Cybersecurity
An Attacker Quietly Read a Global Stock Exchange Executive’s Inbox for Five Months
For five months, an attacker silently read a senior executive’s Outlook mailbox at a major global stock exchange, exfiltrating in small batches through Dropbox and OneDrive. No CVE to hide behind. Five layers of defence were soft on the same endpoint, on both sides of the contract. The institution and its security vendor have questions to answer.
Claude Security and the Cyber Quadrilemma
Anthropic Claude Security is impressive; however, it is just one pillar of four. Config, Compliance, and Culture remain unbuilt. A Quadrilemma is only resolved when all four pillars stand.
Your AI Tool Doesn’t Know Who It’s Talking To. Neither Do You.
A free tool on GitHub silently swaps Anthropic's Claude Code for cheaper models, and the developer never knows. No hacking. No breach. Just a design gap with a track record. The AI client trusts whatever server it points at. That assumption is now the supply chain.
The Open Secret About How Cyber Practitioners Handle Secrets
Credentials are still scattered across developer machines, build pipelines, configuration files, and AI agent directories. Unaudited, unrotated, and unprotected. This article reflects my first-hand experience. Root cause, real exposure, and a practical path forward, for both leadership and engineering teams. And it makes the case for a board-and-management mandate on credential security management even more urgent.
Beyond the Market Noise — Rethinking Cybersecurity Vendor Landscape in 2026
When Anthropic launched Claude Code Security last week, cyber stocks fell sharply. The narrative that followed was predictable. This analysis looks beyond the market noise — at what the shift means for CrowdStrike, Okta, SailPoint, Zscaler, Wiz, and others, and how technology and security leaders should think about their vendor landscape in 2026.