Tycoon 2FA Is Dead: Europol Kills the MFA-Busting PhaaS King

March 6, 2026March 9, 2026 ~ larshilse ~ Leave a comment

I need a minute. Because this is genuinely good news, and I don't get to write those very often, and I want to savour it for approximately thirty seconds before I spend the next fifteen hundred words explaining why it doesn't actually fix the underlying problem and you still need to sort your shit out. … Continue reading Tycoon 2FA Is Dead: Europol Kills the MFA-Busting PhaaS King

The Sophos 2026 Report Is Out: Attackers Work Nights and Own Your AD in 3 Hours

March 1, 2026February 27, 2026 ~ larshilse ~ Leave a comment

Every year Sophos drops their Active Adversary Report and every year I read it and every year I need something stronger than coffee to process the implications. This year is no different, except the numbers are somehow getting worse in the specific ways that tell you the industry still hasn't absorbed the lessons from five … Continue reading The Sophos 2026 Report Is Out: Attackers Work Nights and Own Your AD in 3 Hours

IBM X-Force 2026 – AI Turbocharges Attackers While Your Basics Still Suck

February 27, 2026February 27, 2026 ~ larshilse ~ Leave a comment

IBM dropped their 2026 X-Force Threat Intelligence Index on February 25th and I have to say — reading through a 50-page threat report first thing in the morning is my version of coffee-fueled rage therapy. Because every single year, the finding is essentially the same: attackers are getting better, faster, and more creative, while defenders … Continue reading IBM X-Force 2026 – AI Turbocharges Attackers While Your Basics Still Suck