🟠 High  |  Source: The Register — Security


A Huntress threat hunter allegedly warned a ransomware criminal that law enforcement were investigating them, prompting the company’s CEO to publicly describe the act as ‘poor judgment’. A former employee has gone further, characterising the behaviour as a textbook insider threat. The incident raises serious questions about trust, vetting, and access controls within security operations teams.

Security Architect’s Take: Review your security operations team’s access to sensitive investigation data and law enforcement liaison channels — consider need-to-know access controls, audit logging on case management platforms, and clear whistleblower and escalation policies to reduce insider risk exposure.

Original advisory: Huntress CEO says threat hunter used ‘poor judgment’ in alerting ransomware crim about law enforcement probe