Resources
Radical thinking and constant research inform all we do. Think ahead with shared intelligence from our Swarm of ethical hackers.
What kills new CISOs in their first 90 days – it’s not attackers.
The pen test report. The risk register. The green dashboard. They feel like facts. They're not. They're a record of…
CVE-2026-33727 – When “Low Privilege” Isn’t Low Enough: A Pi-hole LPE Story
Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and…
Proof of Human solves the bot problem. It doesn’t solve the people problem.
World ID can prove a real human is behind an account. It can't prove that human hasn't already been phished,…
Too many rules, no real test: Untangling US Cyber Disclosure
The US has no single federal data breach notification law, just a growing patchwork of SEC rules, HIPAA, state obligations,…
Project Glasswing is impressive. But what about the rest?
Anthropic's Project Glasswing is a serious step forward for technical security. But it covers one third of the attack surface.…
Swarm Intelligence: LiteLLM was the end of the chain, not the beginning.
LiteLLM's PyPI package was backdoored for under an hour on March 24. SSH keys, cloud credentials, and CI/CD secrets exfiltrated…
Handala & MuddyWater: MDM Weaponization at Enterprise Scale
On 11 March 2026, an Iranian two-team operation destroyed 200,000 enterprise devices at Stryker without deploying a single piece of…
Why Robbing Banks Is Easy (And Why That Should Terrify You)
A globally recognized ethical hacker shares real social engineering stories from legally robbing banks across five continents. The tools change.…
Swarm Intelligence: Stryker’s Intune wipe proves your BCDR plan has a single point of failure
No malware. No ransomware. One compromised Global Admin account and the management console your IT team used this morning. The…