Your inbox sees dozens of emails every day that look completely routine. A DocuSign notification fits right in. A document is waiting. Someone needs a signature. You know the drill. Attackers know the drill too, and they have built entire phishing campaigns around abusing your DocuSign trust. Why DocuSign Makes a Perfect Cover DocuSign is […]

And yes, Google’s Gemini AI had no idea it was working for the bad guys. Malware has always followed a script. Literal, hardcoded, rigid instructions telling it exactly where to tap, what to steal, and how to hide. For years, that rigidity was also its weakness. Change the screen layout, update the operating system, or […]

Ransomware groups are not breaking in organizations the same way they did five years ago. The entry methods have shifted, and understanding that shift is one of the most useful things you can do to protect your organization right now. Ryan Smith’s recent linked analysis, “Shifting the Front Door: How Ransomware Initial Access Has Changed,” […]

If a Chrome extension promises to remove security pop-ups and generate MFA codes, that should make you pause. However, thirty-three people did not pause. Recently, security researchers uncovered a malicious Chrome extension called CL Suite by @CLMasters, ID jkphinfhmfkckkcnifhjiplhfoiefffl. It was uploaded to the Chrome Web Store on March 1, 2025. At the time of […]

Cyberattacks usually start with phishing emails or weak passwords. This one did not. Security researchers recently uncovered malicious browser extensions stealing ChatGPT session tokens. These extensions looked harmless. Some were even available in official extension stores. Once installed, they quietly took over active ChatGPT sessions without triggering alerts. No fake login page. No stolen password. […]

Not surprising when Trouble Ensues Last summer, the interim head of a major U.S. cybersecurity agency uploaded sensitive government contracting documents into the public version of ChatGPT. These files were marked “For Official Use Only”, meaning they were sensitive (but not secret or top secret). When placed into the public LLM, they may be used […]

And How to Fix Them Let me make an educated guess. You moved to Google Workspace because it was supposed to make things easier. Maybe surprisingly, it did! Score one for Google! However, maybe that utility was disrupted one day by someone forwarded 3,000 customer emails to their personal email on their last day of […]

Remember Heartbleed? That security nightmare from a few years back that made everyone panic about their passwords? Well, meet its distant cousin: MongoBleed. And if you’re running MongoDB anywhere in your organization, you need to know about this one. What Actually Happened? In mid-December 2025, security researchers discovered a flaw in MongoDB (a popular database […]

Remember 2020? We scanned QR codes for everything. Restaurant menus. Parking meters. That awkward moment at a wedding when someone wanted you to scan a code instead of signing a guestbook. We got comfortable. Maybe too comfortable. QR Codes Threats: A Brief History CyberHoot wrote about this threat way back in 2019. Others, like ProofPoint, […]

Phishing emails used to be easy to spot. Bad grammar. Weird links. Obvious scams. Those days are over. According to The Hacker News, a new generation of AI-powered phishing kits is making attacks smarter, faster, and much harder to resist. These tools automate phishing campaigns that once required highly skilled attackers weeks to plan and […]