Why and How to Use OpenClaw and AI Agents to Test & Secure Your Network Infrastructure

Why and How to Use OpenClaw and AI Agents to Test & Secure Your Network Infrastructure
~ larshilse ~ Leave a comment

Your last penetration test ran quarterly (or did it, if you know what I mean?) Maybe annually, if your security budget survived the last board meeting. It took two weeks to schedule (sounds like some people's marriages), produced a PDF that exactly zero people read cover-to-cover (remember the prenup?), and by the time anyone got … Continue reading Why and How to Use OpenClaw and AI Agents to Test & Secure Your Network Infrastructure

Odido Data Breach: ShinyHunters Dumps 8 Million Dutch Customers

Odido Data Breach: ShinyHunters Dumps 8 Million Dutch Customers
~ larshilse ~ Leave a comment

Right. Gather round. Because this one is a special kind of stupid that deserves careful examination. The largest telecom in the Netherlands — Odido, which serves roughly a third of the entire Dutch population — got absolutely folded by ShinyHunters back on February 7th-8th, 2026. We're talking about 8 million customers' data walking out the … Continue reading Odido Data Breach: ShinyHunters Dumps 8 Million Dutch Customers

North Korea’s APT37 Is Jumping Air Gaps With USB Drives and Zoho

North Korea’s APT37 Is Jumping Air Gaps With USB Drives and Zoho
~ larshilse ~ Leave a comment

So you air-gapped your network. You physically disconnected it from the internet. You bought the rack, paid for the isolated environment, told management "nothing can get in here." You were proud of yourself, maybe even a little smug about it. Yeah. About that. Zscaler ThreatLabz published research this week on a campaign they're calling Ruby … Continue reading North Korea’s APT37 Is Jumping Air Gaps With USB Drives and Zoho

Cisco SD-WAN CVSS 10.0 Zero-Day: Your Network’s Been Open Since 2023

Cisco SD-WAN CVSS 10.0 Zero-Day: Your Network’s Been Open Since 2023
~ larshilse ~ Leave a comment

Oh, for fuck's sake. Here we go again. So Cisco drops a zero-day advisory last week — CVE-2026-20127, CVSS score of 10.0. That's a perfect score, for those keeping track at home. A clean, beautiful, maximum-severity authentication bypass in the Cisco Catalyst SD-WAN Controller (that's the thing formerly known as vSmart, because Cisco loves renaming … Continue reading Cisco SD-WAN CVSS 10.0 Zero-Day: Your Network’s Been Open Since 2023

ShinyHunters Is Burning SSO Victims Alive: Wynn, Figure, Odido — Who’s Next?

ShinyHunters Is Burning SSO Victims Alive: Wynn, Figure, Odido — Who’s Next?
~ larshilse ~ Leave a comment

ShinyHunters is on an absolute tear right now and nobody seems to be able to stop them. Wynn Resorts. Figure. Odido. Harvard University. SoundCloud. Crunchbase. Fujifilm. Adidas. Cartier. Kering — which, for those not paying attention, means Gucci, Balenciaga, and Brioni just got hit by the same crew that cracked a casino. Air France and … Continue reading ShinyHunters Is Burning SSO Victims Alive: Wynn, Figure, Odido — Who’s Next?

China’s State Hackers Hit 53 Orgs Globally — Google Disrupts UNC5221

China’s State Hackers Hit 53 Orgs Globally — Google Disrupts UNC5221
~ larshilse ~ Leave a comment

Oh, for fuck's sake. Another day, another Chinese state-sponsored hacking group caught doing exactly what everyone with a security clearance and a pulse has been screaming about for the last decade. Google dropped the news on February 25th, 2026 that they'd disrupted a Chinese-linked threat actor — tracked internally as UNC5221 — that had successfully … Continue reading China’s State Hackers Hit 53 Orgs Globally — Google Disrupts UNC5221

IBM X-Force 2026 – AI Turbocharges Attackers While Your Basics Still Suck

IBM X-Force 2026 – AI Turbocharges Attackers While Your Basics Still Suck
~ larshilse ~ Leave a comment

IBM dropped their 2026 X-Force Threat Intelligence Index on February 25th and I have to say — reading through a 50-page threat report first thing in the morning is my version of coffee-fueled rage therapy. Because every single year, the finding is essentially the same: attackers are getting better, faster, and more creative, while defenders … Continue reading IBM X-Force 2026 – AI Turbocharges Attackers While Your Basics Still Suck

CVE-2026-25108 FileZen Now on CISA’s KEV List: Patch It or Get Owned

CVE-2026-25108 FileZen Now on CISA’s KEV List: Patch It or Get Owned
~ larshilse ~ Leave a comment

TL;DR CISA added CVE-2026-25108 to its Known Exploited Vulnerabilities list after active exploitation of the FileZen command injection flaw. If you're running FileZen, patch now or accept the consequences. CISA doesn't add things to the Known Exploited Vulnerabilities catalogue for fun. They add things because attackers are actively using them in the wild, right now, … Continue reading CVE-2026-25108 FileZen Now on CISA’s KEV List: Patch It or Get Owned

Conduent Ransomware Exposes 25 Million Americans: SafePay’s Biggest Payday Yet

Conduent Ransomware Exposes 25 Million Americans: SafePay’s Biggest Payday Yet
~ larshilse ~ Leave a comment

TL;DR SafePay ransomware hit Conduent and exposed 25 million Americans' personal data. Likely the largest breach in US history. Here's the full breakdown and what it means for third-party risk management. Twenty-five million Americans. Let that sit for a second. Twenty-five million people who had their data — Social Security numbers, financial records, personal identifiers … Continue reading Conduent Ransomware Exposes 25 Million Americans: SafePay’s Biggest Payday Yet

APT28 Operation MacroMaze and how Russia’s Sneakiest Phishing Campaign Just Got Documented

APT28 Operation MacroMaze and how Russia’s Sneakiest Phishing Campaign Just Got Documented
~ larshilse ~ Leave a comment

TL;DR APT28's Operation MacroMaze uses macro-laced Office docs and legitimate webhook services to exfiltrate data undetected. Here's how it works and why your defenses are probably missing it. Alright, pull up a chair, because this one is actually clever — which is more than I can say for most of the brain-dead ransomware slop I … Continue reading APT28 Operation MacroMaze and how Russia’s Sneakiest Phishing Campaign Just Got Documented

Wynn Resorts Got Wrecked – ShinyHunters and the Oracle PeopleSoft Disaster

Wynn Resorts Got Wrecked – ShinyHunters and the Oracle PeopleSoft Disaster
~ larshilse ~ Leave a comment

TL;DR ShinyHunters stole 800,000 employee records from Wynn Resorts and demanded $1.5M ransom. Here's exactly what went wrong and what you need to fix before it's your turn. Jesus Christ. I've been saying for years that the hospitality sector is a soft, juicy, unpatched target and yet here we are again — this time it's … Continue reading Wynn Resorts Got Wrecked – ShinyHunters and the Oracle PeopleSoft Disaster

Lazarus Goes RaaS: North Korea’s Hackers Now Renting Medusa to Hit U.S. Hospitals

Lazarus Goes RaaS: North Korea’s Hackers Now Renting Medusa to Hit U.S. Hospitals
~ larshilse ~ Leave a comment

Alright. So apparently running the world's most prolific state-sponsored hacking operation for two decades wasn't ambitious enough. North Korea's Lazarus Group—the same crew responsible for the Bangladesh Central Bank heist, WannaCry, the Sony hack, and approximately $3 billion in stolen crypto—has now decided to franchise. They're renting ransomware. Specifically Medusa ransomware. And their new preferred … Continue reading Lazarus Goes RaaS: North Korea’s Hackers Now Renting Medusa to Hit U.S. Hospitals

CVE-2026-2441: Chrome Is Eating Your Credentials — Patch It Right Now

CVE-2026-2441: Chrome Is Eating Your Credentials — Patch It Right Now
~ larshilse ~ Leave a comment

Here's a question. When did you last verify—not assume, actually verify—that Chrome updated on your endpoints? Not "I clicked Later three days ago and it probably sorted itself out." Not "auto-update is enabled so it should be fine." Actually opened a browser, typed chrome://settings/help, and confirmed the version number against the patched release. If you … Continue reading CVE-2026-2441: Chrome Is Eating Your Credentials — Patch It Right Now

CrowdStrike’s 2026 Threat Report: 27 Seconds to Breakout and AI Is Now the Malware

CrowdStrike’s 2026 Threat Report: 27 Seconds to Breakout and AI Is Now the Malware
~ larshilse ~ Leave a comment

CrowdStrike dropped their 2026 Global Threat Report today and I want to take a moment to let one number sink in. Twenty-seven seconds. That is the fastest observed eCrime breakout time recorded in CrowdStrike's frontline incident data from 2025. Breakout time, for those not obsessed with threat intelligence metrics, is the time between an attacker … Continue reading CrowdStrike’s 2026 Threat Report: 27 Seconds to Breakout and AI Is Now the Malware

UMMC Ransomware Shuts All 35 Clinics: Healthcare Just Can’t Learn Its Lesson

UMMC Ransomware Shuts All 35 Clinics: Healthcare Just Can’t Learn Its Lesson
~ larshilse ~ Leave a comment

You know what's fun? Being a patient in Mississippi who needs a follow-up appointment for your diabetes management, or your kid's respiratory infection, or your cancer monitoring visit. And showing up to find the clinic is closed. Not because of a snowstorm. Not because of a water main break. Because some ransomware gang encrypted the … Continue reading UMMC Ransomware Shuts All 35 Clinics: Healthcare Just Can’t Learn Its Lesson

Notepad++ Update Traffic Hijacked for Six Months by Chinese State Hackers

Notepad++ Update Traffic Hijacked for Six Months by Chinese State Hackers
~ larshilse ~ Leave a comment

Well fuck me sideways, it finally happened. The thing we've been screaming about for years—that your trusted software update channels are prime targets for nation-state actors—just got confirmed in the worst possible way. Notepad++, that beloved text editor used by millions of developers worldwide, had its update mechanism hijacked by Chinese state-sponsored hackers for six goddamn … Continue reading Notepad++ Update Traffic Hijacked for Six Months by Chinese State Hackers

Threat Intelligence Firm Exposes Gigantic Credentials Trove in Open AWS Bucket: The Sweet, Sweet Irony Will Make You Puke

Threat Intelligence Firm Exposes Gigantic Credentials Trove in Open AWS Bucket: The Sweet, Sweet Irony Will Make You Puke
~ larshilse ~ Leave a comment

A threat intelligence firm left a 400GB cache of credentials and customer data in an open AWS bucket. Let me repeat that: the threat hunters got hunted because of a cloud security 101 failure.
This isn't just ironic; it's a perfect case study in why your fancy security vendors might be your weakest link. I'll break down exactly how this colossal fuck-up happened and what you need to do to make sure you—and the companies you trust—aren't next.

Qilin’s “Korean Leaks” Campaign: How One Compromised MSP Just Fucked 28 Financial Firms

Qilin’s “Korean Leaks” Campaign: How One Compromised MSP Just Fucked 28 Financial Firms
~ larshilse ~ Leave a comment

Twenty-eight South Korean financial firms just got ransomed through a single compromised MSP. One breach. One vendor. Twenty-eight victims. Qilin ransomware gang demonstrated that your trusted IT provider might be the weakest link in your entire security chain—and possibly working with North Korean state hackers because this timeline couldn't get more fucked. Read the full breakdown of how supply chain compromise is now the highest-ROI attack vector in cybercrime, and why your MSP access is probably your biggest vulnerability right now.

React’s Server Components RCE Bullshit: CVE-2025-55182 Exposes How Hype Fucks Over Real Security

React’s Server Components RCE Bullshit: CVE-2025-55182 Exposes How Hype Fucks Over Real Security
~ larshilse ~ Leave a comment

Jesus Christ, React's latest "innovation" just handed remote code execution to every basement hacker with a keyboard. CVE-2025-55182 turns Server Components into an RCE playground—unauthenticated, CVSS 10.0, and exploiting deserialization like it's 2010 all over again. If your Next.js app's humming on React 19 without patches, you're one POST away from disaster; uncover the full rant and fixes before your server's not yours anymore.

Fortinet SSL VPN Gets Hammered—780 Unique IPs Join the Brute-Force Pileup

Fortinet SSL VPN Gets Hammered—780 Unique IPs Join the Brute-Force Pileup
~ larshilse ~ Leave a comment

Fortinet SSL VPN devices just got hammered by a coordinated brute-force assault involving 780 unique IP addresses. This wasn't random scanning—it was focused, deliberate, and strategic. Attackers are specifically targeting VPN endpoints because they know that's the easiest path into internal networks. If you're running Fortinet SSL VPN with weak passwords and no multi-factor authentication, assume you're already compromised.