Federal Agency Breached via Cisco Firepower 0-Days
CISA confirms federal breach via Cisco Firepower CVE-2025-20333 and CVE-2025-20362. Plus Bitwarden npm supply-chain compromise and China IoT proxy botnets.
Posts
MFA Fatigue Attack: Spamming Push Notifications Until You Tap Approve
MFA fatigue mechanics, real Uber and Cisco breaches, detection with Entra ID KQL and Splunk SPL, and defenses including number matching and FIDO2.
XDR Explained: Palo Alto Cortex vs CrowdStrike vs Microsoft Sentinel
What XDR actually is, how Palo Alto Cortex XSIAM, CrowdStrike Falcon, and Microsoft Sentinel compare on detection, response, data sources, pricing, and customer …
Golden Ticket Attack: Forging Kerberos Tickets for Unlimited Domain Access
How attackers forge Kerberos TGTs using the KRBTGT hash for persistent domain access — mechanics, Mimikatz commands, detection, and the double-reset …
How to Position SASE to a CISO Who Doesn't Want Another Platform
SE playbook for positioning SASE to CISOs experiencing platform fatigue — consolidation messaging, ROI frameworks, objection handling, and the crawl-walk-run …
Microsoft Defender Zero-Day Exploited Pre-Disclosure
CISA adds Microsoft Defender zero-day to KEV. Unit 42 Zealot AI agent pwns cloud. CanisterSprawl npm worm self-propagates. Talos Q1 2026 IR data.
SaaS Replacement: How AI Agents Are Disrupting Enterprise Software
"SaaS is dead." Satya Nadella said it on All-In in late 2024. Everyone laughed. Eighteen months later, Klarna went on the record — they fired Salesforce, fired
Cisco Umbrella vs Zscaler vs Palo Alto Prisma Access: SSE Comparison
SSE platform comparison for SEs — Cisco Umbrella, Zscaler, and Palo Alto Prisma Access architectures, feature matrices, deployment complexity, performance, and …
CVE-2026-40372 — Microsoft ASP.NET Core OOB Patch
CVE-2026-40372 ASP.NET Core privilege escalation OOB patch, AirSnitch WPA2/3 bypass, phishing tops Q1 2026 initial access vectors
Serverless Injection: Attacking Lambda Functions Through Event Data
How attackers exploit Lambda event data injection through S3, SQS, and API Gateway. Command injection PoCs, SSRF to steal IAM credentials, detection, and …