General
20 articles
New infosec products of the week: May 15, 2026
Here’s a look at the most interesting products from the past week Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM model is br...
Trump administration's voter data collection efforts face legal challenges
The Department of Justice's Office of Legal Counsel issued a memo arguing that a provision in the 1960 Civil Rights Act, requiring election officials to reta...
[local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
Remote Sunrise Helper for Windows 2026.
April 2026 CVE Landscape
In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation, 35 of which had a Very Critical Recorded F...
[local] Windows Snipping Tool - NTLMv2 Hash Hijack
Windows Snipping Tool - NTLMv2 Hash Hijack
Alleged Dream Market administrator indicted on money laundering charges
Owe Martin Andresen, 49, faces six counts each of international concealment money laundering and concealment money laundering, potentially leading to 20 year...
Fleet Device Management launches autonomous endpoint management platform
Fleet's new platform aims to shorten patch cycles from an industry average of 55 to 94 days to under two weeks, and in some cases, hours.
SecurityScorecard acquires Driftnet to enhance AI-driven risk management
The acquisition of Driftnet will see its internet scanning engine integrated into SecurityScorecard's TITAN AI platform.
TeamPCP hackers advertise Mistral AI code repos for sale
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [.
Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets
Tenable Hexa AI eliminates “zombie” cloud infrastructure, helping you reduce risk and make a “killing” on cost reduction. Key takeaways As AI accelerates clo...
You're not going to patch your way out of this - PSW #926
Regional routing for AWS access portals: Implementing custom vanity domains for IAM Identity Center
AWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and applications.
Pentagon cyber official calls advanced AI ‘revolutionary warfare’
Paul Lyons, principal deputy assistant secretary for cyber policy, also discussed the importance of cyber offense. The post Pentagon cyber official calls adv...
White House cyber official: identity security matters more than ever in the age of AI
While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official...
Suspected Dream Market kingpin arrested after gold bars sent to his home address
Lesson one for aspiring dark web kingpins: don't have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security ...
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. [.
ODNI taps officials to coordinate response to foreign election threats
Director of National Intelligence Tulsi Gabbard has tapped two individuals to coordinate work across U.S.
Automating post-quantum cryptography readiness using AWS Config
Migrating your TLS endpoints to Post-quantum cryptography (PQC) starts with understanding your current TLS endpoint inventory and posture. This post introduc...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financ...