Category: Technology

  • Vulnerability Management Is Outgrowing Severity Scores

    Vulnerability management has always involved a mismatch between volume and capacity. Security teams identify thousands of findings across endpoints, cloud workloads, SaaS platforms, network appliances, containers, applications, and third-party software. Remediation teams do not have unlimited time, and many systems cannot be patched without maintenance windows, regression testing, uptime planning, or business approval. That is…

  • How AI Use Creates New Compliance Challenges

    AI adoption is creating a new class of compliance risk that does not fit cleanly inside traditional policy, audit, privacy, or security programs. For years, most compliance programs were built around known systems, known data flows, defined user roles, documented vendors, and repeatable business processes. Artificial intelligence changes that operating model. It introduces probabilistic outputs,…

  • The Growing Market for Stolen Browser Data

    The modern browser has become one of the most valuable data repositories in the enterprise. It stores passwords, cookies, active sessions, autofill fields, saved payment details, authentication tokens, browsing history, device identifiers, and traces of nearly every cloud platform a user touches during the workday. For attackers, that makes the browser less like a utility…

  • The Next Software Supply Chain Problem May Not Be Code

    Software supply chain security has spent the last several years focused on source code, third-party packages, vulnerable libraries, and malicious dependencies. That focus made sense. Incidents like Log4Shell, dependency confusion, typosquatting, and compromised open-source packages made it clear that organizations needed better visibility into what their applications were built from. That visibility still matters. SBOMs,…

  • How AI Changes Secure Code Review

    Secure code review has always required more than finding obvious injection bugs or checking whether a developer used the right library call. Good review connects code behavior to trust boundaries, data flow, authorization logic, state changes, error handling, deployment context, and abuse cases. AI does not remove that requirement. It changes the volume, speed, source,…

  • The Security Risks Hidden in Service Accounts

    Service accounts sit at the intersection of identity, application runtime, infrastructure automation, and privileged access. They run Windows services, connect middleware to databases, let pipelines deploy code, let SaaS applications read tenant data, and allow workloads in cloud and Kubernetes environments to call APIs without a person at the keyboard. That operational value also makes…

  • The Difference Between Passing a SOC 2 Audit and Maintaining a SOC 2 Program

    For many organizations, SOC 2 begins as a customer request. A prospect asks for the report, a contract requires it, or a sales cycle stalls until the organization can prove that it has controls in place to protect customer data. That pressure often turns SOC 2 into a project with a deadline, an audit window,…

  • June 2026 Patch Tuesday: Microsoft Addresses 200 Flaws, Including BitLocker and HTTP/2 Zero-Days

    Microsoft’s June 2026 Patch Tuesday includes security updates for 200 vulnerabilities, making it one of the largest patch releases in recent years. The update addresses three publicly disclosed zero-days and 33 critical vulnerabilities, the majority of which are remote code execution flaws. While none of the zero-days are known to have been exploited in the…

  • Why Traditional Patch Cycles Are Breaking Under AI-Speed Exploitation

    Vulnerability management has always been a race between disclosure, exploitation, prioritization, testing, and remediation. AI is compressing that race. The issue is not simply that attackers have better tools. It is that the entire vulnerability lifecycle is moving faster than the operational processes most organizations use to manage risk. For years, vulnerability management programs were…

  • Kali365: The Phishing Kit Built for Microsoft 365 Token Theft

    Kali365 is the latest reminder that Microsoft 365 phishing has moved beyond fake login pages and stolen passwords. According to the FBI, Kali365 is a phishing-as-a-service platform first seen in April 2026 and distributed mainly through Telegram. Its purpose is direct: help attackers obtain Microsoft 365 OAuth access and refresh tokens, bypass common MFA controls,…