Month: March 2026

RESURGE Is Still on Your Ivanti Gear — Dormant, Waiting, Hiding

RESURGE Is Still on Your Ivanti Gear — Dormant, Waiting, Hiding
~ larshilse ~ Leave a comment

I hadn't even finished my second coffee after writing about China's UNC5221 carpet-bombing organisations globally, and CISA decides to drop an updated malware analysis report that should make every network defender in the room deeply, personally uncomfortable. RESURGE is still out there. On Ivanti Connect Secure devices. Possibly yours. Dormant. Undetected. Sipping a metaphorical coffee … Continue reading RESURGE Is Still on Your Ivanti Gear — Dormant, Waiting, Hiding

Iran’s Cyber War Machine Is Live — Gulf Energy in the Crosshairs

Iran’s Retaliatory Hackers Target Gulf Energy and Power Grids
~ larshilse ~ Leave a comment

I hadn't even finished writing about Chinese state hackers quietly carpet-bombing 53 organisations globally when this landed on my desk like a grenade. Iran. Retaliatory cyber campaign. "No red lines." Sixty-plus threat groups coordinating under a single umbrella. My coffee went cold the moment I read the words "Electronic Operations Room" and I have not … Continue reading Iran’s Cyber War Machine Is Live — Gulf Energy in the Crosshairs

APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open

APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open
~ larshilse ~ Leave a comment

Right. So. I spent half of last week writing about APT28's Operation MacroMaze phishing circus and barely had time to finish my fourth coffee before Akamai dropped this particular turd in my inbox. APT28 — Russia's GRU-affiliated gift that keeps on giving — was out here quietly burning a zero-day in the MSHTML Framework, CVE-2026-21513, … Continue reading APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open

APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open

APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open
~ larshilse ~ Leave a comment

Right. So. I spent half of last week writing about APT28's Operation MacroMaze phishing circus and barely had time to finish my fourth coffee before Akamai dropped this particular turd in my inbox. APT28 — Russia's GRU-affiliated gift that keeps on giving — was out here quietly burning a zero-day in the MSHTML Framework, CVE-2026-21513, … Continue reading APT28 Burned CVE-2026-21513 Before Microsoft Even Knew It Was Open

AI-First Companies Are Getting Wrecked: Fastly’s 2026 Breach Data

AI-First Companies Are Getting Wrecked: Fastly’s 2026 Breach Data
~ larshilse ~ Leave a comment

Right. I've already written today about Iran's internet going dark, North Korea flooding npm with spyware, and a Chrome zero-day that lets extensions hijack your AI assistant... actually I'm still writing on that - stay tuned. I was going to take a break and refill my coffee when I saw Fastly's fourth annual Global Security … Continue reading AI-First Companies Are Getting Wrecked: Fastly’s 2026 Breach Data

North Korea’s npm Malware Factory: 26 Packages, Your Dev’s Next

North Korea’s npm Malware Factory: 26 Packages, Your Dev’s Next
~ larshilse ~ Leave a comment

Headline character count: 65 Was only at my 10th espresso just finishing up reading about Iran this morning and I hadn't even clicked refresh before this gem landed. North Korea's Contagious Interview crew just dropped 26 fresh malicious packages into the npm registry, and per The Hacker News reporting from March 2, these little bastards … Continue reading North Korea’s npm Malware Factory: 26 Packages, Your Dev’s Next

Iran Goes Dark: The Biggest Cyberattack in History Just Happened

Iran Goes Dark: The Biggest Cyberattack in History Just Happened
~ larshilse ~ Leave a comment

You know what? I was just sitting down with my third coffee of the morning, still processing the geopolitical shitshow from last weekend, when my feed lit up like a Christmas tree on fire. Iran's internet is at one percent of normal traffic. One. Fucking. Percent. According to NetBlocks — who are about as reliable … Continue reading Iran Goes Dark: The Biggest Cyberattack in History Just Happened

HITL&ER – A Theoretical Framework for the Decline of Human Oversight in AI-Generated Code

HITL&ER – A Theoretical Framework for the Decline of Human Oversight in AI-Generated Code
~ larshilse ~ Leave a comment

The Slow, Inevitable Death of "Someone Needs to Check the AI's Homework" Look, the whole "human in the loop" thing in AI-generated code? It's dying a gore, horrific death… only not dramatically, not overnight — but measurably, and with increasing speed, driven by benchmark data that's honestly kind of alarming, real-world deployment numbers, and the … Continue reading HITL&ER – A Theoretical Framework for the Decline of Human Oversight in AI-Generated Code

The Sophos 2026 Report Is Out: Attackers Work Nights and Own Your AD in 3 Hours

The Sophos 2026 Report Is Out: Attackers Work Nights and Own Your AD in 3 Hours
~ larshilse ~ Leave a comment

Every year Sophos drops their Active Adversary Report and every year I read it and every year I need something stronger than coffee to process the implications. This year is no different, except the numbers are somehow getting worse in the specific ways that tell you the industry still hasn't absorbed the lessons from five … Continue reading The Sophos 2026 Report Is Out: Attackers Work Nights and Own Your AD in 3 Hours