May 30 · 15 min read · Summary of the campaign The new attack campaign by threat actor group Storm-2949 has raised alarms about the risks of identity self-service features in cloud computing environments. By exploiting the
Join discussion
Apr 17 · 3 min read · Companies will spend $50,000 a year on a premium Identity Provider (IdP) tier, roll out an authenticator app to the entire org, and proudly declare themselves "unhackable" at the next board meeting. Then Kevin in Sales gets his password scraped by a...
Join discussionApr 13 · 3 min read · Working with clients who don’t have dedicated IT teams is one of the most challenging yet rewarding experiences in cybersecurity consulting. Without internal experts, every problem — from configuratio
Join discussion
Mar 23 · 17 min read · Audience: IT Pros Platform: Microsoft 365 Series: MFA & Conditional Access Part: 2 of 7 In Part 1 of this series, we looked at how AiTM phishing defeats MFA by stealing session cookies — and I menti
Join discussion
Mar 22 · 6 min read · In early March 2026, two events put MFA bypass back in the spotlight. Europol dismantled Tycoon 2FA — the world's largest phishing-as-a-service platform — while a new suite called Starkiller demonstrated that AitM phishing has evolved from a sophisti...
Join discussionMar 20 · 10 min read · You're an attorney. You went to law school to argue cases and advise clients, not to become a cybersecurity expert. But here's the reality: the ABA says you have an ethical obligation to understand th
Join discussion
