April 10th, 2026
Craig Taylor
A Practical Brief for vCISOs THE WARNING WE IGNORED OR COULD NOT UNDERSTAND For years, the most credible voices in AI research have issued the same warning. Treat artificial intelligence with the same institutional seriousness the world applied to nuclear technology. Warren Buffet put it plainly at the 2024 Berkshire Hathaway shareholder meeting: “We let […]
Read More
March 31st, 2026
Craig Taylor
A guide to spotting senior executive impersonation scams before the fake CEO gets a real wire transfer. It Starts With a Message That Feels Important You get an email or a call. The name on the screen is your CEO or CFO. The tone is serious. There is a confidential deal happening, an acquisition, a […]
Read More
March 24th, 2026
Craig Taylor
Artificial Intelligence (or AI) is making phishing emails smarter, malware sneakier, and credential theft easier putting each of us at increased risk of attack and compromise. Criminals are using AI to do something old-school security tools were never built to stop. They are making attacks look like normal, everyday activity. Not scary. Not obvious. Just […]
Read More
March 10th, 2026
Craig Taylor
Your inbox sees dozens of emails every day that look completely routine. A DocuSign notification fits right in. A document is waiting. Someone needs a signature. You know the drill. Attackers know the drill too, and they have built entire phishing campaigns around abusing your DocuSign trust. Why DocuSign Makes a Perfect Cover DocuSign is […]
Read More
March 3rd, 2026
Craig Taylor
And yes, Google’s Gemini AI had no idea it was working for the bad guys. Malware has always followed a script. Literal, hardcoded, rigid instructions telling it exactly where to tap, what to steal, and how to hide. For years, that rigidity was also its weakness. Change the screen layout, update the operating system, or […]
Read More
February 24th, 2026
Craig Taylor
Ransomware groups are not breaking in organizations the same way they did five years ago. The entry methods have shifted, and understanding that shift is one of the most useful things you can do to protect your organization right now. Ryan Smith’s recent linked analysis, “Shifting the Front Door: How Ransomware Initial Access Has Changed,” […]
Read More
February 17th, 2026
Craig Taylor
If a Chrome extension promises to remove security pop-ups and generate MFA codes, that should make you pause. However, thirty-three people did not pause. Recently, security researchers uncovered a malicious Chrome extension called CL Suite by @CLMasters, ID jkphinfhmfkckkcnifhjiplhfoiefffl. It was uploaded to the Chrome Web Store on March 1, 2025. At the time of […]
Read More
February 10th, 2026
Craig Taylor
Cyberattacks usually start with phishing emails or weak passwords. This one did not. Security researchers recently uncovered malicious browser extensions stealing ChatGPT session tokens. These extensions looked harmless. Some were even available in official extension stores. Once installed, they quietly took over active ChatGPT sessions without triggering alerts. No fake login page. No stolen password. […]
Read More
February 3rd, 2026
Craig Taylor
Not surprising when Trouble Ensues Last summer, the interim head of a major U.S. cybersecurity agency uploaded sensitive government contracting documents into the public version of ChatGPT. These files were marked “For Official Use Only”, meaning they were sensitive (but not secret or top secret). When placed into the public LLM, they may be used […]
Read More
January 27th, 2026
Craig Taylor
And How to Fix Them Let me make an educated guess. You moved to Google Workspace because it was supposed to make things easier. Maybe surprisingly, it did! Score one for Google! However, maybe that utility was disrupted one day by someone forwarded 3,000 customer emails to their personal email on their last day of […]
Read More