harwoodlabs.hashnode.devManhunts and Missing the Point: Why Chasing Ransomware Kingpins Won't Save UsThe headlines write themselves: another ransomware leader on the run, another Red Notice issued, another Most Wanted poster circulated. This week brought news that Oleg Nefedov, the alleged mastermind behind Black Basta ransomware, joined the ranks o...Jan 19·7 min read
harwoodlabs.hashnode.devThe Reprompt Attack Isn't a Bug,It's AI Working Exactly as DesignedA new attack called "Reprompt" allows hackers to exfiltrate data from Microsoft Copilot with a single click. Security researchers are calling it a vulnerability. Enterprise security teams are scrambling to understand the risk. Microsoft patched it an...Jan 15·7 min read
harwoodlabs.hashnode.devThe Goldman-JPMorgan Breaches Prove Enterprise Security Is Built on a LieWhen JPMorgan Chase disclosed that client data was compromised through their law firm's breach , following Goldman Sachs' similar admission just weeks earlier , most cybersecurity professionals focused on the wrong question. They asked: "How do we be...Jan 15·7 min read
harwoodlabs.hashnode.devWe're Teaching AI Agents to Be Perfect AttackersThe security industry has spent decades building defensive models around a simple premise: humans are the weakest link. We've constructed elaborate frameworks to limit what users can access, when they can access it, and how their actions are logged. ...Jan 14·7 min read
harwoodlabs.hashnode.devThe ServiceNow Vulnerability Reveals Why Enterprise AI Is a Security Time BombServiceNow just patched a vulnerability that should terrify every CISO. Not because it was particularly sophisticated,it wasn't. Not because it exploited some cutting-edge AI weakness,it didn't. What makes CVE-2025-12420 terrifying is how it reveals ...Jan 14·9 min read