Zero Trust for B2B SaaS: What Every Founder and CTO Needs to Know
There's a conversation that plays out in enterprise sales cycles thousands of times a day. A promising deal has...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites
While the execution of the bytecode was not successful in our tests, we saw that it contains strings and a...
CISOs in a Pinch: A Security Analysis of OpenClaw
The viral rise of OpenClaw (formerly Clawdbot) marks the end of the "chatbot" era and the beginning of the "sovereign...
Google’s $32B Wiz Acquisition Set to Become Israel’s Largest Tech Deal Ever
Image: Generated via Google’s Nano Banana Google is about to write one of the biggest checks in tech history, and...
Fake Gemini AI Chatbot Promotes ‘Google Coin’ in New Crypto Scam
Image: Malwarebytes A convincing chatbot pretending to be Google’s AI assistant is now being used to pitch a fake cryptocurrency...
Fake Claude Code Spreads Malware to Windows, macOS Users
Image: Rawpixel/Envato Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute...
USENIX Security ’25 (Enigma Track) – Security Theater Is Canceled: Time For A Real Show
Author, Creator & Presenter: Lea Kissner, LinkedIn Our thanks to USENIX Security ’25 (Enigma Track) (USENIX ’25 for publishing...
OMB Rolled Back the Rules. Security Did Not Get Easier
The U.S. Office of Management and Budget (OMB)’s decision to rescind M-22-18 and M-23-16 and replace them with M-26-05...
Inference protection for LLMs: Keeping sensitive data out of AI workflows
As organizations accelerate their adoption of large language models, data privacy and security concerns have emerged as one of...
Threat actors use custom AuraInspector to harvest data from Salesforce systems
Threat actors use custom AuraInspector to harvest data from Salesforce systems Pierluigi Paganini March 10, 2026 Attackers are mass-scanning Salesforce...
U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March...
Ericsson US confirms breach after third-party provider attack
Ericsson US confirms breach after third-party provider attack Pierluigi Paganini March 10, 2026 Ericsson US reports a data breach after...
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform Pierluigi Paganini March 10, 2026 Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used...
AI Just Made Executives the Easiest Targets on the Internet
The next time someone targets your CEO, they most likely won’t be a nation-state operative or a professional cyberattacker....
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities
Tenable Research revealed “LeakyLooker,” a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have...
