News

The US government shutdown is estimated to result in around 65% of CISA staff being furloughed, with fears that threat actors will exploit critical security gaps

The initial investigation shows early signs of links with the FIN11 and Clop cyber extortion groups

The Confucius cyber-espionage group has shifted its tactics from document-focused stealers to Python-based backdoors like AnonDoor

A new study by Zimperium has revealed serious risks in free VPN apps, exposing users to privacy threats and security flaws

Experts argued that the lapse of the Cybersecurity Information Sharing Act could have far-reaching consequences in US national cyber defenses

Forrester predicts agentic AI will be responsible for a major data breach in 2026

ENISA reveals phishing and vulnerability exploitation accounted for majority of intrusions in past year

His conclusion:

Context wins

Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest.

And if you’re on the inside you know what the applications do. You know what’s important and what isn’t. And you can use all that internal knowledge to fix things­—hopefully before the baddies take advantage.

Summary and prediction

1. Attackers will have the advantage for 3-5 years. For less-advanced defender teams, this will take much longer.
2. After that point, AI/SPQA will have the additional internal context to give Defenders the advantage.

LLM tech is nowhere near ready to handle the context of an entire company right now. That’s why this will take 3-5 years for true AI-enabled Blue to become a thing.

And in the meantime, Red will be able to use publicly-available context from OSINT, Recon, etc. to power their attacks.

I agree.

By the way, this is the SPQA architecture.

Broadcom has released security patches for critical flaws affecting several VMware products

A new campaign has been observed using malicious Windows shortcuts in credential-themed ZIP files to deploy PowerShell script