.png)
Security Blog
Expert insights, threat intelligence, and best practices from our security team
Five Warnings in Sixty Days: The Keys to America's Infrastructure Are Not Being Held
Five infrastructure-security stories broke in sixty days, each reported alone. Read together, they say the keys to America's critical systems are not being held.
Latest Articles
Acquisition Agreements Get Signed on Cyber Reps Nobody Verified. That Becomes the GC's Problem.
Acquisition agreements get signed on cyber reps no one independently verified. When the deal closes, the gap between what was repped and what's true becomes the buyer's liability and the GC's problem. What deal counsel should require first.
Your Cyber Budget Is a Number. Your Cyber Risk Is a Distribution. CFOs Keep Confusing the Two.
Global cyber spending hit a record $219 billion in 2025, the same year breaches set their own record. The disconnect exposes the core CFO error: treating cybersecurity as a budget number instead of a loss distribution to reshape.
The First 100 Days After Close Decide Your Cyber Risk for the Whole Hold.
Cyber due diligence is a screen, not a clean bill of health. The day a deal closes, every undetected weakness becomes the sponsor's problem, and the first 100 days are the only window with the leverage to fix it.
Five Cyber Questions That Change What a Deal Is Worth.
Cyber due diligence is usually a checkbox near the end of the process. Five specific questions turn it into a deal-pricing input, surfacing the risks that actually move valuation and post-close cost.
Four Breaches in Six Weeks. One Extortion Group. Your Portfolio Is the Target List.
ShinyHunters spent early 2026 running one pay-or-leak campaign through Instructure, Adobe, Match Group, and DentaQuest. The target profile is a near-perfect description of the average PE portfolio company.
The West Is Not Losing a Cyberwar. It's Losing an Economic War Conducted Through Cyber Means.
GCHQ's director warns of a 'narrowing window' while Russia hits Europe daily and China sits inside US telecoms. This isn't a cyberwar; it's economic coercion through digital infrastructure.
Phishing Statistics 2026: 20 Numbers Every Executive Should Know
20 phishing statistics from Verizon DBIR, IBM, FBI IC3, APWG, Microsoft, and Proofpoint that should change how every executive thinks about email security investment in 2026.
What CISA's CI Fortify Guidance Actually Means, and Why It Reads Like a Confession
CISA's CI Fortify guidance tells critical infrastructure to plan for months running cut off from its own networks, on the assumption the adversary is already inside. Why that reads like a confession.
Still Inside: Why the Senate Says Salt Typhoon Was Never Fully Evicted
Salt Typhoon breached at least nine US carriers and the wiretap systems built for law enforcement. The Senate now says China's hackers were never fully evicted.
Seven Years Inside: What Volt Typhoon Is Actually Doing in the US Power Grid
China's Volt Typhoon has held access inside US critical infrastructure for roughly seven years, using no malware. The goal isn't espionage. It's pre-positioning for disruption.
Nine Days After CISA Told America to Lock Down, Its Own Keys Were Sitting on GitHub
Days after CISA told America to lock down, a CISA contractor's public GitHub repo exposed federal cloud keys and the agency's software build credentials for six months.
AT&T Holds the Keys to Federal Surveillance. A Whistleblower Says It Hid the Break-Ins.
A whistleblower suit alleges IBM and AT&T hid repeated Chinese intrusions into a federal cloud system and made false security assurances to keep their government contracts.
275M Users Exposed in Canvas/Instructure Breach
275 million users exposed. 8,809 schools down. Instructure calls it 'scheduled maintenance.' Inside the Canvas breach and the EdTech disclosure failure.
Seven Years. Five Wells Fargo Outages. Still 'Routine.'
Seven years. Five major outages. Wells Fargo still calls it routine maintenance. What the banking outage pattern reveals about regulated comms.
Audited. Compliant. Hacked Anyway.
$219 billion spent on cybersecurity in 2025. More major breaches than any year on record. Why every cybersecurity plan failed in 2026.
Most Common Passwords in 2026: What the Data Shows
The 2026 password data: 123456 is still #1, 65% of users reuse passwords across breaches. What boards and CISOs should be doing about it.
Scattered Spider Plea: The Playbook Is Now Commoditized
Scattered Spider operative 'TylerB' pleaded guilty. The real threat isn't the arrest — it's that the social engineering playbook is now commoditized.
.png)
Shadow AI Agents Are Your New Attack Surface
Employees are running unauthorized AI agents with admin access to email, files, calendars, and CRM. The shadow AI attack surface most enterprises don't measure.
Copilot Doesn't Create the Data Problem. It Reveals It.
Microsoft 365 Copilot does not create a permission problem. It reveals the one you already had. Inside the SharePoint sprawl Copilot exposes.
Cybersecurity Acronyms Glossary 2026
70+ cybersecurity acronyms decoded for executives, boards, and PE sponsors. MFA, EDR, MDR, ZTNA, NIST CSF, SOC 2, and the rest — organized across 11 categories.
30 Biggest Data Breaches of All Time
Ranked by records: Yahoo, NPD, LinkedIn, Marriott, Canvas, T-Mobile, Equifax, Target, Capital One, Change Healthcare — and the regulatory fallout each produced.
.png)
Every MFA Tool Is Being Bypassed. Here's How.
Every MFA tool in your stack is being bypassed right now. Adversary-in-the-middle phishing, SIM swap, MFA fatigue, push bombing — and what actually stops them.
Defender vs CrowdStrike vs SentinelOne: 2026 Test
We tested Microsoft Defender, CrowdStrike Falcon, and SentinelOne against identical threats. The results were not what most CISOs expect.
UniFi Dream Machine Beast: Enterprise Push
Ubiquiti's Dream Machine Beast pushes UniFi into enterprise gateway territory. Technical specs, threat-model implications, and mid-market network fit.
The Uncomfortable Truth About AI Threat Detection
AI threat detection vendors promise what their products can't deliver. Pattern matching is not detection — and most stacks are catching less than claimed.
Frost Bank and the New Vendor-Risk Reality
The Frost Bank vendor breach: what happens when a payment processor's third-party software fails. The vendor-risk reality boards and audit committees own.
Flat Networks Turn Incidents Into Enterprise Events
Flat networks turn small incidents into enterprise events. The segmentation framework that limits blast radius — and why mid-market still hasn't done it.
Ransomware Trends: Q2 2026 Analysis
Q2 2026 ransomware analysis: the operator economics, targeted sectors, cryptocurrency flow, and regulatory responses now reshaping breach disclosure practice.
Network Gear Is the Attack Surface Nobody Audits
Your network gear is becoming the attack surface nobody audits enough. Firewalls, switches, load balancers, and the CVE backlog hiding in your perimeter.
Patch Tuesday Is a Governance Test
Patch Tuesday is not an IT task — it is a governance test. The 30-day patching SLA, board reporting, and named-officer accountability framework boards now own.
What Is SOC 2 Compliance? An Executive Guide
SOC 2 for executives: what auditors test, what consultants charge, what boards need to know — and why Type II is what enterprise buyers require.
When the Security Tool Becomes the Attack Surface
When the security tool becomes the attack surface: the Microsoft Defender exploit chain, the SentinelOne kernel CVE, and the pattern now common across EDR.