From the field
Practical cybersecurity guidance drawn from real-world engagements. No theory. No marketing fluff. Just the things we wish someone had told us 20 years ago.
Apple M5 Kernel Cracked in Five Days With Claude Mythos: The SMB Mac Hardening Playbook
Three researchers at Calif used Anthropic's Claude Mythos Preview to chain two macOS bugs into a working local privilege escalation on Apple M5 silicon, bypassing the brand-new Memory Integrity Enforcement (MIE) hardware mitigation. Bug discovery to root shell took six days. There is no CVE and no patch yet; the 55-page technical report is embargoed pending Apple's fix. Every Mac in your environment running macOS 26.4.1 on M5 sits in a window where a leak or parallel rediscovery turns into a fleet-wide LPE primitive. Five-step SMB Mac hardening playbook: inventory the fleet, enforce automatic updates via MDM, achieve EDR parity with the Windows side, write a kernel-CVE patch SLA, and re-segment privilege on the executives and senior engineers most likely to be targeted. AI-augmented vulnerability discovery just compressed the patching window by an order of magnitude. Mac fleets are part of the patching pipeline now whether the security team treats them that way or not.
Semantic Kernel's Prompt-to-Shell: CVE-2026-26030, CVE-2026-25592, and the SMB AI Agent Hardening Playbook
Microsoft disclosed two critical Semantic Kernel CVEs on May 7. CVE-2026-26030 (CVSS 9.9) is a Python InMemoryVectorStore eval() injection. CVE-2026-25592 (CVSS 9.9) is a .NET SessionsPythonPlugin arbitrary file write via a helper accidentally exposed as a KernelFunction. Both end the same way: a hostile prompt becomes a process on the host. Upgrade to Python 1.39.4 or .NET 1.71.0, then run the SMB hardening playbook - inventory every decorated function, register a Function Invocation Filter that allowlists file paths, and configure EDR to alert on agent-process child spawning and Startup-folder writes. The tool registry is your attack surface; treat it like a sudoers file.
MuddyWater's Chaos False Flag: The Microsoft Teams MFA-Bypass IR Playbook for SMBs
Rapid7 attributed an intrusion that looked like Chaos ransomware to MuddyWater, the Iran-linked APT. The kill chain: external Microsoft Teams chat from a burned tenant, interactive screen-share, user typing credentials into credentials.txt, user adding the attacker's MFA device, DWAgent and AnyDesk persistence, ms_upd.exe pulling Game.exe (a WebView2-masquerading RAT), data exfiltration, no encryption. The Chaos branding was theater. Every step relied on Microsoft 365 defaults SMBs leave on: external Teams chat, end-user MFA self-registration, unrestricted RMM tooling. Here is the IR playbook: KQL hunts for external Teams chats and Entra MFA method adds, EDR indicators for the Rapid7 hashes and the RMM binaries, and five hardening steps (external-access lockdown, Conditional Access on MFA registration, RMM allowlisting, Quick Assist removal, verbal-callback help-desk policy) that close the door at five different layers.
YellowKey: The Unpatched BitLocker Bypass in Windows Recovery and the SMB Lost-Laptop Playbook
Researcher Nightmare-Eclipse published a working BitLocker bypass via Windows Recovery Environment on May 12 -- no CVE, no patch, two minutes with a USB drive. Here is the TPM+PIN enforcement and WinRE hardening playbook for SMBs running Windows 11 on default configuration.
From 14 Days to 72 Hours: CISA's KEV Deadline Squeeze and the SMB Patch Playbook for May 2026
CISA is weighing a 72-hour KEV remediation deadline, down from 14 days, because AI-accelerated exploitation has outrun the old clock. The April 20 and April 24 batches put 12 actively exploited CVEs on the catalog, hitting SimpleHelp (CVSS 9.9), Quest KACE (CVSS 10.0), JetBrains TeamCity, PaperCut NG/MF, Kentico Xperience, Zimbra, Samsung MagicINFO, D-Link DIR-823X, and three Cisco Catalyst SD-WAN Manager flaws. Federal deadlines: April 23, May 4, May 25. None of this is legally binding on SMBs, but the pressure flows downstream through contractor agreements, MSP contracts, and insurance carriers. This is the SMB playbook: automated KEV ingestion via PowerShell or curl + jq, inventory mapping to CISA product strings, triage by exposure not CVSS, compromise checks before patching (SimpleHelp API keys, TeamCity config exports, PaperCut admin user list, Quest KACE admin logins), and a leadership-visible monthly tile that reads zero or has an owner.
The Bitwarden CLI Supply Chain Hijack: 90 Minutes, Shai-Hulud's Third Coming, and the SMB Dev Pipeline Playbook
For 90 minutes on April 22, 2026, the official @bitwarden/cli npm package was a credential stealer. The Shai-Hulud worm fetched the Bun runtime to bypass Node-based EDR, harvested AWS, Azure, GCP, GitHub, npm, SSH, and AI-tooling credentials (MCP server configs, Cursor and Claude tokens), and exfiltrated loot through public GitHub repos labeled "Shai-Hulud: The Third Coming." Bitwarden's vault and production systems were untouched - the build pipeline was the entire failure. Here is the 30-minute SMB triage (hunt the malicious version, hunt the public-repo IOC, rotate burned secrets) and the longer-form playbook: pinned installs with integrity hashes, a 48-hour registry cooldown, sandboxed preinstall hooks, short-lived scoped credentials, egress allowlisting on build runners, and recurring exfil-pattern monitoring with free tooling.
One Phone Call to 5.5 Million Records: The ADT Vishing Breach and the SSO Blast-Radius Problem SMBs Share
ShinyHunters called an ADT employee, impersonated IT, walked away with an Okta SSO account, pivoted into Salesforce, and exfiltrated 11 GB of customer data covering roughly 5.5 million accounts. No exploits, no malware, no zero-day. The exact same call script works against a 200-person SMB with the same SSO-in-front-of-SaaS topology. Here is what the attackers actually did, why standard MFA did not stop them (they reset it, they did not bypass it), and a five-step hardening playbook: vishing-resistant help-desk verification, phishing-resistant MFA on the accounts that matter, OAuth and session hunting in Okta/Entra/Salesforce, scoped SSO blast radius, and a quarterly vishing drill against your own help desk.
The Mexico AI Breach: What 195M Records Lost to Claude and ChatGPT Mean for SMB Defenders
One operator, two consumer AI subscriptions, six weeks, nine Mexican government agencies, and roughly 195 million taxpayer records exfiltrated. Gambit Security recovered 1,088 operator prompts that generated 5,317 AI-executed commands, 400+ custom attack scripts, and a 17,550-line Python tool that piped server telemetry through OpenAI to auto-write 2,597 intelligence reports. The point for SMB defenders is not the target. It is the labor cost: campaigns that previously required a six-person team now collapse into one person plus an API key. Here is the five-step detection and hardening playbook: AI egress visibility, endpoint AI inventory, behavioral baselines on admins, edge and identity hardening, and an AI-use policy your security stack can actually enforce.
BlueHammer, RedSun, UnDefend: The Defender Zero-Day Cluster SMB Hardening Guide
Three Windows Defender local-privilege-escalation exploits dropped in 13 days. BlueHammer (CVE-2026-33825) is patched and on CISA's KEV list; RedSun and UnDefend remain unpatched. Huntress observed all three abused in the wild during the BeigeBurrow tunneling-agent campaign, and the public BlueHammer PoC sits two commented lines away from full SAM, SYSTEM, and SECURITY credential extraction. Here is the five-step hardening playbook: verify the April cumulative and signature freshness, enforce Tamper Protection and the Secure Score Defender items, stage ASR rules from Audit to Block, deploy KQL detection rules for junction abuse and post-remediation writes to System32, and wire Defender health into your alert pipeline.
Adaptavist via TheGentlemen: The Atlassian Marketplace SMB Playbook
TheGentlemen RaaS claims a complete infrastructure compromise at Adaptavist, the platinum Atlassian partner behind ScriptRunner: source code, 484,220 HubSpot CRM records, 3+ TB of Nexus secrets and Helm charts, Kubernetes config, OAuth credentials, a Snowflake warehouse, 100 GB of Confluence. Most coverage is about the Fortune 500 names on the customer list. The real exposure surface is every SMB on Jira or Confluence running any Marketplace add-on. Here is the four-step playbook: inventory connected apps and scopes, rotate sharedSecrets and 3LO grants, audit 70 days of admin and ScriptRunner activity, and set the durable Marketplace posture.
Vercel via Context.ai: The AI OAuth Supply Chain Playbook for SMBs
A Lumma Stealer infostealer landed on a Context.ai engineer's laptop, harvested an "Allow All" Google Workspace OAuth refresh token, and two months later that token was used to read mail and Drive for Vercel and dozens of other enterprises. The compromised Client ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com makes this a hands-on IOC, not a theoretical risk. Here is the four-step audit covering OAuth grant inventory, scope cleanup, third-party app posture management, and durable AI-vendor due diligence that every SMB Workspace and Microsoft 365 tenant can run this week.
PAN-OS CVE-2026-0300 Captive Portal RCE: The Pre-Patch SMB Playbook
225,000 internet-facing PAN-OS firewalls are exposed to a CVSS 9.3 unauthenticated root RCE in the Captive Portal, with state-sponsored cluster CL-STA-1132 already exploiting it and patches not arriving until May 13 to May 28. Here is the five-step pre-patch playbook covering exposure check, Palo Alto's two workarounds, the prior-compromise hunt against firewall traffic and threat logs, the patch train timing, and the durable edge-management posture changes that pay off across every future PAN-OS advisory.
Canvas/Instructure Breach: 275M Records and the SaaS Vendor Concentration Lesson
ShinyHunters stole 3.65 terabytes from Canvas affecting 9,000 schools and 275 million users, with a May 12 ransom deadline mid-finals week. The real story is not Canvas. It is what every SMB should do about the SaaS vendor that sits in the middle of their operation. Here is the four-layer playbook covering vendor inventory, API key rotation drills, SSO hardening against ShinyHunters tradecraft, and SaaS-to-SaaS boundary monitoring.
Entra Agent ID Administrator: When an AI Role Owns the Whole Tenant
Microsoft's Agent ID Administrator role let any holder take over arbitrary service principals, and the takeover primitive worked across 99 percent of tenants. Microsoft patched it server-side on April 9, but the audit window for whether anyone walked through the door first did not. Here is the 60-day Sentinel KQL hunt, the privileged service principal inventory commands, and the architecture lesson about ownership as a takeover path.
Copy Fail (CVE-2026-31431): A 732-Byte Python Script Roots Linux
Deterministic Linux kernel local privilege escalation that fires on the first try across every distro shipped since 2017, and acts as a container escape on Kubernetes nodes. CISA added it to KEV one day after disclosure. Here is the patch sequence, the algif_aead mitigation, and the auditd/Falco detection rules you can deploy this week.
cPanel CVE-2026-41940: A CRLF Injection That Owns 1.5 Million Hosts
CVSS 9.8 pre-auth root on cPanel and WHM, exploited as a zero-day for two months before the patch. 70 million domains affected, 1.5 million internet-exposed instances, and MSPs are the soft target. Here is the patch sequence, the IOC hunt, and the architectural lesson about internet-exposed admin panels.
LiteLLM CVE-2026-42208: When the AI Gateway Becomes the Cloud Account
Pre-auth SQL injection in LiteLLM (CVSS 9.3) was exploited within 36 hours of disclosure. The proxy stores OpenAI, Anthropic, and AWS Bedrock credentials in one row. The blast radius is closer to a cloud-account compromise than a typical web SQLi. Inventory, patch, rotate, and stop letting AI tooling become the new shadow IT.
CVE-2026-32202: APT28's Zero-Click NTLM Theft Through an Incomplete Patch
CISA gave federal agencies until May 12 to patch CVE-2026-32202, a Windows Shell flaw exploited zero-click by APT28 to steal NTLMv2 hashes. The CVSS 4.3 score badly understates the risk: a malicious .library-ms file dropped in any browsed folder triggers outbound SMB to attacker infrastructure. Here is the SMB-grade hardening playbook.
CVE-2026-3854: One git push Owns GitHub Enterprise Server. 88% Still Unpatched.
A single git push command achieves arbitrary code execution on GitHub Enterprise Server. Wiz disclosed it April 28. CVSS 8.7. Eighty-eight percent of GHES instances are still vulnerable. Here is the SMB playbook to verify your version, audit push access, and close the trust boundary.
Comment and Control: One Prompt Injection Hits Claude Code, Gemini CLI, and Copilot
A single prompt injection broke three of the most widely deployed AI coding agents using nothing more than a PR title or a hidden HTML comment. CVSS 9.4. Zero CVEs. Here is the SMB playbook to audit your CI secrets and rotate before the next pull request.
SimpleHelp + DragonForce: When Your MSP's Remote Tool Becomes the Ransomware Vector
CISA added two SimpleHelp CVEs to KEV on April 24. DragonForce ransomware has been weaponizing the chain against MSP customers. Here is the practical SMB playbook — including the five questions to ask your MSP — for the May 4 deadline.
Deepfake Executive Impersonation: The SMB Verification Playbook for 2026
Voice cloning takes three seconds. Vishing surged 442%. Here is the practical four-control playbook SMBs need before their finance team gets the next deepfake CFO call — with a 30-day rollout plan.
Apache ActiveMQ CVE-2026-34197: The 13-Year-Old Jolokia RCE Hiding in Your Middleware
A CVSS 8.8 RCE chained through Jolokia and Spring XML sat in ActiveMQ for 13 years. Here is how the exploit works, how to detect it, and how to patch before April 30.
Inside the Axios Supply Chain Attack: How North Korea Weaponized npm Against 100 Million Developers
A North Korean state actor compromised the most-used npm HTTP library. How the attack worked and how to harden your pipeline.
Securing MCP Servers: The Attack Surface Nobody Is Auditing in Your AI Agent Stack
MCP connects your AI agents to everything. Five attack layers, a real CVE, and the hardening checklist your team needs.
BlueHammer, RedSun, UnDefend: Three Windows Defender Zero-Days and How to Protect Your Endpoints
Three zero-day exploits targeting Windows Defender dropped in 13 days. How they work and what to do about it.
AI Packet Analyzer: Open-Source Network Forensics That Replaces Hours of Wireshark Work
We built an open-source CLI tool that analyzes pcap files using heuristic AI and optional LLM integration. It runs 20+ automated checks for connectivity troubleshooting and security auditing — delivering severity-ranked findings in seconds, not hours.
How Claude Code + SIFT Workstation Cuts Incident Response from Hours to Minutes
Rob T. Lee demonstrated at [un]prompted 2026 how Protocol SIFT reduces full forensic investigations from a full day to 14 minutes. Your adversary has an AI. You have tab-completion. Here is what to do about it.
AI Agents in the SOC: Automating Repetitive Security Operations Without Losing Control
Your SOC analysts spend 70% of their time on repetitive tasks that an AI agent could handle. Here is how to deploy LLM-powered automation for alert triage, IOC enrichment, and playbook execution — with the guardrails that keep humans in control.
Building an Autonomous AI Agent for Compliance Control Testing: A Practical Guide
Manual control testing is expensive, slow, and error-prone. Here is how to build an LLM-powered agent that queries your cloud APIs, validates security controls, and generates audit-ready findings — with architecture, code, and guardrails.
Building a High-Fidelity Detection Library in Splunk: From Noisy Alerts to Actionable Intelligence
Risk-Based Alerting, detection-as-code, and correlation searches that actually catch threats. A deep guide to building a Splunk detection library that your SOC can trust.
Splunk on a Budget: How to Cut Log Volume by 60% Without Losing Visibility
Splunk licensing costs are killing your budget. Here is how to use transforms.conf, props.conf, and smart data architecture to slash ingestion volume while keeping the data that actually matters for detection.
Hybrid Identity Under Attack: Securing the Bridge Between On-Prem AD and Entra ID
Entra Connect is the most privileged service account in your environment and the most overlooked. Here is how attackers exploit hybrid identity infrastructure and how to harden it.
Hunting for Threats in Entra ID: Sign-In Logs, Audit Logs, and What They Actually Tell You
Seven ready-to-use KQL queries for hunting token theft, AiTM phishing, privilege escalation, and OAuth abuse in your Entra ID environment using Microsoft Sentinel.
Entra ID Security Hardening: 15 Settings Every Tenant Should Lock Down Today
PIM, app registrations, consent permissions, cross-tenant access, and 11 more tenant-level settings that most organizations leave at their insecure defaults. Portal paths and PowerShell for each.
Securing Active Directory Certificate Services: The Attack Surface Nobody Audits
AD CS is deployed in nearly every enterprise and almost never audited. ESC1 through ESC8, Golden Certificates, and the hardening steps that actually matter.
How to Attack-Test Your Own Domain Controllers Before an Adversary Does
PingCastle, Purple Knight, BloodHound CE, and Testimo — a purple team self-assessment toolkit for validating your AD security posture before the next pen test or real attacker finds the gaps.
Hardening Domain Controllers: The 10-Point Checklist Most Companies Skip
Tiered admin model, LSA Protection, Credential Guard, LDAP signing, KRBTGT rotation, and 5 more DC-specific hardening steps with the PowerShell commands to implement each one.
Your Company Just Got Hit with Ransomware: A 48-Hour Survival Playbook for SMBs
Recovery costs average $1.53 million. Downtime averages 24 days. 60% of small businesses that suffer a ransomware attack close within 6 months. Here is the hour-by-hour incident response playbook that determines whether your company survives.
MFA Is Not Enough: How Attackers Bypass Multi-Factor Authentication and What to Do About It
AiTM phishing attacks surged 146% in one year. Traditional MFA protects the login moment but not the session that follows. Here are the five bypass techniques we see in real engagements and a phased deployment roadmap for phishing-resistant authentication.
5 Active Directory Misconfigurations We See in Every Engagement
After hundreds of assessments, the same identity-based attack vectors keep showing up. Here are the five AD misconfigurations that put your entire organization at risk — and how to fix them before an attacker does.
What Fortune 500 Security Teams Actually Look for in Vendor Products
We've been on the buyer side for 20+ years. Here's what actually gets your product through enterprise security review — and what gets it rejected before anyone even reads your pitch deck.
How to Reduce SIEM Alert Noise by 80%
Your SOC doesn't have a staffing problem — it has a signal-to-noise problem. Here's our framework for auditing detection rules, eliminating false positives, and restructuring your alert pipeline.
Why Your Penetration Test Report Is Useless (And What to Ask For Instead)
Most pen test reports are 100-page PDFs that nobody reads. We break down what a useful offensive security engagement actually delivers — and the questions you should be asking before you sign the SOW.
Azure AD Conditional Access Policies Most Companies Get Wrong
Conditional Access is one of the most powerful security controls in the Microsoft ecosystem — and one of the most misconfigured. Here are the policy gaps we find in nearly every Entra ID environment we assess.
Need expert guidance now?
Don't wait for the blog post. Book a session and get answers today.