Dispatches. Practitioner-first cybersecurity coverage.
Independent reporting on AI security, SOC automation, identity, data and the adversarial edge. Every piece is rewritten in-house and credits every source — never a press-release copy.
Featured GRU's Forest Blizzard Turned 18,000 Home Routers Into a Silent OAuth Interception Layer
A GRU-linked campaign scaled OAuth token theft against government ministries by quietly rewriting DNS on thousands of end-of-life SOHO routers — no endpoint malware required. The technique bypasses MFA because it harvests tokens issued after login.
Archive
-
Policy CSA Spins Out CSAI as a Standalone Nonprofit for Agentic AI Governance
The Cloud Security Alliance carved its AI work out into a separate 501(c)(3) foundation at RSAC 2026. The mission statement — 'Securing the Agentic Control Plane' — reframes AI security from defending models to governing the identity, authorization, and runtime of autonomous agents.
-
Vulnerabilities Microsoft's April Patch Drop: 169 Fixes, a SharePoint Zero-Day, and Windows Defender's 'BlueHammer'
April 2026 is the second-largest Patch Tuesday on record. One of the 169 CVEs is already under active exploitation in Microsoft SharePoint Server, and a publicly-disclosed Defender bug nicknamed BlueHammer rounds out an unusually dense release.
-
Policy NIST Throws the Triage Flag: CVE Enrichment Goes Selective After a 263% Submission Surge
NIST will stop enriching every CVE submitted to the National Vulnerability Database. A new prioritisation policy — live as of April 15 — covers KEV entries, EO 14028 critical software, and anything with systemic-risk potential. Everything else goes to a 'Not Scheduled' queue.
-
AI Security Anthropic's 'Glasswing' Puts an Offensive-Grade AI in the Hands of 50 Defenders — And Schneier Isn't Convinced It's a Gift
Anthropic held back its Mythos Preview model from public release and shipped it instead to roughly 50 organisations under 'Project Glasswing'. Bruce Schneier argues the defensive edge is real but temporary — and that smaller models are already closing the gap.
-
AI Agents Lab Study: Humans Treat AI Agents Like Rational Allies — And That's a Security Problem
A new controlled experiment finds people play more cooperatively against LLMs than against other humans in a strategic game. Schneier flags the finding for every team designing systems where agents and humans operate side-by-side.
-
Supply Chain North Korea's 'Contagious Interview' Seeds 1,700 Poisoned Packages Across Every Major Registry
Pyongyang-linked operators have crossed a scale threshold. A campaign Socket tracks as Contagious Interview has placed 1,700+ malicious packages across npm, PyPI, Go and Rust since January 2025 — and the payloads no longer trigger at install time.
-
Policy Schneier Reads the 2026 US Cyber Strategy as a Quiet Authorization for Corporate Hackback
One sentence in the Cyber Strategy for America document — 'unleash the private sector by creating incentives to identify and disrupt adversary networks' — is, per Bruce Schneier, an invitation to private offensive cyber operations. He compares it to the letters of marque a prior century eventually abandoned.
-
AI Agents AI Agents Are the New Identity Problem — And Nobody's PAM Is Ready
As autonomous agents start spending money, sending code reviews and deploying infrastructure, the industry is scrambling to extend machine-identity controls to non-deterministic actors.
-
SOC Automation SOC Automation Consolidation Accelerates as Platform Vendors Absorb Point SOAR Tools
Palo Alto, CrowdStrike, and Microsoft all shipped native SOAR replacements in Q1 — signalling the end of standalone SOAR as a category.
-
Identity Non-Human Identities Now Outnumber Humans 45-to-1 in Enterprise Environments
New CSA research pegs the median ratio at 45:1, up from 17:1 in 2023 — and CISOs admit they can't enumerate half the machine identities in their environments.
-
Code Security ML-Enhanced SAST Finds Backdoors Human Reviewers Miss in Open-Source Packages
Research from GitHub, Snyk and Semgrep converges on the same finding: ML-assisted scanners catch maintainer-injected supply-chain backdoors that traditional SAST routinely waves through.
-
Deepfake Defense Deepfake Executive Impersonation Hits $1.6B in Losses — and Detection Tools Finally Work
The Arup Hong Kong incident was a preview. Two years later, real-time deepfake detectors now ship inside the major conferencing platforms — but the attacker side isn't standing still.
-
Data Security DSPM Quietly Wins the Cloud Data Security War — Legacy DLP Vendors Scramble to Reposition
Data Security Posture Management went from emerging category to table-stakes in under three years. The legacy DLP names are pivoting hard — with mixed results.