Verizon's 2026 DBIR puts vulnerability exploitation ahead of stolen credentials as the top way attackers get in. The fix is not exotic: automate patching aggressively and back it with automated testing.
Writing & Insights
Blog
Analysis on cybersecurity risk, cloud breaches, ransomware, patch management, and compliance, written for security leaders and technical decision-makers.
A Vercel employee granted 'Allow All' OAuth to Context.ai. Context.ai got breached. Vercel followed. Your Google Workspace has the same setting enabled.
Anthropic's Mythos announcement sparked panic, a practitioner playbook, and a technical rebuttal. All three matter, and the middle ground is the answer.
Cities shut down, cars that won't start, and millions of benefits records exposed. Ransomware's blast radius has moved beyond IT into the physical world.
Zero-click exploits, prompt injection at scale, and nation-state abuse, AI agents aren't just changing security, they're becoming what needs securing.
83 Microsoft CVEs, Chrome zero-days, Veeam flaws, and actively exploited n8n bugs in one week, how to prioritize patching when everything feels urgent.
3.9 million records exfiltrated from AWS infrastructure, and Google Cloud's latest threat report confirms it: cloud misconfigurations remain the top risk.
A devastating wiper attack on a medical device giant and Canada's persistent breach reporting delays reveal what happens when incident response isn't ready.
Three major supply chain compromises in one week highlight why vendor risk management can't be a once-a-year questionnaire.
AI is finding vulnerabilities faster than ever, and attackers are embedding it in malware. What organizations need to understand about this shift.