As more and more businesses move to the cloud, the “castle and moat” principal of securing networks just aren’t working anymore. Perimeter-based defenses (think walls around the network) won’t hold up against today’s complex cyber threats. With remote work, hybrid environments, and more advanced attacks, one thing has become clear: implicit trust is a major…

If you’re using Azure Storage, you probably use Shared Access Signatures (SAS tokens) to share data without handing out account keys. They’re super convenient — but they can also be a big security risk if you’re not paying attention. A SAS token is basically a key — anyone who has it can get in. I’ve…

Every day, I’m inspired by how AI is transforming healthcare—spotting rare conditions earlier, personalizing treatments, helping clinicians reclaim time with their patients. The pace of change is incredible. But with that momentum comes a growing responsibility to ask the tougher questions. How do we protect deeply personal health data as it flows through complex, AI-powered…

Infostealer malware, more specifically Lumma Stealer, detections have increased by almost 400% during the latter part of 2024. Lumma Stealer is a malware strain targeting two-factor authentication (2FA) crypto wallets, browser extensions, and user credentials. It is often disguised as legitimate applications, such as “CCleaner 2024.” Upon extracting the malicious .rar archive, the payload includes…

Echoleak (CVE-2025-32711) could allow threat actors to steal data without the target user having to do anything. According to AIM researchers it is the first known aero-click attack on an AI entity. It exploits what’s known as an “LLM scope violation” allowing untrusted input from outside the organization. As Copilot has access to Outlook, OneDrive,…

A notorious Russian threat group has reemerged with new malware and new tactics. Known as Sandworm, or Voodoo Bear, this state-backed cyber group—linked to Russia’s military intelligence service (GRU)—has begun deploying a sophisticated modular malware framework called Cyclops Blink, replacing their previously known VPNFilter infrastructure. This update comes from a joint alert issued by UK…