Cybersecurity writer and analyst. Covering breaches, threats, and vulnerabilities — analysis beyond the headline.
Cyber Attacks
Ghostwriter built operational security into its phishing lure. Send the campaign's malicious PDF to a Ukrainian IP and it triggers the attack chain. Send it anywhere else — including to the analysts investigating it — and they get a harmless document.
Threat Intelligence
Salt Typhoon spent three months inside an Azerbaijani oil and gas company — a target type it normally ignores. Bitdefender's assessment of why is the part that matters: Chinese APT targeting now follows energy geopolitics in real time.
Cyber Attacks
Russian government hackers tried to hijack the Signal account of the wrong person. Donncha Ó Cearbhaill investigates spyware for a living — so he reverse-engineered the campaign and found himself one of 13,500+ targets. The 'snowball' methodology is the lesson.
Supply Chain Attack
RubyGems temporarily turned off new signups after what its security partner called a major malicious attack — hundreds of packages, DDoS, spam, and exploits hitting at once. The halt is the response model defenders should remember.
AI Security
Germany's top cybersecurity official told lawmakers that China is close to building an AI model with superhacking capabilities — developed in secret. The warning lands a month after Anthropic gated Mythos. AI cyber capability is now great-power competition.
Cyber Attacks
An Iranian state-sponsored APT spent early 2026 conducting espionage while wearing the Chaos ransomware brand as a costume. Rapid7 pulled back the curtain. The Microsoft Teams screen-sharing tradecraft is why IR triage needs updating.
Application Security
Three unrelated threat actors arrived at the same conclusion in March and April: the developer workstation is the best ROI beachhead. CSO Online's framing — the Developer Credential Economy — is the editorial line CISOs should adopt this quarter.
Data Breaches
Cerner discovered the breach in February 2025. Atrium Health patients only learned this week. The 15-month gap — across 16 health systems through one Oracle-owned vendor — is the year's clearest HIPAA business-associate accountability test.
Data Breaches
Comcast just agreed to write a $117.5 million check over a vulnerability it didn't write. The Xfinity settlement is the first major Citrix Bleed bill to come due — the precedent it sets for shared customer-vendor liability is the part defenders should read twice.
Cyber Attacks
Foxconn confirmed a cyberattack on its North American factories. Nitrogen ransomware claims 8TB and 11M+ files including Apple, NVIDIA, Google, Intel, and Dell project documentation. Mount Pleasant AI server factory was offline for a week.
Data Breaches
Odido's CEO confirmed May 12 that the Dutch telecom will not compensate 6.2 million ShinyHunters breach victims. Dutch prosecutors are investigating whether the company retained data beyond GDPR limits. The CRM compromise pattern matches the broader ShinyHunters Salesforce campaign.
Policy & Government
ICE Assistant Director Matthew Elliston disclosed at the Border Security Expo that agents now reach a 20-million-person list from their iPhones via Palantir's ELITE system. The Mobile Fortify accuracy claim is in tension with 404 Media's January reporting.