Tuesday - July 14th, 2026
Apple News
×

What can we help you find?

Open Menu
Craig Taylor CEO and Co-Founder

Craig Taylor is a Certified Information Systems Security Professional (CISSP) since 2001, and a 30-year veteran of Cybersecurity. In 2014 he co-founded a cybersecurity training company - CyberHoot - to help SMBs and MSPs learn cyber literacy. During his career, Craig has led cybersecurity organizations in Web Hosting (CSC), Finance (JP Morgan Chase), and manufacturing (Vistaprint). Additionally, Craig leads a cybersecurity consultancy that has delivered virtual Chief Information Security Officer (vCISO) services to more than 5o companies (all sizes and industries). Craig is a Toastmaster (public speaking), a Rotarian (Portsmouth, NH), and a fundraiser for Cancer research having raised 150k riding in the Pan Mass Challenge for 11 years.

Recent Content

Loading...
Urgency, Emotion, Authority: How One Scammer Almost Got Inside A Cpa Firm &Raquo; 2635
Urgency, Emotion, Authority: How One Scammer Almost Got Inside a CPA Firm

Tax season keeps accountants busy, and it keeps scammers busy too. Early this summer, a CPA firm became the target of someone posing as a new client. The scammer spent weeks building trust before maki…

Tax season keeps acc…

Tax season keeps accountants busy, and it keeps scammers busy too. Early this summer, a CPA firm became the target of someone posing as a new client. The scammer spent weeks building trust before making a move. The good news is this story ends well. The better news is you get to learn from it without living through it. The Setup The contact arrived through the CPA firm’s website contact us page. The prospective client had a name, a personal backstory, and a reasonable set of questions about tax preparation. They were too ill to file taxes and could the CPA firm help them file late? Ov…

Read More
The Ransomware An Ai Model Built Without Trying &Raquo; 2635
The Ransomware an AI Model Built Without Trying

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model helped design without anyone teaching it how. No skilled coder sat down and wrote this att…

Researchers went loo…

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model helped design without anyone teaching it how. No skilled coder sat down and wrote this attack line by line. Instead, an AI chatbot pieced most of it together from a single broad request, and in the end, part of it worked exactly as intended by whoever asked. This story fits a bigger pattern facing society and keeping security professionals up at night. AI tools are changing what cyber attacks look like, how damaging they are, and who can build them. People with no coding background …

Read More
Cyberhoot Goes Fully Passwordless: Native Passkey Support Arrives For Administrators &Raquo; 2635
CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused, stolen, and leaked. Session tokens get hijacked. A single breach can spill credentials …

For four years, Cybe…

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused, stolen, and leaked. Session tokens get hijacked. A single breach can spill credentials across every site you own. Today, CyberHoot delivers native Passkey support for administrators, fulfilling a passwordless-first commitment we made on day one. Passwordless, all the way through End users have received password-less CyberHoot training since day one. Now administrators get a similar experience. Native Passkeys support gives CyberHoot administrators a passwordless experience as …

Read More
Don’t Score An Own Goal: Outsmart World Cup 2026 Scams &Raquo; 2635
Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans are expected to attend, and millions more will hunt online for tickets, streams, and jers…

The 2026 FIFA World …

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans are expected to attend, and millions more will hunt online for tickets, streams, and jerseys. Scammers prepared for this moment too. The FBI and several research teams report thousands of fake FIFA websites, malicious Streaming apps, and stolen logins already in circulation. The good news is simple. A few easy habits protect you from nearly all of it, and none of them cost a dime. Fake Ticket Sites Look Real, So Type the Address Yourself Researchers at Group-IB tracked more than…

Read More
Hackers Steal Your Cookies. Chrome May Help Stop Session Cookie Theft! &Raquo; Browser Adoption Of Session Cookie Theft Protection 1024X683 1
Hackers steal your cookies. Chrome may help stop Session Cookie Theft!

Google has built and released a new cookie protection measure that makes stolen session cookies useless on any other device for websites updated to support this approach. Here is what it does, who it …

Google has built and…

Google has built and released a new cookie protection measure that makes stolen session cookies useless on any other device for websites updated to support this approach. Here is what it does, who it helps, and what to do right now. The Short VersionInfostealer malware does not need your password or even your MFA Codes. All it needs is the small file your browser stores after you log in called a Session Cookie. For years, stealing that file alone was enough to impersonate you online, bypassing usernames, passwords, and even Multi-Factor Authentication (MFA). Chrome now ties that file to you…

Read More
Ai Found Your Weaknesses. Let’s Fix Them First. &Raquo; Screenshot 2026 06 01 At 2.34.03 Pm
AI Found Your Weaknesses. Let’s Fix Them First.

New benchmark data names MDASH and Claude Mythos Preview are the top AI agents finding zero-day vulnerabilities of 2026. They find software bugs better than any human can, in less time, with more proo…

New benchmark data n…

New benchmark data names MDASH and Claude Mythos Preview are the top AI agents finding zero-day vulnerabilities of 2026. They find software bugs better than any human can, in less time, with more proof than every before. Here is what that means for your organization, and what you can do about it today. AI Vulnerability Automation Beyond Human Capabilities – a New Normal in Bug HuntingDownload The rules just changed A few years ago, finding security holes in a network took a skilled human weeks of focused work. Today, AI systems do that same job in minutes, without breaks, withou…

Read More
Your Identity Is Not Only A Front-Door Problem, It Is An Internal Risk Too &Raquo; 2635
Your Identity Is Not Only a Front-Door Problem, It is an Internal Risk Too

One Forgotten Password, Almost a Catastrophe A single Windows machine at a Retail store location had a cached AWS access key sitting on it. Nobody put it there on purpose. A user logged in, AWS sto…

One Forgotten Passwo…

One Forgotten Password, Almost a Catastrophe A single Windows machine at a retail store location had a cached AWS access key sitting on it. Nobody put it there on purpose. A user logged in, AWS stored the key automatically, and life moved on. No alarms, no policy violations, no red flags. Except that one key, sitting quietly on one machine, had a path to 98% of that company’s cloud environment. Almost every critical workload the business ran, one forgotten credential away from disaster. Security researchers found it before an attacker did. Most organizations would never know it was …

Read More
Why Your Clients’ Routers Are Now A National Security Conversation &Raquo; Joint Guidance From 15 Cyber Intelligence Agencies 1024X928 1
Why Your Clients’ Routers Are Now a National Security Conversation

You now have five important reasons to start a router security conversation with your small business clients this week, especially those with work-from-home staff members. One of them has Russian mili…

You now have five im…

You now have five important reasons to start a router security conversation with your small business clients this week, especially those with work-from-home staff members. One of them has Russian military intelligence in the headline. This is your overview, talking points, and action plan. Why router security is front and center right now The FBI did not publish a warning and move on. They ran a court-authorized operation to take down a network of hijacked routers that Russia’s GRU Military Unit 26165, known as APT28 or Fancy Bear, was using for attacks. Routers in at least 23 U.S. sta…

Read More
Your Employees Connected 47 Apps To Google Last Year. Can You Name One Of Them? &Raquo; 2635
Your Employees Connected 47 Apps to Google Last Year. Can You Name One of Them?

OAuth tokens don’t expire when employees leave, passwords change, or apps go rogue. Your security program needs to understand this risk and remove unneeded and abandoned entitlements asap. Pictur…

OAuth tokens don’t…

OAuth tokens don’t expire when employees leave, passwords change, or apps go rogue. Your security program needs to understand this risk and remove unneeded and abandoned entitlements asap. Picture a spare key. You handed it to a contractor six months ago so they could fix your HVAC. The job is done. The contractor moved on. But the key still works, and you never asked for it back. That is more or less what happens every time someone at your company connects a third-party app to Google Workspace or Microsoft 365 using OAuth. Digital keys are created by your employees. They don’t expire,…

Read More
Attackers Don’t Need A Key. They Already Have Yours. &Raquo; 2635
Attackers Don’t Need a Key. They Already Have Yours.

Most breaches don’t start with a hacker in a hoodie cracking code at 3am. They start with your username and a password from a breach that happened three years ago at a site you forgot you signed up …

Most breaches don’…

Most breaches don’t start with a hacker in a hoodie cracking code at 3am. They start with your username and a password from a breach that happened three years ago at a site you forgot you signed up for. Picture a thief who skips picking the lock entirely because the key is sitting right there under the mat. That’s what most cyberattacks look like in 2026. Attackers aren’t writing exotic code to break into your systems. They’re logging in with credentials your employees already use, often credentials stolen from a completely different website years ago and sold for a few dollars onli…

Read More
Claude Mythos Opened Pandora’s Box. Project Glasswing Is Racing To Close It. &Raquo; The Race For Zero Day Dominance V1 1024X448 1
Claude Mythos Opened Pandora’s Box. Project Glasswing Is Racing to Close It.

A Practical Brief for vCISOs THE WARNING WE IGNORED OR COULD NOT UNDERSTAND For years, the most credible voices in AI research have issued the same warning. Treat Artificial Intelligence with th…

A Practical Brief fo…

A Practical Brief for vCISOs THE WARNING WE IGNORED OR COULD NOT UNDERSTAND For years, the most credible voices in AI research have issued the same warning. Treat artificial intelligence with the same institutional seriousness the world applied to nuclear Technology. Warren Buffet put it plainly at the 2024 Berkshire Hathaway shareholder meeting:“We let a genie out of the bottle when we developed nuclear weapons. AI is somewhat similar — it’s part way out of the bottle.” Source: CNN Business, May 2024If you’re like me, given the gravitas of the people warning us (Stephen Hawkin…

Read More
When The “Ceo” Calls And Asks You To Move Money Fast &Raquo; 2635
When the “CEO” Calls and Asks You to Move Money Fast

A guide to spotting senior executive impersonation scams before the fake CEO gets a real wire transfer. It Starts With a Message That Feels Important You get an email or a call. The name on the …

A guide to spotting …

A guide to spotting senior executive impersonation scams before the fake CEO gets a real wire transfer. It Starts With a Message That Feels Important You get an email or a call. The name on the screen is your CEO or CFO. The tone is serious. There is a confidential deal happening, an acquisition, a regulatory matter, something big. And they need you to move fast, quietly, and without telling anyone else. It feels urgent. It feels real. And that is exactly the point. Senior executive impersonation scams are one of the most common forms of financial fraud targeting businesses today. …

Read More