Talk to a Strategist

612-656-4162

Get Started

Category: Blog

The Vanishing Buffer

An hour over a Colorado pass, a sentence in a Google ballroom, and the disappearance of the one thing every previous technology revolution quietly handed us: time Pueblo, Colorado. Hours before sunrise. To the west, the mountains we would have to cross were still dark on dark, more shape than range. A slight breeze worked […]

Harmony, Abnormal, Proofpoint: What Matters In Email Security

Featured image for an email security blog showing a suspicious wire transfer email investigation with the title “What Matters in Email Security.”

Most email security products are about as effective as eating spaghetti with a spoon. I have used quite a few. Three stand out. That number may shrink or expand because security tools change and evolve constantly. A firewall product that led the market twenty years ago should not be anywhere near a data center today. […]

When the AI Bubble Deflates, What Survives

A coworker told me today that the AI bubble is going to pop. He did not say it as a provocation. He said it with the calm of someone who has already seen how this movie ends. I feel it too. The market is going to correct. The question that stayed with me is not […]

When the Classroom Gets Hacked: The ShinyHunters Canvas Breach

Finals week is already one of the most stressful times of the academic year. For millions of students in May 2026, it got significantly harder when a threat actor group called ShinyHunters compromised Instructure, the parent company behind Canvas. With 30 million active users and 8,000+ institutional customers, Canvas serves as a central hub for […]

OSINT Isn’t Trivia. It’s Your Account Recovery Map.

Too many teams still treat OSINT as a scavenger hunt. Attackers do not. They correlate phone numbers, legacy emails, birthdays, family names, breach artifacts, and marketplace handles into a single story: how to recover, reset, or reissue access around your controls.  Here is the uncomfortable truth for security leaders: enterprise exposure is often shaped by […]

Browser Extensions Are the Quiet SSO Bypass

Most organizations have a process for evaluating software. Procurement reviews, security assessments, sometimes formal vendor questionnaires. Almost none of them have a process for evaluating what browser extensions their employees are running. That gap is exactly what this campaign exploits. Researchers at Socket documented 108 malicious Chrome extensions sharing a single command-and-control backend, collectively installed […]

What The FCC Router Ban Means For Security Leaders

Why This Matters Most teams treat consumer routers as commodity hardware. The FCC’s latest move challenges that assumption — blocking new foreign-made consumer routers from U.S. markets on national security grounds. The rationale is credible. State actors like Volt Typhoon have used small office and home office routers as staging points for intrusion, surveillance, and […]

Iran-Linked Cyber Surges Reward Boring Preparedness

When The Noise Arrives Early During recent U.S. and Israeli escalation involving Iran, security teams watching multiple environments saw something familiar: waves of spam and scanning activity showed up before the headlines fully landed. Whether you call it pre-positioning, opportunistic copycats, or state-adjacent actors moving on a predictable schedule, the operational point is the same. […]

Wearables Make Capture Passive

Wearable AI recording device pin on a suit jacket beside the title “The Rise of Wearable AI Surveillance,” representing cybersecurity risks of wearable AI recording devices.

A phone is an obvious recording device. A wearable pin is engineered to be frictionless and socially normal. That shifts risk in ways many meeting norms and acceptable use policies were never built for. When collection becomes passive, users do not need to decide to “record.” In some homes, automation assistants from Amazon or Google […]

The AI Agent Hype Cycle: When Viral Platforms Are More Human Than They Appear 

Two robotic hands suspended against a black background with puppet strings hanging from their fingers beneath the headline “Autonomous? Or Just Automated?”, symbolizing AI agent security and human-controlled automation.

A supposed social network for autonomous AI agents goes viral. Screenshots of AI conversations spread across LinkedIn and Twitter. Headlines suggest emergent machine behavior. Security professionals panic. Executives ask their CISOs what it means for their organization.  Then researchers look under the hood and find something far more mundane: humans with automation scripts.  The Promise […]