Security research, product updates, and field notes
Practical guidance for security leaders and practitioners building with agentic AI.
Logging Made Easy: CISA releases swansong for accessible SIEM for the masses
Logging Made Easy shows that many organisations can get most of the practical SIEM outcome without handing their budget and engineering calendar to licence gravity. Its biggest weakness is not price. It is the licensing wall around turning it into a clean managed-service offer.
ChatGPT is becoming part of the enterprise control plane
ChatGPT Apps, MCP servers, connectors, and tool invocation change the security problem from chatbot usage to enterprise control-plane risk.
NoiseCloud turns YouTube into a DLP problem
NoiseCloud is framed as weird storage, but the security lesson is cleaner than that: if a platform accepts user video, it can become a bulk data carrier. DLP programs need to think beyond files, forms, and obvious cloud drives.
Drupal Core SQL injection is a useful reminder that CMS risk never really left
CISA listed this issue as known exploited. The useful SOC question is where the affected system sits, what it can reach, and whether logs can prove if it was touched.
Langflow CORS exposure is a quiet AI-workflow data-path problem
CISA listed this issue as known exploited. The useful SOC question is where the affected system sits, what it can reach, and whether logs can prove if it was touched.
Cisco SD-WAN controller authentication bypass is a control-plane incident waiting to happen
CISA listed this issue as known exploited. The useful SOC question is where the affected system sits, what it can reach, and whether logs can prove if it was touched.
LiteLLM SQL injection is what happens when AI gateways become real infrastructure
CISA listed this issue as known exploited. The useful SOC question is where the affected system sits, what it can reach, and whether logs can prove if it was touched.
PAN-OS captive portal exploitation risk puts identity-facing firewall services under pressure
CISA listed this issue as known exploited. The useful SOC question is where the affected system sits, what it can reach, and whether logs can prove if it was touched.
ConnectWise ScreenConnect path traversal keeps remote-support tooling in the attacker playbook
CISA listed this issue as known exploited. The useful SOC question is where the affected system sits, what it can reach, and whether logs can prove if it was touched.
Marimo RCE is another reason notebooks and data apps need production-grade controls
CISA listed this issue as known exploited. The useful SOC question is where the affected system sits, what it can reach, and whether logs can prove if it was touched.
Cisco SD-WAN privileged API issues turn network management into a hunt target
CISA listed this issue as known exploited. The useful SOC question is where the affected system sits, what it can reach, and whether logs can prove if it was touched.