China’s Flax Typhoon Exploits ArcGIS App for Year-Long Persistence
A China-backed threat group exploited what ReliaQuest researchers called a “common security blind spot” to maintain persistence in a widely...
Social – LinkedIn
The Defensive Gap: Why Modern SOCs Are Losing Ground and How to Close It
Despite continued investments in SIEMs, threat intelligence platforms, and managed detection services, many Security Operations Centers (SOCs) remain in a...
The Endpoint Has Moved to the Browser — Your Security Tools Haven’t
Your users aren’t downloading files to their desktops anymore. They’re not running local applications. They’re working in Google Docs, Salesforce,...
#Pixnapping: Android Timing Attack Sends Google Back to the Drawing Board
Researchers discover a new way to steal secrets from Android apps.Anything any Android app can display is vulnerable to the Pixnapping...
No Good Deed Goes Unpunished: Why Voluntary Disclosure of Cybersecurity Violations Doesn’t Mean You Won’t Be Punished for Bad Security
What do you do when you discover that your cybersecurity is not what you have promised, even though there has...
Rethinking Microsoft Security: Why Identity is Your First Line of Defense
Microsoft Identity systems sit at the core of nearly every enterprise. Active Directory, Entra ID, Microsoft 365, Intune and Teams...
Oracle Warns of New EBS Vulnerability That Allows Remote Access
Oracle over the weekend issued another security alert about a vulnerability in its E-Business Suite (EBS), the software family that...
Is America Behind the Ball When It Comes to AI Regulation?
When it comes to regulating AI, America seems to be, at best, taking a wait-and-see or perhaps a laissez-faire approach....
Security Misconfigurations: The Future Disaster That’s Staring You in the Face
Nobody thinks they’ll leave the back door wide open until it happens. Sometimes the biggest cybersecurity weaknesses are the ones that hide in plain sight, where...
The SharePoint Blind Spot: How Legacy IGA Failed to Stop Volt Typhoon
The modern attacker’s mantra isn’t “break in” – it’s “log in.” Advanced groups, such as Volt Typhoon, demonstrate that identities,...
Multimodal AI, A Whole New Social Engineering Playground for Hackers
Multimodal AI is the shiny new toy in the enterprise tech stack. Its multiple input streams help it produce outputs...
Red Pilling of Politics – Court Strikes Down California Law on Political Deepfakes
In The Matrix, (the first Matrix) Morpheus tells Neo, “You have to understand, most of these people are not ready...
Shadow AI: Agentic Access and the New Frontier of Data Risk
Autonomous AI agents have crossed the threshold from novelty to necessity. What began as copilots whispering suggestions in your productivity...
Rethinking Security Data Management with AI-Native Pipelines
Traditional security data pipelines operate on a “bytes in, bytes out” model that requires extensive manual configuration and ongoing professional...
Salesforce Refuses to Pay Ransom to Data-Stealing Hackers
Salesforce reportedly is refusing to pay a ransom demanded by hackers who claim to have stolen more than 1 billion...
