California Just Built a Data Deletion Tool That Actually Works (And Data Brokers Are Sweating)
California’s DROP lets consumers delete data from 1,600+ brokers in one click—but behind the scenes it raises serious security, compliance, and transparency risks.
SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution
Contents
1. The Ethical Blueprint: Building Trust in Synthetic Media
1. S - Social Benefit
2. C - Consent
3. A - Accountability
4. N - Non-Deception
5. T - Transparency
2. Putting SCANT into Practice
3. TL;DR Checklist
4. It takes work!
5. AI - Embracing the Human
6. Speaking of ISO 42001
The Ethical Blueprint: Building Trust in Synthetic Media
Lots of damage has been done with AI, and to keep from deep-sixing the forward-leaning tone I want in this article, I’ll re
Part 1 of a series on creating information security policies
Contents
* Security Starts at the Top (or, Governance Makes or Breaks Your Security Program)
* Disclaimer
* Why Governance Comes First
* The Information Security Policy: Setting the Tone
* Risk Management: Replace Guesswork with Discipline
* Roles and Responsibilities: Eliminating the Accountability Gap
* What Auditors Look For
* Common Pitfalls to Avoid
* Governance as a Force Multiplier
* Afterword about Infosec Policy an
CTFs aren't Designed to Train Investigators. Hashclue is.
Real investigations start with noise, a fragment, a pattern, something that doesn't fit. Almost nothing in the standard training stack teaches you to work that problem. Hashclue is an attempt to build something that does.
People, Policies, and Purpose: Framing Acceptable Use and Human Behavior in Information Security
Part 2 of a series on creating information security policies
Many breaches don’t start with sophisticated hackers; they start with ordinary users doing ordinary things in unsafe ways. Let’s look at 3 ways to work toward helping people in our organizations understand better how to safeguard everyone’s information.
Because there are as many ways to create a policy as there are organizations - compounded with the numerous requirements from regulations - I won’t attempt to provide a one-size-fits-
The CTF Ecosystem Is Stagnant and Has Been for Twenty Years
CTFs haven't changed in decades. Better puzzles, same game. The problem isn't technical difficulty, it's that nobody has ever made you commit to anything.
You pulled the threads, mapped the connections, built the timeline. The data looks clean and the narrative holds. Then someone asks a question you didn't consider and the whole picture shifts. The failure was not in your tooling.
Your AI Agents Are Creating Identity Chaos (And You Don't Even Know It)
The AI agent explosion is happening whether we're ready or not. The companies that take identity seriously now will save themselves a world of pain later.
Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up
Part 3 of a series on creating information security policies.
Attackers don’t break in…they log in.
That’s a bit of a dramatic exaggeration, and it seems cliché, but it’s not really too far off.
Consider the 2022 Uber breach. The attacker didn’t exploit a sophisticated vulnerability; they obtained a contractor’s credentials and then bombarded the user with MFA push requests until one was approved. That single moment of fatigue opened the door to internal systems and broader access.
Or look a
An introduction to the canine intelligence cell, a volunteer investigative effort focused on exposing the criminal networks exploiting dogs through trafficking, legal loopholes, fraud, violence, and organised abuse.
Asset Management & Data Classification: You Can’t Protect What You Can’t See
Part 4 of a series on creating information security policies.
Visibility before Protection
Organizations often invest heavily in cybersecurity tools: endpoint protection, firewalls, SIEM platforms, MFA, cloud security solutions, and threat detection services. Unfortunately, many security incidents still come down to a surprisingly simple problem: organizations do not fully understand what they own or where their sensitive data resides.
Before an organization can protect its environment, it fi
क Karna: we built our own WAF. Modern, Fast and Free.
We replaced ModSecurity with Karna, our open-source WAF engine in Lua and C running as a Kong plugin. CRS-compatible, MCP-aware, can sanitize instead of blocking, and 2 to 4 times faster than ModSecurity in our benchmarks. The honest story of why, how, and how to try it.
क Karna: we built our own WAF. Modern, Fast and Free.
We replaced ModSecurity with Karna, our open-source WAF engine in Lua and C running as a Kong plugin. CRS-compatible, MCP-aware, can sanitize instead of blocking, and 2 to 4 times faster than ModSecurity in our benchmarks. The honest story of why, how, and how to try it.
Truffe sulle app di messaggistica: per Gartner una delle 4 aree di rischio, come difendersi
Oggi non ci confrontiamo più con testi scritti male o facilmente riconoscibili, ma con messaggi coerenti, voci clonate e persino video realistici. Distinguere ciò che è vero da quello che è falso è sempre più complesso. Ecco come difendersi dalle truffe su WhatsApp e multicanale
Threat Intelligence & AI governance: dalla scatola nera al teatro operativo
L'interpretabilità dei modelli di AI è uscito dai laboratori per diventare una questione di governance globale. Per chi opera in Threat Intelligence, le implicazioni sono dirette e urgenti. Ecco come la crisi dell’interpretabilità dell’AI ridisegna il panorama delle minacce cyber
OpenClaw, nuova frontiera del malware che non va demonizzato
Una sofisticata campagna di cyber spionaggio trasforma i flussi di lavoro degli agenti AI in vettori d'attacco per distribuire Remcos RAT e GhostLoader attraverso tecniche avanzate di evasione e le skill di OpenClaw fanno da sfondo
Over 20,000 Instagram accounts stolen in Meta AI support hack
Meta has revealed that over 20,000 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords.
Hands on with Intelligent Terminal, an AI-powered Windows Terminal
Microsoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regular session.
Silent Ransom Group targets law firms with fake IT support calls
The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant.
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website.
Quando si affronta un incidente cyber, la strategia del silenzio è totalmente fallimentare per le organizzazioni sia da un punto di vista legale che, soprattutto, reputazionale. Questo significa dover integrare nell'incident management anche un piano per la gestione delle comunicazioni