Blog

Everyone says cyber has a talent shortage. Plenty of professionals can't get hired. Both things are true — and the gap between them is the story.

Trump's 2026 National Cybersecurity Strategy dropped Friday. I read it so you don't have to skim the headlines and miss what actually matters.

AI isn't just automating tasks anymore. It's threatening the economic contract that has held society together for two centuries. We need to start talking about what comes next.

In January 2026, Anthropic and Mozilla quietly ran a two-week experiment that I believe will be looked back on as a turning point for application security.

This week delivered one of the clearest market signals in AI history, and most people missed it.

A CISO's perspective on securing agentic AI.

In late October 2025, security researcher Johann Rehberger published a proof‑of‑concept demonstrating how the network‑enabled code interpreter and Files API in Anthropic's Claude model could be abused to exfiltrate private data.

When we talk about the next frontier in cyber risk, it's no longer just IoT, cloud, or identity. It's the rise of agentic AI — autonomous software agents that think, act, and in many cases operate with minimal human oversight.

Today we dive into critical updates for BIND against high-severity cache poisoning flaws, the zero-day exploitation of Lanscope Endpoint Manager that requires immediate federal attention, and the serious governance concerns raised by "vibe coding" and AI-generated code's lack of judgment.

This week, we dive into Operation ZeroDisco, where threat actors deployed rootkits onto older Cisco routers by exploiting a recent zero-day. We also analyze the consequences of the Discord breach, F5's revelation of a nation-state attack that stole source code, and the massive crypto "pig butchering" scam that led to the seizure of over $14 billion in Bitcoin.

Today, I unpack the massive October 2025 Patch Tuesday, covering exploited Windows zero-days, critical vulnerabilities in Adobe Connect and major ICS vendors like Red Lion, Siemens, and Rockwell. Plus, a deep dive into why enterprise organizations must ditch synced passkeys for device-bound credentials to prevent sophisticated authentication downgrade attacks.

Today delivered a trifecta of crises proving that security debt, supply chain complexity, and zero-day urgency remain top threats to the enterprise. From massive data leaks targeting critical ERP systems to hardware-level flaws shattering confidential computing, CISOs must immediately shift resources to address systemic weaknesses highlighted by the recent headlines.

For the modern CISO, cybersecurity news isn't just about threats; it's about strategic risk assessment and resource allocation. This week's news underscores three critical areas requiring immediate attention: high-value vulnerability mitigation, aggressive third-party risk, and the dire consequences of poor MFA hygiene.

The mortgage industry's biggest risk in 2026 won't be interest rates or origination volume — it'll be data compliance maturity.

A roundup across consumer apps, enterprise ERP, public safety vendors, and AI dev tools — and what CISOs should do next.