The Chrome Extension Backdoor: How ‘Productivity Tools’ Became Enterprise Attack Vectors
In December 2024, millions of users woke up to find that their "productivity tool" Chrome extensions had transformed overnight...
In
One Foothold, 25 Million Victims: The Risk Inside Modern Breaches
In last month’s reporting cycle, we saw one of the largest healthcare data breaches in U.S. history, ransomware groups...
Iran Has One Card Left—It’s Pointed at Your Network
In light of today’s attack by the U.S. and Israel on Iran, it is prudent to ask: What can...
The Conduent Ripple Effect: Why a 25-Million-Identity Breach is the Ultimate Supply Chain Wake-Up Call
In the world of cybersecurity, there are “loud” companies, the ones whose logos you see on every corner, and...
How to maximize HEDIS scores with synthetic data
In the U.S. healthcare industry, the Healthcare Effectiveness Data and Information Set (HEDIS) serves as the primary report card...
When AI Knows Something is Wrong, But No One is Accountable
In the absence of government regulation, we are leaving it to individual tech companies to determine when their own...
AI Is Making Security More Agile: Highlights from ChiBrrCon 2026
In 1900, Chicago completed one of the most ambitious engineering projects ever. Engineers reversed the flow of the Chicago...
Building Secure Authentication Faster: When SaaS Teams Should Go Passwordless
In 2026, the pieces needed for truly secure, truly easy sign-in have finally come together. Passkeys are shipping in...
Top Security Incidents of 2025: The Emergence of the ChainedShark APT Group
In 2025, NSFOCUS Fuying Lab disclosed a new APT group targeting China’s scientific research sector, dubbed “ChainedShark” (tracking number: Actor240820)....
The Agentic Virus: How AI Agents Become Self-Spreading Malware
In my previous post, I walked through how disconnected MCP servers and AI agents create a growing blind spot...
The Language of the Cybersecurity Leaders
In cybersecurity, we like to believe that leaders are created by better products, stronger execution, and higher revenue. That...
Microsoft Starts Testing Built-In Sysmon Monitoring in Windows 11
Image: Ed Hardie/Unsplash In a new Windows 11 Insider Preview release, Microsoft has started rolling out native support for System...
We Keep Hearing the Same Question: Morpheus (AI SOC) vs. Traditional SOAR
In 2025, we spent a lot of time with enterprise SOC teams, CISOs, and large MSSPs. Discovery calls. Technical deep...
Agentic AI and Non‑Human Identities Demand a Paradigm Shift In Security: Lessons from NHIcon 2026
In the race to innovate, software has repeatedly reinvented how we define identity, trust, and access. In the 1990's, the...
When Space Isn’t Safe: Inside the European Space Agency’s Massive Cyberattack
In late 2025 and early 2026, one of the world’s most advanced scientific organizations, the European Space Agency (ESA), faced...
