News
The pen test report. The risk register. The green dashboard. They feel like facts. They're not. They're a record of someone else's decisions, at a point in time that's already passed. And in your first 90 days as CISO, they'll shape everything you do, if you let them.
What kills new CISOs in their first 90 days – it’s not attackers.
The pen test report. The risk register. The green dashboard. They feel like facts. They're not. They're a record of…
CVE-2026-33727 – When “Low Privilege” Isn’t Low Enough: A Pi-hole LPE Story
Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and…
Proof of Human solves the bot problem. It doesn’t solve the people problem.
World ID can prove a real human is behind an account. It can't prove that human hasn't already been phished,…
Too many rules, no real test: Untangling US Cyber Disclosure
The US has no single federal data breach notification law, just a growing patchwork of SEC rules, HIPAA, state obligations,…
Swarm Intelligence: LiteLLM was the end of the chain, not the beginning.
LiteLLM's PyPI package was backdoored for under an hour on March 24. SSH keys, cloud credentials, and CI/CD secrets exfiltrated…
Dynamic Attack Surfaces: The Professional Sports Problem
Professional sports organizations face cybersecurity challenges that don't fit traditional frameworks. With seasonal spikes, constant third-party integrations, and workforce volatility,…
Claude Jailbroken To Attack Mexican Government Agencies
A threat actor jailbroke Claude to orchestrate a month-long attack on Mexican government networks, stealing 150 GB of sensitive data.…
Jayson E Street Joins CovertSwarm
The man who accidentally robbed the wrong bank in Beirut is now part of the Swarm. Jayson E Street joins…
What Moltbook reveals about AI agent security
The Moltbook launch exposed a critical gap: organizations deploying AI agents faster than they can secure them. Research shows 22%…