When Cloud Outages Ripple Across the Internet
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
Ravie LakshmananFeb 03, 2026Vulnerability / Malware The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to...
Jan Recap: New AWS Privileged Permissions and Services
As January 2026 comes to a close, Sonrai’s latest review of newly released AWS permissions highlights a sharp expansion of...
The Ultimate Guide to Single Sign-On in 2025
Why SSO is still a mess in 2025 Ever wonder why, in 2025, we’re still wrestling with getting a "simple"...
Single Sign-On with External Security Token Services
Understanding the Role of External Security Token Services Ever wonder why you don't have to log in ten times a...
The Future of Single Sign-on: Insights for 2025
The Shift Toward Passwordless and FIDO2 Standards Ever tried explaining to a frantic ceo why they can't just use "Password123"...
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
Ravie LakshmananFeb 03, 2026Artificial Intelligence / Privacy Mozilla on Monday announced a new controls section in its Firefox desktop browser...
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
Ravie LakshmananFeb 03, 2026Malware / Open Source A China-linked threat actor known as Lotus Blossom has been attributed with medium...
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
Digital Security It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the...
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
Digital Security It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the...
Is the Online Account Service Still Available?
The headache of multi-environment ciam Ever tried explaining to a frustrated stakeholder why a login flow works perfectly in your...
Configuring WS-Federation Single Sign-on for Resources
Why we still care about WS-Federation in a modern stack Ever feel like you're stuck in a time machine when...
Zero-Trust Policy Enforcement via Kyber-Encapsulated Context Windows
Introduction to Dynamic Epistemic Logic and AI Ever wondered how an ai actually "knows" that you’re frustrated with a chatbot,...
AI Didnt Break Cybersecurity
AI Didnt Break Cybersecurity I keep hearing the same sentence lately, from boards, executives, and even seasoned security leaders: “AI...
MoltBot Skills exploited to distribute 400+ malware packages in days
MoltBot Skills exploited to distribute 400+ malware packages in days Pierluigi Paganini February 02, 2026 Over 400 malicious OpenClaw packages...