keep out the next wave tonight.
Plus, our current political atmosphere encourages digital chaos, for example gutting CISA.
tokai 31 minutes ago [-]
Its the tech worlds equivalent to eating X causes cancer.
ifwinterco 26 minutes ago [-]
HN is a bit of a bubble in that people here tend to be quite privacy focused and would be horrified at the prospect of their details being leaked.
For a lot of normal people that's not the case and as long as they don't get someone actually stealing their identity etc. they aren't really concerned about these kind of things
hydrogen7800 23 minutes ago [-]
Frustratingly, I have my foot in both worlds to a degree. I'm interested enough in tech to pay attention and often lurk the tech bubble that is HN and hear about the raging dumpster fires from the folks who live and work in that domain. But I exist in a mostly non-tech world IRL where this exists among the other burning dumpster fires to the point that I can't care about another data hack, and i hate that I don't have the bandwidth to care. To a more acute degree, my mother was nearly wiped of half her life savings by "hackers"/fraudsters posing as employees of her bank. Being "hacked" is a part of life now, and outrage fatigue is real.
ArekDymalski 38 minutes ago [-]
>Stacked on top of each other across roughly a hundred days, these events are something a historian of computing security writing in 2050 will probably file as a turning point, regardless of what else happens between now and then.
And yet, the public conversation around them has been quiet to the point of being strange.
There's a lot current events that once would have been considered historical: trip around the Moon, war out of nowhere, unprecedented explosion of kleptocracy l, enormously scandals and so long. Noone of these are moving much of the needle among general public.
Why? I think such indifference or rather apathy/torpor is a result of people becoming tired of constant stream of crises (either imaginary or real) that we're being flooded by. The capacity to react with something more than a shrug is finite. And I think we are being drained.
titzer 33 minutes ago [-]
The idiocy out of the Whitehouse is an intentional strategy to flood the zone with crap that sucks all the air out of the room. They have intentionally broken the ability of the public to become informed through a number of means: attention atrophy, lowest-common-denominator mudslinging, and massive, manufactured, stupid global crises. People have become deaf and desensitized.
The fact that humanity sent people back to the moon barely even registered. Crazy times.
mwigdahl 35 minutes ago [-]
Agreed, call it future shock or the Singularity or just overall outrage fatigue, people just aren't reacting to these kinds of things at a level commensurate with their risk or danger.
intended 18 minutes ago [-]
> This meeting also reframes the silence the article keeps returning to. The silence has not broken in mainstream public discourse. It has clearly broken in private, at the top of the U.S. government, in classified briefings and emergency convenings the public is mostly not seeing.
This IS being talked about extensively in all the groups that are being firewalled from funding? Fact checkers, anti fraud groups, NGOs, civil society?
I know I've been in multiple sessions and conferences where the issues are in brutally obvious.
From what I see, no one wants to talk about in tech. Even here on HN, I've begun to feel that the zeitgeist believes that reality is just one technological fix away from being perfect.
It sounds like they were/are using GitHub to host company-private source code, presumably of high-value.
While it's hard to know exactly the setup (e.g. maybe they are running their own instance of GitHub internally), this is your reminder that public clouds are not secure, no matter how much you pay the maintainers of said clouds.
Internal network compromise is of course always possible, but sheesh, it sounds like this list has lots of public cloud failures.
john_strinlai 24 minutes ago [-]
>it sounds like this list has lots of public cloud failures.
the number of private, non-cloud breaches far, far exceeds public cloud breaches.
we just dont hear about them. the majority are swept under the rug (if there is no customer-facing evidence of the hack), or they dont reach the news.
12 minutes ago [-]
Rendered at 15:58:56 GMT+0000 (Coordinated Universal Time) with Vercel.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa...
Lmao that cybercriminals are closing M&A deals to create vertically integrated SaaS companies.
Do you think anyone was made redundant through kinetic means?
i dont think its that strange. there are multiple wars raging on, with many people fearing the breakout of a global conflict. a giant pedophile ring has been exposed that no one in power seems interested in doing anything about. prices for everything are haywire. markets are an absolute rollercoaster, hinging completely on one mans late night tweets. and so on.
people just dont have the bandwidth to also learn about what an npm or github is, and why a hack of it is important. news stations are going to pick the news that results in the most people tuning in to watch. that is war, not whatever a mercor is.
the non-tech (and many of the tech) people in my life are also just plain tired of hearing about hacks. they have heard that their information has been stolen 10 times or whatever in the last 5 years. they have heard 100s of "this company was hacked" stories. "another hack? who cares?".
But that's not true. The European Union and many other countries are taking extreme measures to ensure that what happened in the United States never happens with them and they are introducing a bunch of different measures to strengthen control over society, the media sphere, and other measures to ensure that no pedophile rings could be exposed.
https://en.wikipedia.org/wiki/Rotherham_child_sexual_exploit...
https://en.wikipedia.org/wiki/Rochdale_child_sex_abuse_ring
https://en.wikipedia.org/wiki/Investigations_into_the_Rother...
"A 2024 report on child sex exploitation in Rochdale from 2004 to 2013 found that there was "compelling evidence" of widespread abuse, and that Greater Manchester Police and Rochdale Council had failed to properly investigate these cases, leaving girls "at the mercy of their abusers". While there were successful prosecutions, the report said that the investigations carried out during the period covered by the report only "scraped the surface" of what had happened, and that many abusers had gone unpunished."
And of course vuln finding is now automated so even if we do a good job locking it down this morning, nothing will not keep out the next wave tonight.
Plus, our current political atmosphere encourages digital chaos, for example gutting CISA.
For a lot of normal people that's not the case and as long as they don't get someone actually stealing their identity etc. they aren't really concerned about these kind of things
And yet, the public conversation around them has been quiet to the point of being strange.
There's a lot current events that once would have been considered historical: trip around the Moon, war out of nowhere, unprecedented explosion of kleptocracy l, enormously scandals and so long. Noone of these are moving much of the needle among general public.
Why? I think such indifference or rather apathy/torpor is a result of people becoming tired of constant stream of crises (either imaginary or real) that we're being flooded by. The capacity to react with something more than a shrug is finite. And I think we are being drained.
The fact that humanity sent people back to the moon barely even registered. Crazy times.
This IS being talked about extensively in all the groups that are being firewalled from funding? Fact checkers, anti fraud groups, NGOs, civil society?
I know I've been in multiple sessions and conferences where the issues are in brutally obvious.
From what I see, no one wants to talk about in tech. Even here on HN, I've begun to feel that the zeitgeist believes that reality is just one technological fix away from being perfect.
Like, theres people doing the boring work -
ROOST was set up, https://roost.tools/
The coalition of independent technology researchers exists - https://independenttechresearch.org/
But its never been front page news material.
Maybe because safety is a cost center.
Maybe because people in tech, are quite dependent on Ad tech, and no one wants to kill their own job.
Maybe because the motto is "move fast and break things, (and make sure you don't get stuck with clean up?)"
From this,
https://www.sdxcentral.com/news/cisco-source-code-breach-lea...
It sounds like they were/are using GitHub to host company-private source code, presumably of high-value.
While it's hard to know exactly the setup (e.g. maybe they are running their own instance of GitHub internally), this is your reminder that public clouds are not secure, no matter how much you pay the maintainers of said clouds.
Internal network compromise is of course always possible, but sheesh, it sounds like this list has lots of public cloud failures.
the number of private, non-cloud breaches far, far exceeds public cloud breaches.
we just dont hear about them. the majority are swept under the rug (if there is no customer-facing evidence of the hack), or they dont reach the news.