Hackerbot-claw does some damage

The Grace Period Is Over: AI Has Ended the Era of “Good Enough” Security Configurations

What Happened? Hackerbot-claw – an AI bot, running autonomously for a week, scanned 47,000 repos and compromised at least 6 major targets including Microsoft, DataDog, Aqua Security, CNCF projects, and popular tools like RustPython and Trivy by opening more than a dozen pull requests, achieving arbitrary code execution and exfiltrating tokens with write permissions. No zero-days. No nation-state resources. Just…

Read MoreThe Grace Period Is Over: AI Has Ended the Era of “Good Enough” Security Configurations

29 Minutes. That’s How Long You Have. What’s Your MTTD — and Do You Actually Know It?

CrowdStrike 2026 Global Threat Report finds that the average attacker breakout time has dropped to just 29 minutes for financially motivated attackers in 2025. That’s a whopping 65% acceleration year-over-year with the fastest observed breakout time clocking in at 27 seconds. Breakout time is the elapsed time between an attacker gaining initial foothold and moving laterally to another system inside…

Read More29 Minutes. That’s How Long You Have. What’s Your MTTD — and Do You Actually Know It?

Claude Code’s Remote Control Is a Developer Dream — and a Security Team’s Nightmare

Anthropic shipped Remote Control for Claude Code today — and developers are losing their minds over it. You can now kick off a complex coding session at your desk, walk away, and keep full control from your phone. It’s genuinely impressive engineering. But before you forward this to your dev team as a cool new tool, your security organization needs…

Read MoreClaude Code’s Remote Control Is a Developer Dream — and a Security Team’s Nightmare

Claude Code Security Announcement Ruffles Investors

On Friday, Investing.com reported that shares of cybersecurity software companies tumbled after Anthropic introduced Claude Code Security. CrowdStrike was among the biggest decliners, falling 8%, while Cloudflare slumped 8.1%. Zscaler dropped 5.5%, SailPoint shed 9.4%, and Okta declined 9.2%. The Global X Cybersecurity ETF fell 4.9% and closed at its lowest since November 2023. What Is Claude Code Security? Claude…

Read MoreClaude Code Security Announcement Ruffles Investors

Does “Open to Work” Really Mean “Open to Being Scammed?”

I started seeking the next step in my career a few weeks ago. I first updated my resume and set my LinkedIn profile to “Open to Work” for recruiters and hiring teams to see my status. I also put a post indicating that I was “Open to Work” outlining what I am seeking. Within minutes, I was contacted by two…

Read MoreDoes “Open to Work” Really Mean “Open to Being Scammed?”

Policies, Procedures, and Standards – Why They Are Needed and Their Impact on Corporate Security

People by nature don’t like to be told what to do. Most people would rather be told what needs to be done and left to their own devices to produce the end result. That approach works fine if you are an organization of one. Bring in another person and suddenly things start to get done differently by each person. Those…

Read MorePolicies, Procedures, and Standards – Why They Are Needed and Their Impact on Corporate Security

Security Faux Pas – Owning Up When You Make A Mistake

A company can have the best security controls in place, have a staff that is highly security-aware and have what they consider outstanding security practices in place and yet bad things can and do happen. Many times, security breaches are caused by malicious actors exploiting some unnoticed vulnerability in a running service or other infrastructure. These breaches happen without involving…

Read MoreSecurity Faux Pas – Owning Up When You Make A Mistake

Understanding the Value of a SOC 2 Report (Service Organization Controls)

A recent post by Kendra Cooley led to a lively discussion around the value of SOC2 attestations. She followed this up with an article that goes into a bit more depth. Discussion around these sorts of issues is always educational. The devil is in the details. When one discusses SOC without clarifying the details, the waters get muddy very fast.…

Read MoreUnderstanding the Value of a SOC 2 Report (Service Organization Controls)

Importance of Separating Corporate and Personal Identities and Devices

In 2013, malicious actors stole 40 million credit card numbers and the personal details from 70 million customers in what has become known as the Target data breach. For those of you that don’t know, Target is a very large retail chain with locations around the world. In addition to credit card numbers, the cybercriminals also got away with PINs,…

Read MoreImportance of Separating Corporate and Personal Identities and Devices