The Great Wall of China was built to slow northern raiders and prevent steppe armies from riding straight into the empire’s heart. Yet in 1644, its most impregnable fortress fell without a siege. At Shanhai Pass, where the wall meets the Bohai Sea, General Wu Sangui commanded the eastern gate. Behind him: a rebel army…
Category: Commentary
AI, Artificial Intelligence (AI), china, Cloud Security, Commentary, Data Breaches, Exploits, Global Security News, malware, Network Security, op-ed, privacy, Risk Management
AI security’s ‘Great Wall’ problem
The Great Wall of China was built to slow northern raiders and prevent steppe armies from riding straight into the empire’s heart. Yet in 1644, its most impregnable fortress fell without a siege. At Shanhai Pass, where the wall meets the Bohai Sea, General Wu Sangui commanded the eastern gate. Behind him: a rebel army…
AI, APAC, Apps, Cloud Security, Commentary, Compliance, Cybersecurity, Data Breaches, Enterprise resource planning (ERP) systems, Europe, Exploits, Global Security News, Jaguar Land Rover, Risk Management, SAP, ShinyHunters
Why boards should be obsessed with their most ‘boring’ systems
Following a series of high-profile cyberattacks, boards of directors are now requiring their organizations to take greater responsibility for the risks posed by enterprise resource planning (ERP) systems pose after a series of high-profile cyberattacks. The Jaguar Land Rover (JLR), incident in Sept. 2025 illustrates the severe consequences of such attacks. The cyberattack forced JLR…
API security, AppSec, Cloud Security, Commentary, Exploits, Global Security News
We moved fast and broke things. It’s time for a change.
The phrase “Move fast and break things” is a guiding philosophy in the technology industry. The phrase was coined by Meta CEO and founder Mark Zuckerberg more than two decades ago: an operational directive for Facebook developers to prioritize speed and innovation even at the cost of stability. “Unless you are breaking stuff,” Zuckerberg told…
AI, Artificial Intelligence (AI), Asia Pacific, china, Commentary, Global Security News
Cybersecurity can be America’s secret weapon in the AI race
Much of the public conversation about the U.S. “winning” the AI race with China centers exclusively on each nations’ ability to develop and implement leading AI models. But amid escalating cyber threats, the rising reality is that the race will not be won merely by the nation with the most advanced technology, but the one…
Commentary, Global Security News, Microsoft, op-ed
If you don’t control your keys, you don’t control your data
A recent Forbes investigation revealed that Microsoft has allegedly been handing over Bitlocker encryption recovery keys to law enforcement when served with warrants. Microsoft says it receives about 20 such requests annually. Taken narrowly, this may appear to be a routine case of lawful compliance. On closer inspection, it raises a consequential question about how…
AI, api, Artificial Intelligence (AI), Commentary, Exploits, Global Security News
Predator bots are exploiting APIs at scale. Here’s how defenders must respond.
The rise of malicious bots is changing how the internet operates, underscoring the need for stronger safeguards that keep humans firmly in control. Bots now account for more than half of global web traffic, and a new class of “predator bots” has emerged, unleashing self-learning programs that adapt in real time, mimic human behavior, and…
Artificial Intelligence (AI), Commentary, disinformation, Exploits, Global Security News, large language models, Uncategorized
The quiet way AI normalizes foreign influence
Americans are being taught to trust propaganda. Often, it’s not intentional. A classic bit of advice for separating propaganda from real research is “Check the citations.” If the sources support the analysis, the material can be trusted. But AI is changing the rules of the game. In December, the White House announced new guidance to…
Commentary, Cyber warfare, Cybersecurity, Geopolitics, Global Security News
Is the US adopting the gray zone cyber playbook?
When President Trump referenced America’s ability to “darken” parts of Caracas during Operation Absolute Resolve, the comment stood out not because of what it confirmed, but because of what it implied. Delivered without technical detail, the remark hinted at capabilities that sit somewhere between diplomacy and force, and between cyber operations and traditional military action.…
AI, Artificial Intelligence (AI), Commentary, Global Security News, Workforce
Why cybersecurity cannot hire its way through the AI era
The cybersecurity industry has been battling a talent shortage and skills gap for years. Meanwhile, organizations need a new way to approach risk management proactively and more effectively. AI seems the clear answer to both. Open tech roles are trending down or flat, while demand for AI skills is climbing fast. It’s structural change that…
Commentary, Cybersecurity, Global Security News, Government, Policy, Threats
Time to restore America’s cyberspace security system
China’s campaign to break into our critical infrastructure and federal government networks is persistent and growing. Beijing is stealing information while also planting tools and maintaining access in key systems, giving it the option to pressure the United States in the future. Russia also continues to test our critical infrastructure with increasingly sophisticated operations, support…
AI, Artificial Intelligence (AI), Commentary, Compliance, Global Security News, op-ed
AI doesn’t care if it’s in California or Texas. It just runs.
Artificial intelligence is evolving faster than regulators can keep up. In the absence of federal guidance, states have taken matters into their own hands. California’s S.B. 53 is only one example of a state attempting to shape how AI is built and used. Although these laws are well-intentioned and help protect consumers and promote transparency…
agentic ai, AI, Artificial Intelligence (AI), Commentary, Global Security News
How to determine if agentic AI browsers are safe enough for your enterprise
Agentic AI browsers like OpenAI’s Atlas have debuted to major fanfare, and the enthusiasm is warranted. These tools automate web browsing to close the gap between what you want to accomplish and getting it done. Rather than manually opening multiple tabs, you can simply tell the browser what you need. Ask it to file a…
AI, Artificial Intelligence (AI), Commentary, Cybersecurity, Global Security News, Threats
New cybersecurity guidance paves the way for AI in critical infrastructure
Global cybersecurity agencies have issued the first unified guidance on applying artificial intelligence (AI) within critical infrastructure, signaling a major shift from theoretical debate to practical guardrails for safety and reliability. The release of joint guidance on Principles for the Secure Integration of Artificial Intelligence in Operational Technology marks a meaningful milestone for critical infrastructure…
Commentary, Cybersecurity, Emerging Tech, Global Security News, Government, Policy
The ten key reforms that can close America’s cybersecurity gaps
For decades, the United States government and private sector have worked tirelessly to secure cyberspace, yet our nation remains frighteningly vulnerable to a litany of cyberthreats posed by cybercriminals and foreign adversaries alike. Daily news reports of cyber intrusions ranging from criminal ransomware attacks to foreign state-sponsored intrusions into power, water, and other critical infrastructure systems…
Commentary, critical infrastructure, Exploits, Global Security News, op-ed, operational technology, Technology
‘Stranger Things’ emerge when OT security is stuck in the past
The final season of “Stranger Things” is upon us, and 1980s nostalgia is at an all-time high. The clunky control panels at Hawkins Lab help set the stage for the show. The unfortunate reality is that similar legacy systems still exist in operational technology (OT) environments today. Just as Hawkins Lab spawned a monstrous compendium…
api, Commentary, Cybersecurity, Exploits, Global Security News, OAuth, op-ed
When trust turns toxic: Lessons from the Salesloft Drift incident
The recent Salesloft Drift breach offered a sobering reminder of how easily trust can be weaponized in today’s SaaS and AI-integrated environments. In this incident, hackers exploited the Drift chatbot, stole OAuth tokens, and used them to obtain data from CRM systems before the tokens could be revoked. In the wake of the incident, many…
Commentary, Cybersecurity, Exploits, FedRAMP, FISMA, Global Security News, Government
Legacy web forms are the weakest link in government data security
Federal, state, and local government agencies face a critical vulnerability hiding in plain sight: outdated web forms collecting citizen data through insecure channels. While agencies invest in perimeter security and threat detection, many continue using legacy forms built years ago without modern encryption, authentication, or compliance capabilities. These aging systems collect Social Security numbers, financial…
Commentary, Cybercrime, Financial, Geopolitics, Global Security News, Government
Five Eyes just made life harder for bulletproof hosting providers
The Treasury Department, along with officials from the United Kingdom and Australia, imposed sanctions Wednesday against two bulletproof hosting providers and key people involved in their operations, in a globally coordinated effort aimed at thwarting the role these services have in enabling ransomware, phishing operations, and data extortion campaigns around the world. Authorities sanctioned Media…
Commentary, critical infrastructure, Cybersecurity, Global Security News, Workforce
The realities of CISO burnout and exhaustion
CISOs are facing unprecedented challenges to their mental health due to today’s rapidly evolving threat landscape. They are often held accountable if a breach or disruption occurs, and the average tenure for a CISO tends to decrease significantly after such incidents. This constant pressure makes it difficult for them to find peace, let alone get…
Commentary, Global Security News, Money, Threats, Workforce
The retail sector needs a cybersecurity talent incubator
Retail giants have a target on their backs. Hackers are picking them apart at a rate rarely seen in other industries. Louis Vuitton and Dior are part of a growing number of household names affected. Their breaches alone may have cost them upwards of $25 million. Moreover, Google has warned that the hacker group that…
CISA, Commentary, Cybersecurity, Global Security News, Government, Policy
CISA’s expiration leaves a dangerous void in US cyber collaboration
On Sept. 30, 2025, the Cybersecurity Information Sharing Act (CISA 2015) officially expired, ending a decade-long framework that helped government and industry share cyber-threat data safely and consistently. For the first time in ten years, the United States lacks the statutory foundation that underpinned its public-private threat-intelligence ecosystem. At a time when adversaries are exploiting…
Commentary, Compliance, Cybersecurity, Exploits, Global Security News, op-ed, Policy
The quiet revolution: How regulation is forcing cybersecurity accountability
Cybersecurity headlines still focus on the headline-grabbing moments, whether it’s the latest breach, a zero-day exploit, or an eye-catching product launch. However, beneath the surface noise, a quieter but more profound transformation is taking place—driven by regulations that are changing the way organizations think about, approach, and communicate on security.” Across the globe, new standards…
Commentary, Cybersecurity, Election Security, Exploits, Global Security News, Government, Policy
How the F5 breach, CISA job cuts, and a government shutdown are eroding U.S. cyber readiness
The federal cybersecurity system is weathering a series of crises that couldn’t have arrived at a worse time. The F5 security breach from Oct. 15, the proposed elimination of more than 1,000 jobs at the Cybersecurity and Infrastructure Security Agency (CISA), and the ongoing federal government shutdown have created a perfect storm that is not…
Commentary, Cybersecurity, Global Security News, Government, NotPetya
Don’t let Congress punt on cyber insurance reform
Sixty million school children’s personal information exposed. Thousands of flights canceled. A venerated retailer brought to its knees. Dire warnings from public officials about urgent threats to our national security. This isn’t speculative fiction. These are all real incidents that have happened in the last year. The stakes in cyberspace are high and growing, especially…
Artificial Intelligence (AI), china, Commentary, Cybersecurity, Global Security News, Government
Government and industry must work together to secure America’s cyber future
At this very moment, nation-state actors and opportunistic criminals are looking for any way to target Americans and undermine our national security. Their battlefield of choice is cyberspace. Cybersecurity is the preeminent challenge of our time, and threats to our networks impact far more than just our data––they impact the resilience of our communities, the…
APT, china, Commentary, Cybersecurity, Exploits, Global Security News, Uncategorized
Shifting from reactive to proactive: Cyber resilience amid nation-state espionage
In recent years, the cybersecurity industry has made significant strides in securing endpoints with advanced Endpoint Detection and Response (EDR) solutions, and we have been successful in making life more difficult for our adversaries. While this progress is a victory, it has also produced a predictable and dangerous consequence where threat actors are shifting their…
Commentary, Cybersecurity, Global Security News, op-ed, Secure Hosting Alliance, web hosting
Why the web-hosting industry needs a trust seal
Every day, billions of people place their trust in websites they know little about. Behind each one is a hosting provider, but not all of them play by the same rules. Traditionally, privacy policies let web visitors understand how their data would be handled, and SSL (Secure Sockets Layer) certificates ensured their connection was encrypted.…
AI, Artificial Intelligence (AI), Commentary, cybersecurity training, Global Security News
Red, Blue, and Now AI: Rethinking Cybersecurity Training for the 2026 Threat Landscape
Cybersecurity today is defined by complexity. Threats evolve in real time, driven by AI-generated malware, autonomous reconnaissance, and adversaries capable of pivoting faster than ever. In a recent survey by DarkTrace of more than 1,500 cybersecurity professionals worldwide, nearly 74% said AI-powered threats are a major challenge for their organization, and 90% expect these threats…
Asia Pacific, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Government, Uncategorized
CISA is facing a tight CIRCIA deadline. Here’s how Sean Plankey can attempt to meet it
During a Senate Homeland Security and Governmental Affairs Committee hearing earlier this month in which lawmakers considered if Sean Plankey is fit to become director of the Cybersecurity and Infrastructure Security Agency, ranking member Gary Peters asked the CISA nominee how he would ensure the agency meets all of its statutory requirements, including those in…
Asia Pacific, Commentary, Global Security News, Microsoft, Software
Microsoft’s software licensing playbook is a national security risk
News of two major Microsoft security events in as many weeks should concern every federal agency, not just because of the breaches themselves, but because of what they reveal about how the company does business. First, ProPublica uncovered that Microsoft allowed Chinese engineers to work on sensitive U.S. military cloud projects under the supervision of…
Asia Pacific, Commentary, Geopolitics, Global Security News, Government, Technology, Threats
Why it’s time for the US to go on offense in cyberspace
The U.S. is stepping into a new cyber era, and it comes not a moment too soon. With the Trump administration’s sweeping $1 billion cyber initiative in the “Big Beautiful Bill” and growing congressional momentum under the 2026 National Defense Authorization Act (NDAA) to strengthen cyber deterrence, we’re seeing a shift in posture that many…
Commentary, Global Security News
New White House cyber executive order pushes rules as code
In an era characterized by escalating cybersecurity threats, rapidly evolving technological landscapes, and heightened regulatory demands, organizations face significant pressure to modernize their Governance, Risk, and Compliance (GRC) practices. The federal government is also pivoting toward automation, with Policy-as-Code (PaC) becoming a foundational element in modern cybersecurity governance and compliance. A critical driver accelerating this…
AI, Artificial Intelligence, Commentary, Emerging Tech, Global Security News, security development, supply chain security
The dual reality of AI-augmented development: innovation and risk
When JPMorgan Chase CISO Patrick Opet published an open letter to software suppliers in April, he wasn’t just raising concerns — he was sounding an alarm. The numbers from the 2025 Verizon Data Breach Investigations Report should make every security leader lose sleep: 30% of breaches now involve third-party components, doubling from last year. But…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Emerging Tech, Global Security News, Government, op-ed, Salt Typhoon, Volt Typhoon
Don’t let DOGE destroy CISA
Cybersecurity is the frontline of our national security. President Donald Trump and his adviser, Elon Musk, are doing more damage to our cyber defenses than Moscow or Beijing have done in decades. They are taking our defense off the field and hoping our enemies don’t take a shot at the end zone. They are wrong,…
Commentary, Cybersecurity, encryption, Global Security News, op-ed, post-quantum encryption, quantum computing
Preparing for the post-quantum era: a CIO’s guide to securing the future of encryption
Quantum computing is on the verge of revolutionizing the technology landscape, much like AI did in 2024. By the end of 2025, quantum computing will emerge as a defining force, ushering in a new era filled with both unprecedented opportunities and significant challenges in securing digital assets. While state-of-the-art quantum computers aren’t yet capable of…
Commentary, encryption, Exploits, Global Security News, op-ed, signal
After Signal controversy, do private conversations online exist anymore?
Every day, we place our trust in technology. Whether in the boardroom or the living room, technology has become the linchpin of security that protects our most sensitive and private information. And more so than any time in our history, that goes for our conversations, too. Intimate discussions with our spouse or romantic partner. Collaboration…
Asia Pacific, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Donald Trump, Executive order, FEMA, Global Security News, Government, information sharing and analysis centers (ISACs), maritime cybersecurity, op-ed
Rebuilding Maritime Cybersecurity Resilience: Charting an America First Course to Secure the U.S. Homeland
U.S. ports are vital to the flow of imports and exports; however, the entire maritime transportation system’s cybersecurity is exceedingly vulnerable. The August 2024 ransomware attack at the Port of Seattle resulted in significant cargo delays and a data breach of 90,000 individuals. Such a wide-scale incursion could have resulted in a longer loss of…
Commentary, Cybersecurity, Global Security News, Security Bloggers Network
Trump’s Retaliation Against Chris Krebs — and the Cybersecurity Industry’s Deafening Silence
Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), was fired by Donald Trump in 2020 for publicly affirming that the presidential election was secure and free from widespread fraud. Fast-forward to April 2025: Trump, now back in the White House, issued an executive order revoking Krebs’ security clearances and ordering…
Commentary, Global Security News
US must prioritize cybersecurity training for the military’s engineers
The post US must prioritize cybersecurity training for the military’s engineers appeared first on CyberScoop.
Commentary, Global Security News, Security Bloggers Network
Senator Susan Collins’ Betrayal of Maine Demands Accountability
I sent this as an op-ed to the Portland Press Herald but have no delusion they will ACK it or post even a small part of it. As a longtime Mainer and independent voter, I have watched Senator Susan Collins’ career with cautious optimism, hoping her self-branded image as a moderate willing to cross party…
AI, AI Cybersecurity, Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Emerging Tech, Global Security News, Government, Joint Cyber Defense Collaborative (JCDC)
CISA’s AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution
As autonomous agents increasingly enter organizations, nation-state actors are turning to these AI-powered technologies to undermine our national security and critical infrastructures. As a result, today’s security teams need to be able to fight AI with AI, and understand the technology’s implications from both a defensive and offensive perspective. Similarly, our national defenses have to…
Commentary, Exploits, Global Security News, Java, Javascript
Java security: If you ain’t cheatin,’ you ain’t tryin’
Most industries have rules of engagement. In sports, there are referees. In business, there are regulations. In government, there are Robert’s Rules of Order. Cybersecurity is different. There are regulations, but they don’t limit how much we can defend ourselves. They focus on compliance, breach reporting, and risk management, not on dictating the strategies we…
antitrust, Commentary, Department of Justice (DOJ), Europe, Global Security News, Google
Government battles against tech could leave consumers less secure
Regulators around the globe are seeing the market power of consumer-facing tech companies and bringing cases against some of the industry’s biggest household names. They portray these legal fights as the conflicts of giants: the companies versus government regulators. Regulators have an essential mission to ensure companies play by the rules, preserving competition and giving…
Commentary, critical infrastructure, Global Security News, Transportation Security Administration (TSA)
From qualitative to quantifiable: Transforming cyber risk management for critical infrastructure
Around the world, attacks against critical infrastructure have become increasingly common. More and more, these aggressions are carried out via mice and keyboards rather than bombs and missiles, such as with the 2021 ransomware attack on Colonial Pipeline. From a military strategy perspective, it’s easy to understand why, as cyberattacks against infrastructure can be executed…
Commentary, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, MOVEit Transfer, resilience, Salt Typhoon, Volt Typhoon
Restoring U.S. cyber resilience: A blueprint for the new administration
As the incoming Trump administration prepares to take office, it confronts a critical juncture for cybersecurity. The escalating digital threats from state-sponsored adversaries like China, Iran, North Korea and Russia coincide with fractured global governance and a shifting domestic policy landscape. This moment presents a unique opportunity for the administration to establish itself as a…
Commentary, Global Security News, health care
How HHS has strengthened cybersecurity of hospitals and health care systems
Hospitals and health systems across the country are experiencing a significant rise in cyberattacks. These cyber incidents have caused extended disruptions, patient diversion to other facilities, and the cancellation of medical appointments and procedures — all of which undermine patient care and safety. These attacks also expose vulnerabilities in our health care system and degrade…
Commentary, Exploits, Global Security News, security theater
What is ‘security theater’ and how can we move beyond it?
Conventional wisdom assumes that the more vulnerabilities a security tool flags, the easier it will be for a company to secure its infrastructure. In theory, layering more tools into a tech stack should equal more effective attack surface monitoring, right? Well, reality isn’t quite panning out like that. If anything, tool sprawl has created an…
Asia Pacific, china, Commentary, critical infrastructure, Cybersecurity, Federal Communications Commission, Geopolitics, Global Security News, Government, Salt Typhoon, Threats, White House
Feds lay blame while Chinese telecom attack continues
The United States’ telecommunications infrastructure has been infiltrated by actors affiliated with China. Some of our nation’s most powerful leaders have been targeted — including President-elect Donald Trump and Vice President-elect JD Vance. This is one of the most severe cybersecurity incidents against telecom the United States has ever been subject to, and — worse…
Climate, Commentary, Global IT News, Global Security News, vc trends
If climate tech is dead, what comes next?
Climate tech is about a decade old, and people are itching for a rebrand. © 2024 TechCrunch. All rights reserved. For personal use only.
Commentary, Cybersecurity, Exploits, Global Security News, Government, Policy, resilience, Salt Typhoon
Why Americans must be prepared for cybersecurity’s worst
The interconnected world we live in has brought incredible opportunities for growth in America. It’s made life better in ways we don’t think about — from the phone in your pocket to the groceries at your local store, networks touch and affect almost all aspects of our daily lives. But there is an old adage…
Commentary, Cybersecurity, Exploits, Global Security News, Government, Policy, resilience, Salt Typhoon, Volt Typhoon
Why Americans must be prepared for cybersecurity’s worst
The interconnected world we live in has brought incredible opportunities for growth in America. It’s made life better in ways we don’t think about — from the phone in your pocket to the groceries at your local store, networks touch and affect almost all aspects of our daily lives. But there is an old adage…