RSS

Huntress CEO: employee used 'poor judgment' in alerting criminal

romaniitedomum1 pts0 comments

Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware crim about law enforcement probe

Jump to main content

Search

REG AD

Security

Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware crim about law enforcement probe

Ex-employee claims this 'meets the definition of an insider threat'

Jessica Lyons

Jessica<br>Lyons

Published<br>tue 30 Jun 2026 // 17:54 UTC

Huntress CEO Kyle Hanslovan said he is aware of “questionable, long-term threat actor communications” between a threat hunter who is still employed with the security firm and a cybercriminal, and called this “poor judgment.”<br>“In one particular exchange, our current teammate disclosed to a threat actor that law enforcement had reached out to them about the threat actor,” Hanslovan said in a blog post, addressing a former employee’s accusations that the current Huntress analyst is an insider threat to the company. “While this disclosure was not illegal, it reflected poor judgment,” he wrote.<br>The incident came to light last week when former Huntress security operations analyst Ben Folland, who left the company in February, alleged that “another Huntress employee passed communications from US law enforcement to a cybercriminal, Devman, who is actively and publicly targeting my family and me.”

REG AD

Devman is a ransomware operator, believed to be located in Russia, who uses modified DragonForce code built on top of the leaked Conti source code.

REG AD

Folland alleged that this insider, still employed by Huntress, was “caught by the FBI,” and that their involvement with Devman “would cause significant reputational damage to Huntress and, in my view, continues to put clients at risk.”<br>“If you are an employee at a cybersecurity company, you should not be helping cybercriminals,” Folland said. “You should not be informing them of active investigations. You should not be engaging in cybercriminal activity yourself.”<br>At the time, Hanslovan said he “firmly disagree[d]” with Folland’s accusations – but declined to provide additional details about what happened between the employee and the criminal.<br>In the Tuesday blog post, Hanslovan elaborated further and said that he believed that the communications did not constitute insider activity.<br>“As a result of the investigation, my team implemented more robust policies for our researchers, coached teammates on engaging with threat actors, and took appropriate administrative actions,” he wrote. “While we haven't found evidence of illegal conduct, insider activity, or additional disclosures, we are continuing our investigation. Due to the privacy rights of our teammates, we will not comment further on the investigation.”<br>Folland disagrees. In a Tuesday LinkedIn post responding to Hanslovan’s blog, he asserted that the communications between the Huntress analyst and Devman “meet the definition of an insider threat.”

MORE CONTEXT

Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues

Security shops among the 'hundreds' of Klue hack victims

Fired IT worker jailed for 21 months after sabotaging old school district

Google engineer accused of turning Year in Search secrets into Polymarket payday

When the FBI reached out to the Huntress employee for intel on Devman, “She immediately forwarded the exact FBI communications to the threat actor, including screenshots containing FBI agent names,” Folland claimed in his post on LinkedIn. “She informed Devman that law enforcement was actively looking into him. She also refused to cooperate because they wanted Devman.”<br>According to Folland, the FBI notified him of this incident with the current Huntress analyst.

REG AD

The Register reached out to the FBI for comment and did not receive a response.<br>“This was not just ‘poor judgment,’” Folland wrote. “This was a Huntress employee taking sensitive knowledge about a law enforcement approach and passing it directly to the person being investigated. If someone inside a bank warns a fraudster that police are investigating them, nobody would describe that as merely ‘poor judgment.’ They would call it what it is – an insider.”<br>Huntress declined to comment further. ®

security<br>cybercrime

REG AD

AI and ML

Changing AI math could reduce the hardware burden, researchers show

SEMQ promises an abstraction layer for separating semantics from embeddings

security

Infosec professionals sour on automated pentesting tools

29% of security pros were open to fully autonomous pentesting last year; now only 9% are

What the OCI MSA didn't solve for AI scaling

PARTNER CONTENT: The OCI MSA settled the architecture for optical scale-up. How fast bandwidth scales is a manufacturing question, not an architectural one

Security

Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware crim about law enforcement probe

Ex-employee claims this 'meets the definition of an insider threat'

columnists

Telling internet platforms where to stick...

huntress threat employee insider poor judgment

Related Articles

(no title)

Risse50 ptstitle

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

The labor share of income in the US is at its lowest post-war level

loughnane15 ptsfinancial labor share york securities central
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.