Jeff W.

Cyber Budgets Slow, AI Surges: What the Data Says About 2026 In a mixed economic environment, how are cybersecurity budgets competing among business priorities, and what may be ahead for 2026?

“Cyber Budgets Slow, AI Surges: What the Data Says About 2026”

Most Companies Fear State-Sponsored Cyber-Attacks New IO study claims 88% of US and UK firms are concerned about state-sponsored cyber-attacks

👉 “Organizations that understand their exposure, test their defenses, and secure their supply chains will be best placed to withstand the next wave of attacks,” argued Sam Peters, Chief Product Officer at IO.

Penn institutes mandatory information security training for all employees following data breach All Penn faculty and staff — including student workers and postdoctoral students — will be required to complete the training.

Never let a good crisis go to waste!

If your organization doesn't have security awareness training, don't let cost or complexity be the roadblock. There are lots of good resources out there to throw into a slide deck. It's better than doing nothing.

Tenable: AI and Hybrid Cloud Growth Outpacing Security Defenses Tenable warns cloud and AI adoption outpace defenses, with 34% of AI workloads already linked to breaches.

Most businesses now operate multiple, complex cloud environments, but many face major security gaps and have suffered AI-related breaches.

Does TSA Let You Travel With A Flipper Zero In Your Carry-On Luggage? - BGR There are no official TSA restrictions for the Flipper Zero, but that doesn't mean you won't be stopped or questioned by a curious agent for carrying one.

I travel with my FZ all the time and have never had an issue. Are these folks waving it around?

Strip club execs bribed auditor with private dances, free trips to avoid paying millions of dollars in taxes, charges say RCI Hospitality Holdings received favorable treatment during at least six tax audits in exchange for the perks given to a state auditor, authorities said.

🤣 "According to the indictment, the auditor texted ... "This was the best trip I had in Florida. The girls were very beautiful and nice."

Time's up! ⏰

Upgrade to Windows 11 (if your PC supports it), purchase a new device with Windows 11 or another OS, or enroll in the Extended Security Updates (ESU) program for one more year of updates.
www.engadget.com/com...

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns Astaroth banking trojan exploits GitHub for resilience, targeting Latin American users via phishing.

A newly observed Astaroth banking trojan campaign leverages GitHub to keep its operations running even when traditional command-and-control infrastructure is disrupted.

CMMC Is Finalized. How Will It Impact State and Local Government? What is Cybersecurity Maturity Model Certification from the Department of Defense and why should state and local governments care about it? How agencies can leverage funding to grow their security programs.

"CMMC Is Finalized. How Will It Impact State and Local Government?"

Microsoft Entra ID flaw allowed hijacking any company's tenant A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world.

The use of undocumented, unsigned actor tokens, coupled with a legacy API vulnerability, created a perfect storm.

Jaguar Land Rover shutdown extended again after cyber attack The business secretary will also meet suppliers of the car maker who are at risk of closure.

Recovery Time Objective and Maximum Tolerable Downtime are often confused. Here's a great example where I'm sure the RTO was hours (or less) and the MTD is apparently weeks - however the question of JLRs future viability is still unanswered.

The Silent Threat: How Misconfigurations Fuel the Cyber Crime Economy Billions of records are breached each year as a result of misconfigured servers, firewalls and other network devices. What can be done? Let’s explore.

Yes, Virginia. Security IS hard.
Few clients I encounter have implemented baseline configs and hardening, yet these are essential. Combine with vuln scans and periodic pentests, and you create a stronger and more secure foundation.

Microsoft to force install the Microsoft 365 Copilot app in October Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA) region that have the Microsoft 365 desktop client apps.

Now would be a great time to look into what control gaps might be created and available tooling to block its use, if needed.

Check out Offensive Countermeasures: The Art of Active Defense by John Strand if you're interested in more information on the topic.

Cyber Privateers: The Return of the Hack-Back Debate Is the second Trump administration open to private-sector companies — or non-military or other government agencies — using offensive security against cyber threats?

One of the things that concerns me about OffSec is that you don't often know your adversary very well. Just like the old saying goes, don't bring a knife to a gunfight.

🥇“We are now in recovery . . . Our approach is deliberate, prioritized, and secure: systems are brought back only after testing and validation, with priority given to those essential for public safety, financial stability, and daily operations.”

Great summary of some often-forgotten information security controls. Partnering with your facilities team is the best way to ensure you can be successful.

The Silent Threat: How Unclaimed Subdomains Can Lead to Catastrophic Takeovers

Introduction: Subdomain takeover vulnerabilities represent a critical yet often overlooked attack vector in modern cybersecurity. When a company points a subdomain to a third-party service like Softr, Vercel, or AWS but…

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware Silver Fox exploited a Microsoft-signed WatchDog driver in May 2025 to bypass defenses, deploy ValleyRAT, and enable fraud.

The threat actor Silver Fox exploited a previously unknown vulnerable driver linked to WatchDog Anti-malware in a BYOVD attack, disabling security solutions on compromised hosts.

Disney to Pay $10 Million for Collecting Children’s Data on YouTube Disney has agreed to a $10 million civil penalty for failing to designate videos from 'Coco,' 'The Incredibles' and 'Frozen' as 'made for kids.'

FTC complaint claims that Disney did not label specific YouTube videos as intended for children when uploading them to the platform. This oversight led to those videos being subjected to online advertising.

Jaguar Land Rover says cyberattack ‘severely disrupted’ production Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort.

"Jaguar Land Rover says cyberattack ‘severely disrupted’ production"

I was once reported to HR for threatening to commit Office Space-style violence against a Citrix cluster. It resulted in a formal meeting with my manager (where we both had a good laugh).

Just a reminder that not everyone sees things as (funny) as you do!

"Using This Domain (onmicrosoft.com)? Microsoft Will Soon Restrict Your Emails"
www.pcmag.com/news/u...

US charges Oregon man in vast botnet-for-hire operation Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history.

"US charges Oregon man in vast botnet-for-hire operation"

Microsoft blames configuration change for another 365 outage : What testing is happening before changes hit production?

Always have a rollback plan. It should be more detailed than "Ctrl-Z" so that others can understand what you did and reverse it, if necessary.

Apple fixes new zero-day flaw exploited in targeted attacks Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack."

Another reminder that having an Apple device does not make you impervious to attack. Patch 'em if you got 'em!

25% of security leaders replaced after ransomware attack In a perfect world, such things would happen only when the CISO made explicit errors. In the corporate world, though, scapegoating is tradition.

I'm surprised it was that low. I estimate closer to 40-50 percent.

Workday Breach Linked to ShinyHunters Salesforce Attacks The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system but did not gain access to customer information; only "commonly available" business contact info was e...

The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system but did not gain access to customer information; only "commonly available" business contact info was exposed. www.darkreading.com/application-...

Ugh, a quintet of hooded hackers!

Myth: Macs can't get viruses. 🚫🦠 Truth: While they're less targeted, Macs can still fall victim to malware! Stay vigilant, everyone! #CyberMyths