Shaun Nichols

Oakland

Senior Content Editor at CyberRisk Alliance

Writer with @scmagazine formerly @SearchSecurity @LBNLcs, @theregister and some departed publications. He/him. After-hours (possibly NSFW): @ShaunIsntFunny

Featured in: Favicon

nytimes.com Favicon

techtarget.com Favicon

theregister.com Favicon

siliconangle.com Favicon

computing.co.uk Favicon

lemagit.fr Favicon

thestack.technology Favicon

cyberriskalliance.com Favicon

wiley.com

itnews.com.au + 6 more

Articles

ClickFix attacks surge as exploits see drop in popularity

1 week ago | scworld.com | Shaun Nichols

Threat actors have been increasingly relying on social-engineering tactics such as ClickFix scams to lure victims into infecting their systems with malware. Researchers with security provider ReliaQuest said that social-engineering attacks, most notably ClickFix attacks in which victims are tricked into running malicious scripts under the guise of CAPTCHA codes, now make up the majority of observed attack scams, along with techniques such as phishing emails.
Cybercriminals use SEO tricks to push phishing pages

1 week ago | scworld.com | Shaun Nichols

Search Engine Optimization (SEO) has become the latest tool for attackers looking to lure in targets for phishing attacks. Researchers with security vendor Netcraft said that cybercriminals are increasingly looking to inject web pages with code designed to game search engines into prioritizing compromised content and redirecting users to attack sites.
Alerts for flaws in industrial control systems include Siemens, Aveva

1 week ago | scworld.com | Shaun Nichols

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a handful of alerts to address vulnerabilities in industrial control appliances and security cameras. The U.S. cybersecurity authority said that a number of devices, including those from Siemens, Aveva, and PTZOptics, could be vulnerable to various forms of remote attack and should be updated as soon as possible.
House Dems call for review of U.S. government cybersecurity programs

2 weeks ago | scworld.com | Shaun Nichols

The ranking members of two House committees are calling on the U.S. government to outline the way its cybersecurity programs operate.
Smartwatches tabbed as latest vehicle for air-gapped system attacks

2 weeks ago | scworld.com | Shaun Nichols

Researchers say that the latest vehicle for covert data extraction from secured systems could be sitting on your wrist. A paper published by the Ben-Gurion University of the Negev in Beer Sheva, Israel, details how a smartwatch could possibly be employed to lift secured data from air-gapped machines by intercepting electronic signals. Air-gapped machines sit apart from any network connection.
Updates urged after disclosure of Windows Secure Boot vulnerability

2 weeks ago | scworld.com | Shaun Nichols

The June edition of Microsoft’s Patch Tuesday release became even more of a priority for administrators thanks to the disclosure of a potential rootkit vulnerability on the Windows Secure Boot system. Researchers with security vendor Binarly said that the vulnerability they discovered and securely reported to Microsoft would potentially allow an attacker to bypass the UEFI checks that prevent the use of unauthorized firmware on Windows systems.
OpenAI bans ChatGPT accounts linked to state-sponsored threat activity

2 weeks ago | scworld.com | Shaun Nichols

The makers of ChatGPT said they have spotted and disrupted a number of state-sponsored operations that it believes were abusing the AI tool to create malware and run espionage campaigns. OpenAI said in its June security report that it spotted and disrupted a number of attacks, most originating in China and Russia, that appear to have been using ChatGPT to either generate code or automate the process of making social media posts or emails for social engineering campaigns.
Overconfidence in security could put healthcare organizations at risk

2 weeks ago | scworld.com | Shaun Nichols

An epidemic of overconfidence and underestimation in IT security protections and staff readiness could leave health care organizations at risk of catastrophic attacks. IT services provider Omega Systems said that a recent survey of healthcare IT professionals found that while many see their companies as doing more than enough when it comes to data security, there remain key weaknesses and pain points that will put organizations at risk.
Microsoft fixes 66 bugs in latest Patch Tuesday, 10 rated 'critical'

2 weeks ago | scworld.com | Shaun Nichols

Microsoft gave administrators something of a summer break with the release of a relatively light load of 66 Patch Tuesday security fixes. The June edition of the monthly security update release sees Microsoft patch 10 flaws rated as "critical," two which are either publicly known or under active exploit. Administrators will want to take particular note of CVE-2025-33053 and CVE-2025-33073, the former of which is under active exploitation and the latter having a public exploit in circulation.
Trump executive order alters Biden-era cybersecurity regulations

2 weeks ago | scworld.com | Shaun Nichols

The Trump administration issued an executive order rolling back and altering key points of U.S. cybersecurity strategy. The White House announced the new order from the president, which will alter and add on to a number of points from the Biden administration’s Executive Order 04144, as well as a number of other cybersecurity policies issued by the Biden and Obama administrations. “Today, President Donald J.

Contact details

Emails

[email protected]

Socials & Sites

Try JournoFinder For Free

Search and contact over 1M+ journalist profiles, browse 100M+ articles, and unlock powerful PR tools.

Start Your 7-Day Free Trial →

X (formerly Twitter)

Followers: 1K
Tweets: 17K
DMs Open: Yes

Shaun Nichols @shaundnichols

12 Jun 25

Call for comment: can any of my security frenz (or their clients) give some analysis on this one? https://t.co/cdOzv3QPKc email is shaun.nichols(at)cyberriskalliance(dot)com

Shaun Nichols @shaundnichols

28 May 25

Time for the annual reminder for my fellow journos: unless you need to record video, give your interviewee the option to be camera off for the call. It might be a small thing to you but a big thing to someone that is less comfortable in that situation.

Shaun Nichols @shaundnichols

5 Feb 25

Deliberately giving your readers false information in an effort to prove a nonexistent point to other journalists is some wild shit

Shaun Nichols

Articles

ClickFix attacks surge as exploits see drop in popularity

Cybercriminals use SEO tricks to push phishing pages

Alerts for flaws in industrial control systems include Siemens, Aveva

House Dems call for review of U.S. government cybersecurity programs

Smartwatches tabbed as latest vehicle for air-gapped system attacks

Updates urged after disclosure of Windows Secure Boot vulnerability

OpenAI bans ChatGPT accounts linked to state-sponsored threat activity

Overconfidence in security could put healthcare organizations at risk

Microsoft fixes 66 bugs in latest Patch Tuesday, 10 rated 'critical'

Trump executive order alters Biden-era cybersecurity regulations

Contact details

Emails

Socials & Sites

X (formerly Twitter)