From the field
Practical cybersecurity guidance drawn from real-world engagements. No theory. No marketing fluff. Just the things we wish someone had told us 20 years ago.
Is Your RMM Verifying Its OIDC Tokens? SimpleHelp CVE-2026-48558 Wasn't
A CVSS 10 auth bypass let attackers forge an OIDC token into a full SimpleHelp technician session, then push malware to every managed endpoint. Patch, hunt the logs, take the RMM off the internet.
The Orchestration Layer Is Where AI Finds Bugs: A Tour of Offensive LLM Harnesses
Model choice buys marginal gains. The harness around the model is where offensive LLM bug-hunting capability, cost, and reliability come from - here is a tour of the open-source tools and how to build one.
SharePoint CVE-2026-45659: An Authenticated Deserialization RCE Is Now Under Active Exploitation
An authenticated deserialization flaw in on-prem SharePoint Server is on CISA's KEV list and under active exploitation. Patch, rotate the machine keys twice, and hunt for web shells.
The Connected-App Blast Radius: How ShinyHunters Turned Stolen OAuth Tokens Into Salesforce Extortion
ShinyHunters is extorting major brands by stealing OAuth tokens from connected apps and reading Salesforce through the API, past MFA entirely. The connected-app inventory and the fix.
Can Ransomware Just Turn Off Your EDR? GentleKiller and the BYOVD Wave
The Gentlemen's GentleKiller framework disables 400+ security products with vulnerable signed drivers before encryption. The controls that make a BYOVD kill fail on a small team's endpoints.
Your SIEM Detects in 51 Minutes. Attackers Are Gone in 6.
Attackers reach exfiltration in minutes while the average SIEM takes 51 to alert. Where detection engineering at the source, not more storage, closes the gap for a small team.
Cursor's Command Allowlist Failed Open (CVE-2026-22708): Why Agent Safe Mode Is the Wrong Trust Boundary
An AI coding agent in safe mode still reached code execution. Why command allowlists are the wrong control for agentic tools, and the containment that holds.
RoguePlanet (CVE-2026-50656): The Unpatched Defender Race Condition That Spawns a SYSTEM Shell
A public exploit for CVE-2026-50656 (RoguePlanet) turns Microsoft Defender into a local path to SYSTEM on fully updated Windows, and there is no patch yet. What it does and what to run now.
Caller-Led Vishing Kits Are Defeating Okta MFA in Real Time
Caller-led phishing kits relay your Okta login live and walk past push and one-time-code MFA. How the kits work, how to hunt the relay in your logs, and the cutover that stops them.
Your Cyber Insurance Renewal Is Now a Security Audit: The 2026 Proof-of-Controls Gap
A paid-up cyber policy can be voided after a breach if you cannot prove the controls you attested to were actually enforced. What changed in 2026, and how to close the gap.
Auditing Your GitHub Actions Workflows for the Cordyceps CI/CD Flaw
A free GitHub account and one pull-request comment can run attacker code in your CI. How to find the Cordyceps pattern in your GitHub Actions workflows and fix it with zizmor.
86,644 FortiGate Firewalls Are Leaking Admin and VPN Credentials. Yours Could Be One.
FortiBleed has put valid admin and SSL VPN credentials for 86,644 internet-facing FortiGate firewalls in attacker hands. How to tell if yours leaked and what to reset first.
When the Attacker Is an Agent: Inside the First In-the-Wild LLM-Driven Intrusion
Sysdig watched an LLM agent run a real intrusion from a marimo RCE to a database dump in under an hour. The AI tells and the detections that survive a machine-speed operator.
Operation Endgame Cleaned 14,971 WordPress Sites. SocGholish Will Refill Them.
Law enforcement scrubbed SocGholish from nearly 15,000 WordPress sites, but the fake-update access broker rebuilds. The endpoint detection and CMS-hardening playbook.
The Klue OAuth Breach: Auditing the Salesforce Connected Apps You Forgot You Approved
A forgotten Klue integration's OAuth tokens pulled Salesforce CRM data for hours. How to inventory, scope, and monitor the connected apps in your own tenant.
Joomla Content Editor CVE-2026-48907: A Max-Severity Unauthenticated RCE Under Active Exploitation
A CVSS 10.0 unauthenticated flaw in the Joomla Content Editor lets attackers drop a webshell with no login. The mechanism, the patch, and how to hunt for compromise.
142 Packages in 88 Minutes: The Mastra npm Scope Hijack
A hijacked maintainer account pushed the easy-day-js typosquat into 142 Mastra npm packages in 88 minutes. How the infostealer worked, and how to check your build.
Your AI Agents Emit Security Events. Your SIEM Never Sees Them.
AI coding agents and RAG assistants generate security events that never reach your SIEM. The three log surfaces, and the detection rules, that close the gap.
Device-Code Phishing Now Steals Okta and Microsoft 365 Tokens, and Your MFA Never Fires
Kali365's phishing service abuses the OAuth device code flow against Okta and Microsoft 365, taking tokens after a real MFA login. The control that stops it, and how to hunt the tokens already issued.
Should Your Veeam Backup Server Be on the Domain? CVE-2026-44963 Settles the Question
A CVSS 9.4 flaw lets a low-privilege domain user run code on the Veeam backup server, but only domain-joined version 12 is exposed. Who must patch now, and the architecture fix.
Your SIEM Became the Front Door: Splunk CVE-2026-20253 and the Small-Business Response Playbook
An unauthenticated CVSS 9.8 flaw in Splunk Enterprise 10 lets an attacker write files and run code on the box that watches everything. Who has to patch now, and how to check.
You Connected AI Agents to Your Business. Here Is the Security Field Guide for Small Teams.
Small teams wired AI agents into email, files, and code this year through MCP. Here is what the new attack surface means, who it affects, and the short list of controls that matter.
Check Point CVE-2026-50751: The VPN Auth Bypass Qilin Used, and Why Patching Was Only Half the Fix
A maximum-severity Check Point VPN bypass was exploited for a month before the patch, and a Qilin ransomware affiliate used it. Who is exposed, and the assume-breach steps to take now.
Ivanti Sentry CVE-2026-10520: Root on Your Edge Gateway, and the Small-Business Patch-Now Playbook
A maximum-severity, unauthenticated flaw lets attackers run code as root on Ivanti Sentry, and exploitation began within a day. Who is affected, and what to do in the three-day window.
Identity Is the Front Door Now: The Enterprise Controls That Stop Attackers, Right-Sized for a Small Business
Two thirds of breaches now start with a stolen login, not malware. Here are the enterprise identity controls that matter most, right-sized for a small business to actually run.
LiteLLM CVE-2026-42271: The AI Gateway Flaw That Turns a Low-Privilege Key Into Remote Code Execution
An authenticated command injection in LiteLLM, chained with a Starlette host-header bypass, gives unauthenticated remote code execution on your AI gateway. Who is exposed, and how to fix it.
Miasma: The npm Worm That Poisoned Red Hat's Own Packages, and the Small-Business Dependency Playbook
An attacker poisoned 32 Red Hat npm packages that shipped with valid provenance signatures, then stole cloud credentials and spread like a worm. Who is affected, and how to respond.
Everest Forms Pro CVE-2026-3300: The Unauthenticated WordPress Takeover Hiding in Your Contact Form
A critical Everest Forms Pro flaw (CVE-2026-3300, CVSS 9.8) lets attackers run PHP and create rogue admins through a normal form submission. The fix, and how to check if you were hit.
The Unpatched Windows search: URI NTLM Leak, and Why Relay Attacks Are Still the Easiest Way Into a Domain
Microsoft will not patch a Windows search: URI flaw that leaks NTLMv2 hashes. How NTLM relay turns it into domain takeover, the tools pentesters use, and the fix.
Logging Without a SIEM: The Small-Business Detection Baseline
What to actually log when you cannot afford a SIEM: the Windows, Microsoft 365, and firewall events worth keeping, and the free tools to centralize them.
Anthropic's LLM ATT&CK Navigator and ARiES: A Year of AI-Enabled Attacks, Mapped
Anthropic mapped a year of AI-enabled attacks to MITRE ATT&CK and scored each actor with a new metric, ARiES. What the interactive Attack Navigator shows defenders.
AI-Orchestrated EDR Evasion: Sophos Finds a Claude-Driven Malware Lab, and the Small-Business Endpoint Playbook
Sophos found attackers wiring Claude Opus 4.5 agents into Cursor to mass-produce and test EDR-evasion payloads against Sophos, CrowdStrike, and Defender. Here is the small-business endpoint detection playbook.
Cisco SD-WAN CVE-2026-20182: A CVSS 10.0 Auth Bypass and the Small-Business MSP Playbook
CVE-2026-20182 is a CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN Controller and Manager - the box your MSP uses to push policy to every branch - and it is under active exploitation by UAT-8616 with no workaround. Find your exposure, confirm the patched build, and hunt for the persistence.
Netlogon CVE-2026-41089: A Pre-Auth Domain Controller RCE and the Small-Business Patch-Now Playbook
CVE-2026-41089 is a CVSS 9.8 pre-authentication buffer overflow in Windows Netlogon that hands an unauthenticated attacker SYSTEM-level code execution on a domain controller - and Belgium's national CERT says it is already being exploited. Inventory every DC, confirm the May 2026 patch landed, and contain Netlogon before the exploit gap closes.
ChatGPhish: When ChatGPT Summarizes a Booby-Trapped Page, the Page Is the Payload
Permiso Security disclosed ChatGPhish on May 29, 2026: ChatGPT's page-summary renderer trusts Markdown that rode in from the page it summarized, so any booby-trapped page can render attacker phishing buttons, QR pivots, and silent tracking pixels inside the trusted assistant UI. No email, no attachment - the link is rendered for the user by a tool they trust. This playbook covers the four-move SMB lockdown: inventory shadow AI, move to managed tenants, hunt the beacon in egress logs, and reset the trust assumption with staff.
Install Scripts Are the New Initial Access: A 500-Package npm and NuGet Wave, and the SMB Lockdown Playbook
Between May 27 and 29, 2026, researchers at Microsoft, SafeDep, and Socket catalogued more than 500 malicious npm and NuGet packages, and CISA added three "embedded malicious code" entries to the KEV catalog in a single day. Almost every campaign weaponized the same thing: the preinstall and postinstall lifecycle hooks that run a stranger's code with your cloud and CI/CD credentials in scope. This playbook covers the four-step SMB lockdown - disabling install scripts by default, shutting the dependency-confusion door, scoping CI tokens, and detecting the install-time callout.
PAN-OS GlobalProtect CVE-2026-0257: A Forged Cookie Walks Past VPN Login, and the SMB June 1 Playbook
A forged authentication-override cookie opens a GlobalProtect VPN session with no password, no MFA, and no brute force. CVE-2026-0257 has been exploited since May 17, and CISA set the federal fix deadline at June 1. Because the gpsvc binary decrypts the cookie but never verifies its integrity, any firewall that reuses one certificate for the HTTPS portal and the override feature lets an attacker pull the public key off the TLS handshake and forge a valid admin session. This playbook covers the five-minute exposure check from the firewall CLI, the fixed PAN-OS builds and the two vendor mitigations, and a log hunt for the forged-admin sessions Rapid7 already observed in two waves in the wild.
Trend Micro Apex One CVE-2026-34926: When Your Endpoint Protection Server Becomes the Attacker's Deployment Channel
On May 21, 2026, Trend Micro confirmed in-the-wild exploitation of CVE-2026-34926, a directory traversal in the on-premises Apex One management server, and CISA gave federal agencies until June 4 to patch. The bug lets an attacker who already has a foothold on the server "modify a key table to inject malicious code to deploy to agents" - the console you bought to protect every endpoint becomes the channel that pushes attacker code to every endpoint. Its CVSS reads 6.7 only because the math assumes the attacker already has server admin, which in a real intrusion is the objective, not the starting point. Affected on-prem Windows builds are everything below 14.0.0.17079; the SaaS build was patched by the vendor. The same bulletin fixed seven more agent privilege-escalation bugs, a complete foothold-to-fleet chain. This playbook covers the PowerShell build check that confirms exposure, a console-and-filesystem hunt for deployments and writes you cannot explain, and the three controls - management-plane segmentation, console-admin MFA treated like domain admin, and a KEV-driven patch SLA for security tooling - that shrink the blast radius before the next management-server bug lands.
BadHost (CVE-2026-48710): The Starlette Host-Header Bypass Hiding in Your FastAPI and AI Stack
A malformed HTTP Host header is enough to slip past path-based authentication in Starlette, the ASGI toolkit underneath FastAPI and a long list of LLM inference servers, agent frameworks, and MCP gateways. CVE-2026-48710 ("BadHost"), published May 26 and fixed in 1.0.1, makes request.url.path diverge from the routed path, so any middleware that authorizes on the URL can be bypassed. This playbook covers the one-line curl test that confirms exposure, how to inventory every transitive Starlette in your stack, the code change from request.url.path to the raw ASGI scope path, and a proxy detection for malformed Host headers.
Nx Console CVE-2026-48027: A Poisoned VS Code Extension, 3,800 Stolen Repos, and the SMB Developer-Secrets Playbook
On May 18, 2026, a trojanized Nx Console build (CVE-2026-48027) sat on the VS Code Marketplace for 18 minutes and drained developer secrets, including 1Password CLI sessions, Anthropic Claude Code config, GitHub, npm, AWS, and Vault tokens, by hiding its payload inside a fake MCP setup task. The same TeamPCP campaign behind last week's TanStack compromise turned one stolen maintainer token into roughly 6,000 activations and helped exfiltrate about 3,800 of GitHub's internal repositories. The SMB read: editor extensions run with full user privileges and nobody reviews them, so the laptop is your real supply chain. The playbook walks through the version check that confirms exposure, the IOC triage script (kitty/cat.py backdoor, __DAEMONIZED processes, the firedalazer C2 channel), the credential-rotation order that puts AI-agent keys first, and the three controls that would have stopped the chain: extension allow-listing, pnpm 10.16 minimum-release-age enforcement, and two-person OIDC publishing.
Verizon DBIR 2026: Vulnerability Exploitation Just Took the Crown, and the SMB Patch Window Is Already Lost
On May 20, 2026, Verizon shipped the 19th annual Data Breach Investigations Report and inverted a ranking that had held since the document existed. Vulnerability exploitation is now the top initial breach vector at 31%, ahead of credential abuse at 13%, across a dataset of 31,000 incidents and 22,000 confirmed breaches in 145 countries. The number underneath the flip is the operational one: median time-to-patch a public-facing critical vulnerability hit 43 days in 2025 (up from 32), against an AI-accelerated attacker median time-to-weaponize measured in hours. The KEV remediation-by-deadline rate fell from 38% to 26%. Third-party involvement in breaches jumped 60% year over year. Shadow AI tripled to 45% of employees, with 67% of corporate-device AI traffic running on non-corporate accounts that no DLP rule catches. The SMB read: a 14-day patch clock does not survive an hour-clock attacker, the second-Saturday maintenance window is now actively dangerous for anything internet-facing, and the 2027 DBIR will be written with the decisions made in the next 30 days. The post walks through the five numbers worth memorizing before the next budget review, the PowerShell and jq one-liners that turn the KEV JSON feed into automatic tickets against your inventory, the leadership-dashboard math that converts your last three remediations into the time-to-patch number the cyber-insurance carrier already has, the three-question MFA questionnaire for your top vendors, and the internal 72-hour SLA that gets you ahead of where CISA is publicly weighing taking the federal deadline.
LiteSpeed cPanel CVE-2026-48172: Any User to Root, and the SMB Hosting-Customer Playbook
On May 21, 2026, LiteSpeed Technologies published a security advisory confirming active exploitation of CVE-2026-48172, a CVSS 10.0 privilege escalation in the user-end cPanel plugin. Any authenticated cPanel user, including an attacker working through a compromised low-privilege account or a credential-stuffed login, can invoke lsws.redisAble through cPanel's JSON-API and execute arbitrary scripts as root on the underlying server. Vulnerable: user-end plugin v2.3 through v2.4.4. Patched: v2.4.7, bundled with WHM plugin v5.3.1.0. The WHM-side plugin is not affected. The Hacker News confirmed in-the-wild exploitation two days after the advisory. NVD published the CVE on May 20 with a 10.0 CVSS 4.0 score and a CWE-266 (Incorrect Privilege Assignment) tag. For an SMB whose marketing site, e-commerce storefront, or WordPress install runs on a cPanel plus LiteSpeed shared host, this is a vendor-risk and credential-rotation problem, not a "patch your server" problem. The patch lives with the hosting provider. The post walks through the technical primitive, a bash hunt script for the published IOC and post-compromise artifacts, the four questions to send your hosting provider tomorrow morning, and the standing controls (cPanel 2FA, port allow-listing, Cloudflare Access fronting) that break the credential-stuffing chain feeding "post-auth" bugs like this one.
Storm-2949 and the SSPR Front Door: The SMB Entra ID Hardening Playbook
On May 18, 2026, Microsoft Threat Intelligence disclosed Storm-2949, a financially motivated actor that turned Self-Service Password Reset into the front door of full Microsoft 365 and Azure compromise. No malware, no zero-day. The actor called the help desk impersonating a target user, walked the agent through the SSPR flow, got an MFA prompt approved through social pressure, reset the password, deleted the legitimate authentication methods, and re-enrolled Microsoft Authenticator on their own device. From there: bulk Microsoft Graph enumeration with a custom Python script, OneDrive and SharePoint bulk download of IT documentation and VPN configs, "dozens" of Azure Key Vault secrets pulled inside a four-minute window, ScreenConnect persistence via Azure VM Run Command and VMAccess extensions, and event log clearing. The whole chain ran on defaults that ship enabled in every Microsoft 365 tenant. SMB Entra ID hardening playbook: scope SSPR away from privileged roles, require two strong methods and pull SMS where workflow allows, gate MFA registration behind Conditional Access requiring a compliant device or trusted network, turn on PIM for every directory role, and enable Key Vault diagnostic logging today. Plus three KQL hunt queries for the SSPR reset-and-re-enroll pattern, bulk Graph reads from a single user session, and rapid-fire Key Vault secret pulls.
$175K to a Morse-Code Tweet: The Grok Heist and the SMB Agentic AI Excessive-Agency Playbook
On May 4, 2026, a Morse code tweet drained roughly $175,000 from a crypto wallet controlled by xAI's Grok. The attacker first transferred a Bankr Club Membership NFT to Grok's wallet to unlock an "Executive" role that removed transfer caps, then asked Grok to translate a Morse code reply. The decoded instruction told Bankrbot to send 3 billion DRB tokens to the attacker's address. The transaction settled in seconds, with no human-in-the-loop and no anomaly check. The OECD's AI Incidents catalog logged it as 2026-05-04-4a73. The technical lesson is OWASP LLM01 prompt injection through an encoded channel plus LLM06 excessive agency at the action layer. Replace the wallet with a CRM, billing system, or customer data lake and the chain reproduces — and it already does, inside every SMB that has stood up a Copilot agent, Agentforce flow, Power Automate AI Builder automation, Zapier AI step, or custom MCP server. Five-step SMB playbook: inventory every agent and its tool surface, strip unneeded tools at the definition layer, gate every irreversible action behind per-call human approval, treat decoded and fetched content as untrusted input, and log every tool call with a first-seen-target alert.
Mini Shai-Hulud Returns: TanStack, OIDC Theft, and the SMB Dev Pipeline Reset
On May 11, 2026, TeamPCP shipped malicious versions of 42 @tanstack/* npm packages, 84 artifacts in total, by chaining a pull_request_target Pwn Request, GitHub Actions cache poisoning, and OIDC token extraction from runner memory. Wiz and StepSecurity tracked the campaign as Mini Shai-Hulud, the third public branch of the Shai-Hulud worm family in nine months. Within 48 hours the compromise had spread to Mistral AI, UiPath, OpenSearch, and Guardrails AI packages, crossing 170 affected artifacts across npm and PyPI. The flagship victim @tanstack/react-router pulls roughly 12 million weekly downloads. The worm exfiltrates GitHub, npm, AWS, GCP, Kubernetes, and Vault credentials, then plants a gh-token-monitor launch agent or systemd unit that wipes the home directory if the stolen token is revoked. SMB dev pipeline playbook: lockfile hunt, IoC SHA-256 grep, do-not-revoke-before-imaging, full credential rotation, and the four CI workflow changes (pull_request_target repo-owner guard, SHA-pinned third-party actions, id-token: none on jobs that do not need OIDC, require-approval for first-time contributors) that would have stopped this exact attack.
Exchange CVE-2026-42897: The OWA Crafted-Email Zero-Day and the SMB Mitigation Playbook
Microsoft disclosed CVE-2026-42897 on May 14, an XSS in Outlook Web Access on Exchange Server 2016, 2019, and Subscription Edition that lets a single crafted email run attacker JavaScript inside an OWA session. CISA added it to KEV the next day with a federal deadline of May 29. By the week of May 18 outlets were running confirmed in-the-wild exploitation. There is no permanent patch; the only protection today is Microsoft's automatic EEMS URL-rewrite mitigation M2.1.x, which is on by default but routinely disabled across the SMB on-prem fleet. The playbook in this article: verify M2.1.x is actually applied with the Exchange Health Checker, force it manually with EOMT.ps1 where EEMS is off, hunt the eight-day open window for inbox-rule forwarding, OWA POST anomalies, and sent-as-victim activity, and have an answer ready for the Exchange 2013 and Subscription Edition migration conversations leadership will have this week.
Apple M5 Kernel Cracked in Five Days With Claude Mythos: The SMB Mac Hardening Playbook
Three researchers at Calif used Anthropic's Claude Mythos Preview to chain two macOS bugs into a working local privilege escalation on Apple M5 silicon, bypassing the brand-new Memory Integrity Enforcement (MIE) hardware mitigation. Bug discovery to root shell took six days. There is no CVE and no patch yet; the 55-page technical report is embargoed pending Apple's fix. Every Mac in your environment running macOS 26.4.1 on M5 sits in a window where a leak or parallel rediscovery turns into a fleet-wide LPE primitive. Five-step SMB Mac hardening playbook: inventory the fleet, enforce automatic updates via MDM, achieve EDR parity with the Windows side, write a kernel-CVE patch SLA, and re-segment privilege on the executives and senior engineers most likely to be targeted. AI-augmented vulnerability discovery just compressed the patching window by an order of magnitude. Mac fleets are part of the patching pipeline now whether the security team treats them that way or not.
Semantic Kernel's Prompt-to-Shell: CVE-2026-26030, CVE-2026-25592, and the SMB AI Agent Hardening Playbook
Microsoft disclosed two critical Semantic Kernel CVEs on May 7. CVE-2026-26030 (CVSS 9.9) is a Python InMemoryVectorStore eval() injection. CVE-2026-25592 (CVSS 9.9) is a .NET SessionsPythonPlugin arbitrary file write via a helper accidentally exposed as a KernelFunction. Both end the same way: a hostile prompt becomes a process on the host. Upgrade to Python 1.39.4 or .NET 1.71.0, then run the SMB hardening playbook - inventory every decorated function, register a Function Invocation Filter that allowlists file paths, and configure EDR to alert on agent-process child spawning and Startup-folder writes. The tool registry is your attack surface; treat it like a sudoers file.
MuddyWater's Chaos False Flag: The Microsoft Teams MFA-Bypass IR Playbook for SMBs
Rapid7 attributed an intrusion that looked like Chaos ransomware to MuddyWater, the Iran-linked APT. The kill chain: external Microsoft Teams chat from a burned tenant, interactive screen-share, user typing credentials into credentials.txt, user adding the attacker's MFA device, DWAgent and AnyDesk persistence, ms_upd.exe pulling Game.exe (a WebView2-masquerading RAT), data exfiltration, no encryption. The Chaos branding was theater. Every step relied on Microsoft 365 defaults SMBs leave on: external Teams chat, end-user MFA self-registration, unrestricted RMM tooling. Here is the IR playbook: KQL hunts for external Teams chats and Entra MFA method adds, EDR indicators for the Rapid7 hashes and the RMM binaries, and five hardening steps (external-access lockdown, Conditional Access on MFA registration, RMM allowlisting, Quick Assist removal, verbal-callback help-desk policy) that close the door at five different layers.
YellowKey: The Unpatched BitLocker Bypass in Windows Recovery and the SMB Lost-Laptop Playbook
Researcher Nightmare-Eclipse published a working BitLocker bypass via Windows Recovery Environment on May 12 -- no CVE, no patch, two minutes with a USB drive. Here is the TPM+PIN enforcement and WinRE hardening playbook for SMBs running Windows 11 on default configuration.
From 14 Days to 72 Hours: CISA's KEV Deadline Squeeze and the SMB Patch Playbook for May 2026
CISA is weighing a 72-hour KEV remediation deadline, down from 14 days, because AI-accelerated exploitation has outrun the old clock. The April 20 and April 24 batches put 12 actively exploited CVEs on the catalog, hitting SimpleHelp (CVSS 9.9), Quest KACE (CVSS 10.0), JetBrains TeamCity, PaperCut NG/MF, Kentico Xperience, Zimbra, Samsung MagicINFO, D-Link DIR-823X, and three Cisco Catalyst SD-WAN Manager flaws. Federal deadlines: April 23, May 4, May 25. None of this is legally binding on SMBs, but the pressure flows downstream through contractor agreements, MSP contracts, and insurance carriers. This is the SMB playbook: automated KEV ingestion via PowerShell or curl + jq, inventory mapping to CISA product strings, triage by exposure not CVSS, compromise checks before patching (SimpleHelp API keys, TeamCity config exports, PaperCut admin user list, Quest KACE admin logins), and a leadership-visible monthly tile that reads zero or has an owner.
The Bitwarden CLI Supply Chain Hijack: 90 Minutes, Shai-Hulud's Third Coming, and the SMB Dev Pipeline Playbook
For 90 minutes on April 22, 2026, the official @bitwarden/cli npm package was a credential stealer. The Shai-Hulud worm fetched the Bun runtime to bypass Node-based EDR, harvested AWS, Azure, GCP, GitHub, npm, SSH, and AI-tooling credentials (MCP server configs, Cursor and Claude tokens), and exfiltrated loot through public GitHub repos labeled "Shai-Hulud: The Third Coming." Bitwarden's vault and production systems were untouched - the build pipeline was the entire failure. Here is the 30-minute SMB triage (hunt the malicious version, hunt the public-repo IOC, rotate burned secrets) and the longer-form playbook: pinned installs with integrity hashes, a 48-hour registry cooldown, sandboxed preinstall hooks, short-lived scoped credentials, egress allowlisting on build runners, and recurring exfil-pattern monitoring with free tooling.
One Phone Call to 5.5 Million Records: The ADT Vishing Breach and the SSO Blast-Radius Problem SMBs Share
ShinyHunters called an ADT employee, impersonated IT, walked away with an Okta SSO account, pivoted into Salesforce, and exfiltrated 11 GB of customer data covering roughly 5.5 million accounts. No exploits, no malware, no zero-day. The exact same call script works against a 200-person SMB with the same SSO-in-front-of-SaaS topology. Here is what the attackers actually did, why standard MFA did not stop them (they reset it, they did not bypass it), and a five-step hardening playbook: vishing-resistant help-desk verification, phishing-resistant MFA on the accounts that matter, OAuth and session hunting in Okta/Entra/Salesforce, scoped SSO blast radius, and a quarterly vishing drill against your own help desk.
The Mexico AI Breach: What 195M Records Lost to Claude and ChatGPT Mean for SMB Defenders
One operator, two consumer AI subscriptions, six weeks, nine Mexican government agencies, and roughly 195 million taxpayer records exfiltrated. Gambit Security recovered 1,088 operator prompts that generated 5,317 AI-executed commands, 400+ custom attack scripts, and a 17,550-line Python tool that piped server telemetry through OpenAI to auto-write 2,597 intelligence reports. The point for SMB defenders is not the target. It is the labor cost: campaigns that previously required a six-person team now collapse into one person plus an API key. Here is the five-step detection and hardening playbook: AI egress visibility, endpoint AI inventory, behavioral baselines on admins, edge and identity hardening, and an AI-use policy your security stack can actually enforce.
BlueHammer, RedSun, UnDefend: The Defender Zero-Day Cluster SMB Hardening Guide
Three Windows Defender local-privilege-escalation exploits dropped in 13 days. BlueHammer (CVE-2026-33825) is patched and on CISA's KEV list; RedSun and UnDefend remain unpatched. Huntress observed all three abused in the wild during the BeigeBurrow tunneling-agent campaign, and the public BlueHammer PoC sits two commented lines away from full SAM, SYSTEM, and SECURITY credential extraction. Here is the five-step hardening playbook: verify the April cumulative and signature freshness, enforce Tamper Protection and the Secure Score Defender items, stage ASR rules from Audit to Block, deploy KQL detection rules for junction abuse and post-remediation writes to System32, and wire Defender health into your alert pipeline.
Adaptavist via TheGentlemen: The Atlassian Marketplace SMB Playbook
TheGentlemen RaaS claims a complete infrastructure compromise at Adaptavist, the platinum Atlassian partner behind ScriptRunner: source code, 484,220 HubSpot CRM records, 3+ TB of Nexus secrets and Helm charts, Kubernetes config, OAuth credentials, a Snowflake warehouse, 100 GB of Confluence. Most coverage is about the Fortune 500 names on the customer list. The real exposure surface is every SMB on Jira or Confluence running any Marketplace add-on. Here is the four-step playbook: inventory connected apps and scopes, rotate sharedSecrets and 3LO grants, audit 70 days of admin and ScriptRunner activity, and set the durable Marketplace posture.
Vercel via Context.ai: The AI OAuth Supply Chain Playbook for SMBs
A Lumma Stealer infostealer landed on a Context.ai engineer's laptop, harvested an "Allow All" Google Workspace OAuth refresh token, and two months later that token was used to read mail and Drive for Vercel and dozens of other enterprises. The compromised Client ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com makes this a hands-on IOC, not a theoretical risk. Here is the four-step audit covering OAuth grant inventory, scope cleanup, third-party app posture management, and durable AI-vendor due diligence that every SMB Workspace and Microsoft 365 tenant can run this week.
PAN-OS CVE-2026-0300 Captive Portal RCE: The Pre-Patch SMB Playbook
225,000 internet-facing PAN-OS firewalls are exposed to a CVSS 9.3 unauthenticated root RCE in the Captive Portal, with state-sponsored cluster CL-STA-1132 already exploiting it and patches not arriving until May 13 to May 28. Here is the five-step pre-patch playbook covering exposure check, Palo Alto's two workarounds, the prior-compromise hunt against firewall traffic and threat logs, the patch train timing, and the durable edge-management posture changes that pay off across every future PAN-OS advisory.
Canvas/Instructure Breach: 275M Records and the SaaS Vendor Concentration Lesson
ShinyHunters stole 3.65 terabytes from Canvas affecting 9,000 schools and 275 million users, with a May 12 ransom deadline mid-finals week. The real story is not Canvas. It is what every SMB should do about the SaaS vendor that sits in the middle of their operation. Here is the four-layer playbook covering vendor inventory, API key rotation drills, SSO hardening against ShinyHunters tradecraft, and SaaS-to-SaaS boundary monitoring.
Entra Agent ID Administrator: When an AI Role Owns the Whole Tenant
Microsoft's Agent ID Administrator role let any holder take over arbitrary service principals, and the takeover primitive worked across 99 percent of tenants. Microsoft patched it server-side on April 9, but the audit window for whether anyone walked through the door first did not. Here is the 60-day Sentinel KQL hunt, the privileged service principal inventory commands, and the architecture lesson about ownership as a takeover path.
Copy Fail (CVE-2026-31431): A 732-Byte Python Script Roots Linux
Deterministic Linux kernel local privilege escalation that fires on the first try across every distro shipped since 2017, and acts as a container escape on Kubernetes nodes. CISA added it to KEV one day after disclosure. Here is the patch sequence, the algif_aead mitigation, and the auditd/Falco detection rules you can deploy this week.
cPanel CVE-2026-41940: A CRLF Injection That Owns 1.5 Million Hosts
CVSS 9.8 pre-auth root on cPanel and WHM, exploited as a zero-day for two months before the patch. 70 million domains affected, 1.5 million internet-exposed instances, and MSPs are the soft target. Here is the patch sequence, the IOC hunt, and the architectural lesson about internet-exposed admin panels.
LiteLLM CVE-2026-42208: When the AI Gateway Becomes the Cloud Account
Pre-auth SQL injection in LiteLLM (CVSS 9.3) was exploited within 36 hours of disclosure. The proxy stores OpenAI, Anthropic, and AWS Bedrock credentials in one row. The blast radius is closer to a cloud-account compromise than a typical web SQLi. Inventory, patch, rotate, and stop letting AI tooling become the new shadow IT.
CVE-2026-32202: APT28's Zero-Click NTLM Theft Through an Incomplete Patch
CISA gave federal agencies until May 12 to patch CVE-2026-32202, a Windows Shell flaw exploited zero-click by APT28 to steal NTLMv2 hashes. The CVSS 4.3 score badly understates the risk: a malicious .library-ms file dropped in any browsed folder triggers outbound SMB to attacker infrastructure. Here is the SMB-grade hardening playbook.
CVE-2026-3854: One git push Owns GitHub Enterprise Server. 88% Still Unpatched.
A single git push command achieves arbitrary code execution on GitHub Enterprise Server. Wiz disclosed it April 28. CVSS 8.7. Eighty-eight percent of GHES instances are still vulnerable. Here is the SMB playbook to verify your version, audit push access, and close the trust boundary.
Comment and Control: One Prompt Injection Hits Claude Code, Gemini CLI, and Copilot
A single prompt injection broke three of the most widely deployed AI coding agents using nothing more than a PR title or a hidden HTML comment. CVSS 9.4. Zero CVEs. Here is the SMB playbook to audit your CI secrets and rotate before the next pull request.
SimpleHelp + DragonForce: When Your MSP's Remote Tool Becomes the Ransomware Vector
CISA added two SimpleHelp CVEs to KEV on April 24. DragonForce ransomware has been weaponizing the chain against MSP customers. Here is the practical SMB playbook — including the five questions to ask your MSP — for the May 4 deadline.
Deepfake Executive Impersonation: The SMB Verification Playbook for 2026
Voice cloning takes three seconds. Vishing surged 442%. Here is the practical four-control playbook SMBs need before their finance team gets the next deepfake CFO call — with a 30-day rollout plan.
Apache ActiveMQ CVE-2026-34197: The 13-Year-Old Jolokia RCE Hiding in Your Middleware
A CVSS 8.8 RCE chained through Jolokia and Spring XML sat in ActiveMQ for 13 years. Here is how the exploit works, how to detect it, and how to patch before April 30.
Inside the Axios Supply Chain Attack: How North Korea Weaponized npm Against 100 Million Developers
A North Korean state actor compromised the most-used npm HTTP library. How the attack worked and how to harden your pipeline.
Securing MCP Servers: The Attack Surface Nobody Is Auditing in Your AI Agent Stack
MCP connects your AI agents to everything. Five attack layers, a real CVE, and the hardening checklist your team needs.
BlueHammer, RedSun, UnDefend: Three Windows Defender Zero-Days and How to Protect Your Endpoints
Three zero-day exploits targeting Windows Defender dropped in 13 days. How they work and what to do about it.
AI Packet Analyzer: Open-Source Network Forensics That Replaces Hours of Wireshark Work
We built an open-source CLI tool that analyzes pcap files using heuristic AI and optional LLM integration. It runs 20+ automated checks for connectivity troubleshooting and security auditing — delivering severity-ranked findings in seconds, not hours.
How Claude Code + SIFT Workstation Cuts Incident Response from Hours to Minutes
Rob T. Lee demonstrated at [un]prompted 2026 how Protocol SIFT reduces full forensic investigations from a full day to 14 minutes. Your adversary has an AI. You have tab-completion. Here is what to do about it.
AI Agents in the SOC: Automating Repetitive Security Operations Without Losing Control
Your SOC analysts spend 70% of their time on repetitive tasks that an AI agent could handle. Here is how to deploy LLM-powered automation for alert triage, IOC enrichment, and playbook execution — with the guardrails that keep humans in control.
Building an Autonomous AI Agent for Compliance Control Testing: A Practical Guide
Manual control testing is expensive, slow, and error-prone. Here is how to build an LLM-powered agent that queries your cloud APIs, validates security controls, and generates audit-ready findings — with architecture, code, and guardrails.
Building a High-Fidelity Detection Library in Splunk: From Noisy Alerts to Actionable Intelligence
Risk-Based Alerting, detection-as-code, and correlation searches that actually catch threats. A deep guide to building a Splunk detection library that your SOC can trust.
Splunk on a Budget: How to Cut Log Volume by 60% Without Losing Visibility
Splunk licensing costs are killing your budget. Here is how to use transforms.conf, props.conf, and smart data architecture to slash ingestion volume while keeping the data that actually matters for detection.
Hybrid Identity Under Attack: Securing the Bridge Between On-Prem AD and Entra ID
Entra Connect is the most privileged service account in your environment and the most overlooked. Here is how attackers exploit hybrid identity infrastructure and how to harden it.
Hunting for Threats in Entra ID: Sign-In Logs, Audit Logs, and What They Actually Tell You
Seven ready-to-use KQL queries for hunting token theft, AiTM phishing, privilege escalation, and OAuth abuse in your Entra ID environment using Microsoft Sentinel.
Entra ID Security Hardening: 15 Settings Every Tenant Should Lock Down Today
PIM, app registrations, consent permissions, cross-tenant access, and 11 more tenant-level settings that most organizations leave at their insecure defaults. Portal paths and PowerShell for each.
Securing Active Directory Certificate Services: The Attack Surface Nobody Audits
AD CS is deployed in nearly every enterprise and almost never audited. ESC1 through ESC8, Golden Certificates, and the hardening steps that actually matter.
How to Attack-Test Your Own Domain Controllers Before an Adversary Does
PingCastle, Purple Knight, BloodHound CE, and Testimo — a purple team self-assessment toolkit for validating your AD security posture before the next pen test or real attacker finds the gaps.
Hardening Domain Controllers: The 10-Point Checklist Most Companies Skip
Tiered admin model, LSA Protection, Credential Guard, LDAP signing, KRBTGT rotation, and 5 more DC-specific hardening steps with the PowerShell commands to implement each one.
Your Company Just Got Hit with Ransomware: A 48-Hour Survival Playbook for SMBs
Recovery costs average $1.53 million. Downtime averages 24 days. 60% of small businesses that suffer a ransomware attack close within 6 months. Here is the hour-by-hour incident response playbook that determines whether your company survives.
MFA Is Not Enough: How Attackers Bypass Multi-Factor Authentication and What to Do About It
AiTM phishing attacks surged 146% in one year. Traditional MFA protects the login moment but not the session that follows. Here are the five bypass techniques we see in real engagements and a phased deployment roadmap for phishing-resistant authentication.
5 Active Directory Misconfigurations We See in Every Engagement
After hundreds of assessments, the same identity-based attack vectors keep showing up. Here are the five AD misconfigurations that put your entire organization at risk — and how to fix them before an attacker does.
What Fortune 500 Security Teams Actually Look for in Vendor Products
We've been on the buyer side for 20+ years. Here's what actually gets your product through enterprise security review — and what gets it rejected before anyone even reads your pitch deck.
How to Reduce SIEM Alert Noise by 80%
Your SOC doesn't have a staffing problem — it has a signal-to-noise problem. Here's our framework for auditing detection rules, eliminating false positives, and restructuring your alert pipeline.
Why Your Penetration Test Report Is Useless (And What to Ask For Instead)
Most pen test reports are 100-page PDFs that nobody reads. We break down what a useful offensive security engagement actually delivers — and the questions you should be asking before you sign the SOW.
Azure AD Conditional Access Policies Most Companies Get Wrong
Conditional Access is one of the most powerful security controls in the Microsoft ecosystem — and one of the most misconfigured. Here are the policy gaps we find in nearly every Entra ID environment we assess.
