Cyber Incident Response // Cyber Security // Cyber Crime // Cyber Terrorism // Cyber Defense
Six days from now, Donald Trump lands in Beijing for a summit with Xi Jinping that Bloomberg and the FT are covering entirely through the lens of tariffs, Taiwan's political status, and whether Trump will suspend arms sales to Taipei in exchange for soybean purchases. All fair and important. None of it is what I … Continue reading Trump Lands in Beijing in Six Days: Here’s the Cyber Risk Nobody Is Pricing
Here's something nobody in your boardroom wants to hear over coffee: your organisation's last ransomware payment may be funding North Korea's ballistic missile programme. Not funding it loosely in the vague geopolitical sense. Funding it specifically, directly, and with the blessing of a state that the US intelligence community has publicly assessed as "sophisticated and … Continue reading North Korea Stole $2B in Crypto Last Year. It’s Buying Missiles With It.
In January I sat down to write a post about something completely different and instead spent forty-five minutes rereading the same paragraph from the New York Times' January 17 story: US officials, briefed on the operation, confirmed that hackers operating on behalf of the US government were able to "not only shut off the power … Continue reading Operation Absolute Resolve: The Grid Went Dark, the Rules Went With It
The ENTSO-E expert panel published its 472-page final report on the April 28, 2025 Iberian blackout on March 20, four days ago. The coverage landed exactly as expected: renewables cleared, voltage control blamed, twenty-two recommendations issued, everybody go home. And look, the report is genuinely important for grid engineers and energy regulators and the technical … Continue reading Europe’s Grid Collapsed in 8 Seconds: The Cyber Lesson Nobody Read
The US intelligence community released its 2026 Annual Threat Assessment on March 18, and the coverage has been predictably focused on the Iran war, nuclear escalation scenarios, and what Tulsi Gabbard thinks about Venezuelan organised crime. Fair enough. All of that matters. But buried in the congressional testimony from DNI Gabbard and the four-letter-agency directors … Continue reading ODNI 2026 Threat Report: Four Nations Are Inside Your Network
I just finished writing about how Ukraine's entire military operational architecture depends on one private company's satellite network, and how that's an extremely expensive lesson in single points of failure. Then I look at this week's news and find out that the US has been enthusiastically creating a different category of single-point risk — this … Continue reading Gulf AI Chip Deals: We’re Offshoring the Riskiest Tech in History
I've spent most of this month writing about Iranian cyber operations and Gulf energy infrastructure because, frankly, the news hasn't given me a choice. But buried under the Hormuz crisis coverage this week is one of the most important pieces of technical analysis I've read all year: the Atlantic Council's breakdown of what they're calling … Continue reading Ukraine’s Drone War Is Actually a Compute War, and the Lesson Is Yours
I wrote about the Handala wiper attack on Stryker Corporation two weeks ago — a $100 billion Fortune 500 medical device maker, data wiped across 60+ countries, login screens replaced with the Handala logo, stock down 4.5% inside a trading session, Ireland's NCSC scrambling — and I remember thinking: okay, that's the clearest evidence yet … Continue reading Iran’s Cyber War Is Inside Your ICS and Nobody’s Screaming
I literally just finished writing about how ShinyHunterz walked off with a petabyte of TELUS Digital's data yesterday, and my coffee hadn't even gone cold before this Tieu Dental breach alert hit my feed. Another day, another healthcare organization leaking sensitive patient data because some ass-clowns decided cybersecurity was someone else's problem. Jesus Christ on … Continue reading Tieu Dental Breach Exposes Thousands of Patient Records in Latest Healthcare Cyberattack
I just finished writing about INC Ransom spending eighteen months torching Australian healthcare organizations and I genuinely thought that was going to be my Friday. Then TELUS Digital dropped, and now I'm on my fourth coffee staring at the word "petabyte" like it's going to apologize and go away. It is not going to apologize. … Continue reading TELUS Digital Hemorrhages 1 Petabyte: ShinyHunterz Wins Again
I wrote about INC Ransom working through Australian healthcare for eighteen months roughly forty minutes ago. My keyboard hasn't cooled down. And then Bleeping Computer drops the Stryker story and I genuinely had to put my coffee down and read it twice. Because this is a different category of attack and it should scare the … Continue reading Handala Wipes Stryker Offline: Iran’s Hacktivists Hit Medtech
I haven't even had time to close the tab from writing about the TriZetto breach dumping 3.4 million patient records — that one genuinely made me sit back and stare at the wall for a minute — and here we are again. Same sector. Same ransomware-as-a-service playbook. Different corner of the planet. Today, March 12, … Continue reading INC Ransom Torches Australian Healthcare: Five Eyes Speak Up
So after the Apple iOS zero-days landing on CISA's KEV catalog yesterday this shit is the first news of the morning, Haven't even washed my coffee cup (I really rarely do) — when CISA dropped another KEV addition that made me slam my espresso cup down hard enough to slosh the thing. n8n. The workflow … Continue reading n8n RCE Hits CISA KEV: 24,700 Automation Instances Still Exposed
I finished writing about TriZetto's healthcare platform going down and taking 3.4 million patient records with it, cracked my knuckles, poured coffee number six, and thought: okay, surely that's the last big one this week. Reader, it was not the last big one this week. Because Cybercrime Wire dropped the HungerRush story on March 9th … Continue reading HungerRush POS Hack: 28M Restaurant Customers’ Data Up for Sale
I literally just wrapped up the Clop hit on Madison Square Garden through their Oracle EBS vendor — a post I ended by saying the healthcare software supply chain is the highest-risk version of this exact problem — and I am not even kidding, the confirmation landed before I'd closed the tab. Cognizant's TriZetto Provider … Continue reading TriZetto Breach Spills 3.4M Patient Records: Fix Healthcare IT Now
I just got done writing about VMware Aria Operations being added to CISA's Known Exploited Vulnerabilities catalog — management console, admin bypass, actively exploited, patch immediately — and before I'd even updated the slug I get the alert: CISA has added Apple iOS vulnerabilities to the KEV list. Again. Because we do this every few … Continue reading CISA Adds Apple iOS Zero-Days to KEV: Patch Your iPhone Today
Look, if you thought 2026 was going to be a quiet year for cybersecurity, I have to say — bless your heart. On February 28th, the United States and Israel launched a coordinated military offensive against Iran codenamed Operation Epic Fury (U.S.) and Operation Roaring Lion (Israel), as confirmed by Wikipedia's detailed breakdown of the 2026 … Continue reading Iran vs. The Internet: How the World’s First Full-Scale Cyber-Kinetic War Just Rewrote the Rules
I haven't recovered from writing about the Clop ransomware crew's Oracle EBS campaign against Madison Square Garden and 100-plus other organisations — the one where Clop stole 131,070 sets of SSNs and MSG took seven months to tell anyone — and now the week hands me this. LexisNexis. The company that sells risk intelligence and … Continue reading LexisNexis Breach: Risk Intelligence Giant Loses 2GB of Data
I pretty much had just wrapped up a post on Cisco SD-WAN Manager being under mass exploitation — attacker gets control of the management plane, attacker gets control of everything that management plane manages. I said it then, I'll say it again now: management platforms are the crown jewels. And apparently the universe decided that … Continue reading FBI’s Wiretap Systems Got Hacked: Every FISA Case at Risk Now
I need a minute. I just wrote about Cisco SD-WAN Manager being actively exploited via CVE-2026-20122 — management console, web shells deployed, watchTowr telling everyone their exposed systems should be assumed compromised — and before that coffee went cold, CISA turns around and drops VMware Aria Operations onto the Known Exploited Vulnerabilities catalog. Another management … Continue reading VMware Aria Is on CISA’s Hotlist: Patch the Admin Console Now