Another day of Cybersecurity
We’re in 2026, and inbox persistence is still here, and it’s one of the core pillars of the Microsoft 365 attack playbook. Once an attacker lands in a mailbox, they don’t rush to chase noisy privilege escalation. They go for … Read the rest
Exchange Online’s split architecture creates blind spots that BEC operators have been quietly exploiting. This post walks through four distinct techniques for creating inbox rules that evade standard detection surfaces, then examines the evasion combinations that leave most SIEM stacks … Read the rest
Harvest Now, Decrypt Later, or Decrypt Later, Damage Forever… Attackers are already collecting data.
If you work in security long enough, you eventually realize that most “future threats” are simply today’s threats with better marketing. Quantum computing is a perfect … Read the rest
Web browsers quietly handle credentials, tokens, and sensitive data for every tab we open, turning the browser into a critical security boundary. When that trust line cracks, even slightly, the impact can reach far beyond a single session or machine. … Read the rest
I love middleware, if it’s on Cloud Vendor, AI components, etc. This time is the AI Desktop Middleware.
As you remember, in the old days, AI was merely a guest in a browser, maybe locked securely within a browser sandbox … Read the rest
You know the drill. A major alert lands, and within minutes, your screen is drowning in browser tabs, multiple consoles, stale queries that return nothing useful, and half-written notes scattered across random text files named something like “incident-final-09.txt.” That kind … Read the rest
A Deep-Dive into Microsoft Foundry Guardrails, Adversarial Prompt Attacks, and Runtime LLM Defense. Part 1.
Embedding LLMs into production workloads without a runtime defense layer is the same architectural mistake as deploying internet-facing applications without a WAF. The attack surface … Read the rest
Microsoft’s AI Red Teaming Agent landed in public preview, and most of the coverage focused on the headline feature: automated adversarial scanning for generative AI systems. Fair enough. But after spending time with both the documentation and PyRIT, I want … Read the rest
