Cyber Incident Response // Cyber Security // Cyber Crime // Cyber Terrorism // Cyber Defense
I just got done writing about VMware Aria Operations being added to CISA's Known Exploited Vulnerabilities catalog — management console, admin bypass, actively exploited, patch immediately — and before I'd even updated the slug I get the alert: CISA has added Apple iOS vulnerabilities to the KEV list. Again. Because we do this every few … Continue reading CISA Adds Apple iOS Zero-Days to KEV: Patch Your iPhone Today
Look, if you thought 2026 was going to be a quiet year for cybersecurity, I have to say — bless your heart. On February 28th, the United States and Israel launched a coordinated military offensive against Iran codenamed Operation Epic Fury (U.S.) and Operation Roaring Lion (Israel), as confirmed by Wikipedia's detailed breakdown of the 2026 … Continue reading Iran vs. The Internet: How the World’s First Full-Scale Cyber-Kinetic War Just Rewrote the Rules
I haven't recovered from writing about the Clop ransomware crew's Oracle EBS campaign against Madison Square Garden and 100-plus other organisations — the one where Clop stole 131,070 sets of SSNs and MSG took seven months to tell anyone — and now the week hands me this. LexisNexis. The company that sells risk intelligence and … Continue reading LexisNexis Breach: Risk Intelligence Giant Loses 2GB of Data
I pretty much had just wrapped up a post on Cisco SD-WAN Manager being under mass exploitation — attacker gets control of the management plane, attacker gets control of everything that management plane manages. I said it then, I'll say it again now: management platforms are the crown jewels. And apparently the universe decided that … Continue reading FBI’s Wiretap Systems Got Hacked: Every FISA Case at Risk Now
I need a minute. I just wrote about Cisco SD-WAN Manager being actively exploited via CVE-2026-20122 — management console, web shells deployed, watchTowr telling everyone their exposed systems should be assumed compromised — and before that coffee went cold, CISA turns around and drops VMware Aria Operations onto the Known Exploited Vulnerabilities catalog. Another management … Continue reading VMware Aria Is on CISA’s Hotlist: Patch the Admin Console Now
I had barely finished my write-up on the Marquis vs. SonicWall disaster — where a firewall vendor's own backup service handed ransomware gangs the keys to a fintech company's network — and I was sitting here telling myself that at least we had a lawsuit, at least someone was trying to hold a vendor accountable, … Continue reading Clop Breached MSG via Third-Party Oracle EBS: 131K SSNs Gone
I had literally just wrapped up the Android zero-day write-up — another "patch your damn devices, yes right now" piece — and before I could finish my fourth coffee of the morning, Cisco drops the confirmation that two more vulnerabilities in Catalyst SD-WAN Manager are being actively exploited in the wild. Mass exploitation. Web shells … Continue reading Cisco SD-WAN CVE-2026-20122: Mass Exploitation, Patch or Die
My coffee wasn't even cold after writing about the Tycoon 2FA PhaaS takedown and what it means for the state of offensive infrastructure, and then Google's Threat Intelligence Group drops the 2025 zero-day review and I nearly choked. Ninety. Ninety zero-days exploited in the wild last year. That's not the number that should make you feel sick, … Continue reading GTIG Drops the Bomb: 90 Zero-Days and Enterprise in the Crosshairs
I need a minute. Because this is genuinely good news, and I don't get to write those very often, and I want to savour it for approximately thirty seconds before I spend the next fifteen hundred words explaining why it doesn't actually fix the underlying problem and you still need to sort your shit out. … Continue reading Tycoon 2FA Is Dead: Europol Kills the MFA-Busting PhaaS King
I haven't even finished my third coffee this week and I'm already writing about a data breach so stupid it physically hurts. Not "sophisticated nation-state intrusion" stupid. Not "supply chain zero-day" stupid. I mean "the password was literally Lexis1234" stupid. A company trusted by federal judges, DOJ attorneys, and U.S. SEC staff was running a … Continue reading LexisNexis AWS Breach: ‘Lexis1234’ Opens the Door to Gov Data
It's March. It's 2026. And apparently we still need to have the conversation about patching your phones. I know. I know. I've said it before. I'll say it again, because apparently some people need to hear it repeatedly, ideally at increasing volume. Google just dropped the March 2026 Android security patch, and buried in there … Continue reading Android Zero-Day CVE-2026-21385: Patch Your Phones Right Now
I've been saying for years that vendor risk is not a checkbox exercise. I've been saying it in blog posts, in conference rooms, in papers, and presumably in my sleep. And then the Marquis vs. SonicWall lawsuit drops and it is the most perfect, catastrophic illustration of exactly that point that I could not have … Continue reading Marquis vs. SonicWall: When Your Firewall Vendor Hands Over the Keys
You know what I love about my mornings? Reading about another critical-severity, unauthenticated remote code execution vulnerability in a piece of network core infrastructure that half the Fortune 500 has sitting in the middle of their backbone. My coffee was almost at a drinkable temperature when the Juniper advisory landed. Almost. CVE-2026-21902. CVSS 9.3 to … Continue reading CVE-2026-21902 Juniper PTX: Unauthenticated Root on Your Core Router
I hadn't even finished my second coffee after writing about China's UNC5221 carpet-bombing organisations globally, and CISA decides to drop an updated malware analysis report that should make every network defender in the room deeply, personally uncomfortable. RESURGE is still out there. On Ivanti Connect Secure devices. Possibly yours. Dormant. Undetected. Sipping a metaphorical coffee … Continue reading RESURGE Is Still on Your Ivanti Gear — Dormant, Waiting, Hiding
I hadn't even finished writing about Chinese state hackers quietly carpet-bombing 53 organisations globally when this landed on my desk like a grenade. Iran. Retaliatory cyber campaign. "No red lines." Sixty-plus threat groups coordinating under a single umbrella. My coffee went cold the moment I read the words "Electronic Operations Room" and I have not … Continue reading Iran’s Cyber War Machine Is Live — Gulf Energy in the Crosshairs
Right. So. I spent half of last week writing about APT28's Operation MacroMaze phishing circus and barely had time to finish my fourth coffee before Akamai dropped this particular turd in my inbox. APT28 — Russia's GRU-affiliated gift that keeps on giving — was out here quietly burning a zero-day in the MSHTML Framework, CVE-2026-21513, … Continue reading APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open
Right. So. I spent half of last week writing about APT28's Operation MacroMaze phishing circus and barely had time to finish my fourth coffee before Akamai dropped this particular turd in my inbox. APT28 — Russia's GRU-affiliated gift that keeps on giving — was out here quietly burning a zero-day in the MSHTML Framework, CVE-2026-21513, … Continue reading APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open
Right. I've already written today about Iran's internet going dark, North Korea flooding npm with spyware, and a Chrome zero-day that lets extensions hijack your AI assistant... actually I'm still writing on that - stay tuned. I was going to take a break and refill my coffee when I saw Fastly's fourth annual Global Security … Continue reading AI-First Companies Are Getting Wrecked: Fastly’s 2026 Breach Data
Headline character count: 65 Was only at my 10th espresso just finishing up reading about Iran this morning and I hadn't even clicked refresh before this gem landed. North Korea's Contagious Interview crew just dropped 26 fresh malicious packages into the npm registry, and per The Hacker News reporting from March 2, these little bastards … Continue reading North Korea’s npm Malware Factory: 26 Packages, Your Dev’s Next
You know what? I was just sitting down with my third coffee of the morning, still processing the geopolitical shitshow from last weekend, when my feed lit up like a Christmas tree on fire. Iran's internet is at one percent of normal traffic. One. Fucking. Percent. According to NetBlocks — who are about as reliable … Continue reading Iran Goes Dark: The Biggest Cyberattack in History Just Happened