Security Articles and Resources

Modern engineering changed overnight. Modern engineering organizations did not. Tools like Claude Code, Codex, and Kiro have fundamentally changed who can build software. The old boundary between “engineer” and “non-engineer” is collapsing fast. SOC analysts are building workflow dashboards. Sales teams are automating quoting systems. Operations staff are writing internal tooling. Executives are …

Phishing campaigns are a moving target. The sender domain rotates every 48 hours. The PDF hash changes with each wave. The landing page infrastructure spins up on fresh hosting and disappears before anyone can block it. Chasing those indicators is necessary. It is also a treadmill. Microsoft’s Defender Research team recently published a detailed analysis of a large-scale …

You cannot detect a malware sample that deletes itself from disk before your EDR blinks. That is the honest starting point for any discussion of QLNX. Trend Micro’s TrendAI Research team discovered Quasar Linux – QLNX – a previously undocumented Linux remote access trojan with near-zero initial detection rates. It executes entirely from memory via memfd_create and execveat, wipes its own binary …

There’s a good chance Ollama is running somewhere in your environment right now. You might not know about it. The developer who installed it probably didn’t file a ticket. It’s listening on port 11434, bound to all network interfaces, with no authentication — because that’s the default. That was already a risk. Then Cyera’s research team found CVE-2026-7482, and the risk got a lot more concrete. …

Every security team has the same problem. Alerts pile up. Analysts burn out triaging noise. A new threat actor drops a technique, and the team scrambles to build a detection — only to realize it only works in Splunk, and half the org runs Elastic. Sigma was built to solve this. Not just as a rule format, but as a philosophy: write your detection logic once, express it clearly, and let tooling …

Zero-days are designed to be invisible. A buffer overflow in a network appliance doesn’t show up in your SIEM. It doesn’t spawn a suspicious process. It doesn’t drop a file in a temp directory. It exploits a parsing mistake in memory, at a layer your detection tooling was never designed to see. That’s the honest truth about CVE-2026-0300 — a critical unauthenticated RCE in …

You’ve probably heard the name Scattered Spider. They made headlines by breaching MGM Resorts and Caesars Entertainment using nothing more sophisticated than a phone call. No zero-days. No nation-state tooling. Just a convincing voice, a tired help desk employee, and a chain of technique abuse that most organizations weren’t watching for. Here’s the thing: chasing Scattered Spider specifically …

Dirty Frag is one of those Linux privilege escalation vulnerabilities that reminds defenders why behavioral detection matters. Public proof-of-concept (PoC) exploits appeared quickly after disclosure. Most defenders initially focused on detecting known exploit filenames or hashes. That works for copy-paste attacks, but it fails the moment an attacker recompiles the exploit or renames the binary. …

Why Security Leaders Should Rethink Team Performance Directors in managed detection and response (MDR) roles face a balancing act. Some engineers and managers are seasoned experts with deep technical chops. Others are new, still learning the craft. The challenge isn’t just technical—it’s cultural, relational, and operational. That’s where Tim Baker’s Winning Teams: The Eight Characteristics of …

What is Vibe Coding, Anyway? If you haven’t heard the term yet, vibe coding is the modern art of building software with the help of AI — without worrying too much about traditional engineering processes like careful planning, architecture diagrams, or best practices. It’s coding by feel. It’s making things that work, fast, using AI as your co-pilot (or honestly, your chauffeur). …