Not too long ago, a few gigabytes of data being stolen was a big friggin deal. Now they're swiping data in the terabytes or even petabytes.
As someone who's older, and is just generally gobsmacked all the time by the sloppiness in cybersecurity, all of this is just not surprising.
Look, love or hate it, here's what happened; a LONG time ago (in tech terms) Microsoft and others normalized some very stupid practices; when I teach about it I basically illustrate it like this: "If I handed you a piece of paper that said 'Go jump off a bridge'" will you survive this encounter with me? Because a very large, perhaps majority, of computer infrastructure will not.
We managed to put buttons on appliances that don't make the appliance explode, but failed to do that in email links, which are just buttons.
And then, we still have yet to punish or hold accountable any large party who made things this way. Until we do that, keep expecting this.
> In August 2025, three of the most notorious financially-motivated crews on the planet, ShinyHunters, Scattered Spider, and LAPSUS$, formally combined into a coordinated alliance widely tracked as Scattered LAPSUS$ Hunters (SLH), sometimes called “the Trinity of Chaos” (Resecurity; Cyberbit; Infosecurity Magazine; The Hacker News; Computer Weekly; ReliaQuest). Scattered Spider provides initial access through highly-effective social engineering and vishing. ShinyHunters handles exfiltration, leak-site management, and extortion. LAPSUS$ contributes its own brand of identity-system compromise.
Lmao that cybercriminals are closing M&A deals to create vertically integrated SaaS companies.
Do you think anyone was made redundant through kinetic means?
M&A first, kinetic NDA follows. "If you look around the table and can't tell who the sucker is, it's you."
>Stacked on top of each other across roughly a hundred days, these events are something a historian of computing security writing in 2050 will probably file as a turning point, regardless of what else happens between now and then.
And yet, the public conversation around them has been quiet to the point of being strange.
There's a lot current events that once would have been considered historical: trip around the Moon, war out of nowhere, unprecedented explosion of kleptocracy l, enormously scandals and so long. Noone of these are moving much of the needle among general public.
Why? I think such indifference or rather apathy/torpor is a result of people becoming tired of constant stream of crises (either imaginary or real) that we're being flooded by. The capacity to react with something more than a shrug is finite. And I think we are being drained.
The idiocy out of the Whitehouse is an intentional strategy to flood the zone with crap that sucks all the air out of the room. They have intentionally broken the ability of the public to become informed through a number of means: attention atrophy, lowest-common-denominator mudslinging, and massive, manufactured, stupid global crises. People have become deaf and desensitized.
The fact that humanity sent people back to the moon barely even registered. Crazy times.
> The fact that humanity sent people back to the moon barely even registered.
Are you sure that people would have cared much even in better times?
Although I'm just as subject to the fatigue as everyone else, this just isn't a pursuit that I see as important.
TBH I think dealing with global warming, cancer, homelessness, AI impact on human cognitive development, and the loneliness epidemic are far higher priorities.
If I recall correctly opinion polling on the original Apollo program wasn't universally positive either. Space missions don't impress people who want money spent on the ground, it etc
I think nobody cares about the moon thing because 1) they aren't landing, and (this one's more for people who are paying some attention to this stuff to begin with) 2) it's basically the same mission they already ran on auto-pilot, but with people on board, so... I dunno, hard to get excited about some very-expensive passengers on an automated ride.
I mean, part of why they cut the Apollo program short was because nobody cared back then either, after the first ~2 landings, so they muddled on a while longer but support simply vanished in a hurry. It'd be surprising if people started caring more now. I suppose if we land people on the moon it'll be a bit more of an event than this one (the landing, not the launch) but I'd expect interest to plummet again after that. Hopefully they have better-selected video feeds for the landing than they did for this launch, I had my kids watch it and it was bad enough I think I'll have trouble getting them to sit down for another NASA launch stream.
"Amusing ourselves to death" was eerily prescient. Now that the amusement stopped, what might happen next? Not the metaverse, that's for sure.
The precipitous drop in fertility even in low income countries. The rise in populism and fear.
It's the phones, humans are being DDoSd. We need government intervention against many aspects of modern technology.
The profit motive works when it comes to reducing manufacturing costs and passing some of that on to consumers through the beauty of competition. It doesn't work so great when it's X training a transformer model to maximize the amount of time you spend doom scrolling so they can feed you gambling advertisements.
> people becoming tired of constant stream of crises
They aren't tired, they're distracted. X/TikTok/et. al. are all fire and motion mechanisms.
Agreed, call it future shock or the Singularity or just overall outrage fatigue, people just aren't reacting to these kinds of things at a level commensurate with their risk or danger.
>And yet, the public conversation around them has been quiet to the point of being strange.
i dont think its that strange. there are multiple wars raging on, with many people fearing the breakout of a global conflict. a giant pedophile ring has been exposed that no one in power seems interested in doing anything about. prices for everything are haywire. markets are an absolute rollercoaster, hinging completely on one mans late night tweets. and so on.
people just dont have the bandwidth to also learn about what an npm or github is, and why a hack of it is important. news stations are going to pick the news that results in the most people tuning in to watch. that is war, not whatever a mercor is.
the non-tech (and many of the tech) people in my life are also just plain tired of hearing about hacks. they have heard that their information has been stolen 10 times or whatever in the last 5 years. they have heard 100s of "this company was hacked" stories. "another hack? who cares?".
The issue is also one of agency: the public has absolutely no agency in this. There is nothing an ordinary member of the public can do to avoid having their data exposed, there is nothing they can do to cause corporations to have more robust security models nor to cause actual consequences for all the executives that chose profit over security at every possible decision point.
To the public this becomes like the risk of being hit by lightning or being in a car accident, just background noise we avoid thinking about as much as possible. It is just the cost of living in this economy.
As fatiguing as legal breach notices are to lay people, it's equally frustrating as a dev because security is not a distinguishing feature we can advertise in our product so we can't prioritize it at all. Let the lawyers figure it out later seems to be best practice now.
And of course vuln finding is now automated so even if we do a good job locking it down this morning, nothing will not keep out the next wave tonight.
Plus, our current political atmosphere encourages digital chaos, for example gutting CISA.
> a giant pedophile ring has been exposed that no one in power seems interested in doing anything about
But that's not true. The European Union and many other countries are taking extreme measures to ensure that what happened in the United States never happens with them and they are introducing a bunch of different measures to strengthen control over society, the media sphere, and other measures to ensure that no pedophile rings could be exposed.
Really? The UK never even did anything except sweep the LAST pedophile ring uncovered under the rug too!
https://en.wikipedia.org/wiki/Rotherham_child_sexual_exploit...
https://en.wikipedia.org/wiki/Rochdale_child_sex_abuse_ring
https://en.wikipedia.org/wiki/Investigations_into_the_Rother...
"A 2024 report on child sex exploitation in Rochdale from 2004 to 2013 found that there was "compelling evidence" of widespread abuse, and that Greater Manchester Police and Rochdale Council had failed to properly investigate these cases, leaving girls "at the mercy of their abusers". While there were successful prosecutions, the report said that the investigations carried out during the period covered by the report only "scraped the surface" of what had happened, and that many abusers had gone unpunished."
>The UK never even did anything except sweep the LAST pedophile ring uncovered under the rug too!
the comment you are replying to is written sarcastically, ending with: "to ensure that no pedophile rings could be exposed"
in other words, they agree with what you have written. your reply appears to assume the opposite.
Read again what you are responding to.
HN is a bit of a bubble in that people here tend to be quite privacy focused and would be horrified at the prospect of their details being leaked.
For a lot of normal people that's not the case and as long as they don't get someone actually stealing their identity etc. they aren't really concerned about these kind of things
> a giant pedophile ring has been exposed that no one in power seems interested in doing anything about
This was one of the things Trump got 2024 elected on - many Republican voters were extremely keen on this being addressed. I'm glad Trump's fumbled it now so the Democrats are interested in addressing it, though for the wrong reasons.
Its the tech worlds equivalent to eating X causes cancer.
Frustratingly, I have my foot in both worlds to a degree. I'm interested enough in tech to pay attention and often lurk the tech bubble that is HN and hear about the raging dumpster fires from the folks who live and work in that domain. But I exist in a mostly non-tech world IRL where this exists among the other burning dumpster fires to the point that I can't care about another data hack, and i hate that I don't have the bandwidth to care. To a more acute degree, my mother was nearly wiped of half her life savings by "hackers"/fraudsters posing as employees of her bank. Being "hacked" is a part of life now, and outrage fatigue is real.
> Cisco’s private GitHub was cloned.
From this,
https://www.sdxcentral.com/news/cisco-source-code-breach-lea...
It sounds like they were/are using GitHub to host company-private source code, presumably of high-value.
While it's hard to know exactly the setup (e.g. maybe they are running their own instance of GitHub internally), this is your reminder that public clouds are not secure, no matter how much you pay the maintainers of said clouds.
Internal network compromise is of course always possible, but sheesh, it sounds like this list has lots of public cloud failures.
Add to this the Rockwell Automation attack and you get a beautiful Chickens-Coming-Home-To-Roost stew!
https://www.cisa.gov/news-events/cybersecurity-advisories/aa...