Security Operations Blog
Technical articles on vulnerability management, threat detection, compliance automation, and building a security program that works.
Attackers claimed 1,500+ orphan Arch User Repository packages through legitimate adoption, then chained a malicious atomic-lockfile npm dependency, an eBPF rootkit, and a credential sweep. Detection gaps, MITRE mapping, and a blue-team response playbook.
ShinyHunters spent two weeks exploiting CVE-2026-35273, a CVSS 9.8 pre-authentication RCE in Oracle PeopleSoft PSEMHUB, breaching 100+ organizations before Oracle's emergency patch landed. Detection gaps, MITRE mapping, and a blue-team response playbook.
An IKEv1 certificate validation flaw lets an unauthenticated attacker complete a Check Point VPN session without a valid password, and a Qilin ransomware affiliate is already inside. Detection gaps, MITRE mapping, and a blue-team response playbook.
An authenticated netadmin can ride a crafted CLI input into full root on Cisco Catalyst SD-WAN Manager with no patch yet shipped. Detection gaps, MITRE mapping, and a blue-team response playbook.
A Mini Shai-Hulud variant abused GitHub Actions OIDC to republish 96 malicious versions across 32 official @redhat-cloud-services npm packages on June 1, sweeping AWS, GCP, Azure, and CI/CD secrets while self-replicating. Detection gaps, MITRE mapping, and a blue-team response playbook.
An authentication bypass in PAN-OS GlobalProtect lets attackers forge override cookies and pull unauthorized VPN tunnels into internal networks. Active exploitation, detection gaps, MITRE mapping, and a blue-team response playbook.
The Megalodon campaign pushed 5,718 malicious commits across 5,561 repositories, injecting GitHub Actions workflow files that exfiltrate CI/CD secrets with stolen tokens. CISA advisory, detection gaps, MITRE mapping, and a blue-team response playbook.
A malicious Nx Console VS Code extension (nrwl.angular-console v18.95.0) ran for 18 minutes, stealing developer credentials and breaching roughly 3,800 GitHub internal repos. CVE-2026-48027 detection gaps, MITRE mapping, and a blue-team response playbook.
A live supply-chain campaign planted 34 credential-stealing packages and 384+ versions across three ecosystems, even poisoning AI assistant context files. Detection gaps, MITRE mapping, and a blue-team response playbook.
A supply-chain attacker rewrote git tags across four Composer packages to deploy a cross-platform credential stealer via autoload.files. Detection gaps, MITRE mapping, and response playbook.
BAS safely simulates real cyberattacks to test your defenses. How it works, BAS vs pentesting, MITRE ATT&CK mapping, and why every security team needs continuous validation.
Cloud SaaS security tools send your most sensitive data to third-party servers. Local-first means your logs, source code, and credentials never leave your hardware.
Enterprise SIEMs cost a fortune and small teams fly blind without log correlation. What a SIEM actually does, why it matters, and how local-first detection and BAS validation close the gap.
What MITRE ATT&CK actually is, how to map your detections, coverage gaps most teams miss, and how to validate your coverage with BAS.
Manual compliance is killing small teams. How to automate evidence collection across SOC 2, ISO 27001, HIPAA, PCI DSS, and NIST frameworks.
Phase 1: Visibility. Phase 2: Protection. Phase 3: Validation. Phase 4: Governance. The complete playbook for going from zero to a working program.
CVSS was designed for a world that no longer exists. Multi-layer scoring models factor in exploit maturity, business context, and threat intelligence.
Combining EPSS probability with CISA KEV binary signals produces a prioritization model that outperforms CVSS Base Score in every measurable category.
What SOC 2 actually requires for vulnerability management, how to automate evidence collection, and common audit findings to avoid.
A step-by-step operational guide: asset discovery, scanning cadence, triage workflow, SLAs, and board reporting.
Practical patterns for embedding static analysis into build pipelines without slowing developers down.
How local AI models generate context-aware remediation guidance -- complete with code snippets, deployment steps, and rollback procedures.
The vulnerability management market charges enterprise prices for problems that can be solved with better tooling.
Cross-referencing KEV, ransomware campaign data, and EPSS to build a prioritization list focused on the CVEs ransomware operators actively weaponize.
Most organizations face multiple compliance frameworks. Cross-mapping controls reduces duplication and simplifies evidence collection.