Lucy Green

From Air Force intelligence to frontier AI, the CISO hiring market is moving. Here is who landed where — and what the patterns suggest.

The acquisition adds non-human identity and secrets management to SailPoint's governance platform — a gap that's become increasingly hard to ignore.

CVE-2026-50656 is a privilege escalation bug in the Malware Protection Engine — the component sitting at the heart of every Defender install.

New Delhi cites leaked exam papers circulating in Telegram channels. Pavel Durov says Reliance Jio went further, hijacking BGP routes that broke the app well outside India's borders.

Verizon's latest report reveals exploitation of vulnerabilities and rising ransomware as key challenges. Preparation is crucial.

A China-linked espionage group hijacked REDCap's own upgrade process to plant persistent malware across academic, medical, and defense-adjacent research environments.

Two undocumented Windows builds of the China-linked backdoor — tagged WIN_DRV and WIN_PLUS — extend a toolset previously seen only on Linux.

The North Korea-linked cluster is back with phishing pretexts aimed at developers — recruiter pitches and code-review requests that drop malware on engineers' workstations.

A default low-privilege account on the popular open-source LLM proxy can escalate to admin and execute code, exposing every provider key the gateway holds.

A vendor webinar argues that pattern-learning models can cut investigation time on BEC and account takeover incidents. The harder question: what does that mean for breach-notification timelines?

European enterprises spent two years and real money on sovereign cloud deployments. What they found is that data residency is the easy part — and that AI agent identities are the part nobody governed.

An unknown actor is exploiting a 7.8-rated authentication bypass in PAN-OS portals and gateways to slip past GlobalProtect logins.

Researchers describe a prompt-injection class that turns developer error-tracking pipelines into a remote code execution path against AI coding agents.

Operation Ramz dismantled a decade-old PhaaS storefront and pulled in its alleged operator, 'Guedz', across 13 MENA jurisdictions.

Two campaigns, one toolset. The Vietnam-aligned crew spent eighteen months inside a state-linked infrastructure builder before pivoting to a supply chain hit on retail stock investors.