Utah's K-12 districts now have new cybersecurity requirements under HB 44. The Utah Cyber Alliance was built to help navigate what comes next. Our inaugural forum is May 29 in Draper. The bill's sponsor, a former university CISO, and the head of UEN are all in the room. Free for all government and education employees. Register: utahcyberalliance.org/events

Send this to your parents.

do you understand what just happened to Robinhood.. Someone sent a perfect phishing email - real domain, DKIM pass, SPF pass, DMARC pass and Robinhood's own servers delivered it. Here's the chain: → Gmail treats john.doe@ and johndoe@ as the same inbox → Attacker registers a NEW Robinhood account using the dot trick of YOUR email → Sets the device name to raw HTML code → Robinhood's "unrecognized activity" email renders it unsanitized The "Review Activity Now" button? Attacker's phishing site. The email? 100% real.. Sent by Robinhood.. Signed by Robinhood.. Just because it passed every security check doesn't mean it's safe.

🚨 BREAKING: Toronto Police just seized “SMS Blasters” fake cell towers never seen before in Canada. These portable devices hijack thousands of phones at once, blast fake bank/Canada Post texts, and knock out real service (even 911 calls). Tens of thousands of phones hit. Over 13 MILLION disruptions. Three men charged 🇨🇳 • Dafeng Lin, 27, of Hamilton • Junmin Shi, 25, of Markham • Weitong Hu, 21, of Markham This is next-level cyber crime on our streets. Stay alert. Never click surprise links. #Toronto #CyberCrime #ScamAlert

Some of the problem is that you only hear mostly about the attacks on big, publicly traded companies that can't hide. Small and medium sized companies are too embarrassed or don't want the fallout from disclosure. So, everyone thinks it won't happen to them. Until it does.

This is how SAT training should be. Our partner Beauceron is working on just that. @BeauceronSec

Here is a video of a North Korean IT worker being stopped dead in their tracks upon being required to insult Kim Jong Un. It won't work forever, but right now it's genuinely an effective filter. I'm yet to come across one who can say it.

Classic. I love it when a plan comes together. These scams cost over $300M a year.

NIST just launched an AI Agent Standards Initiative for identity, security, and interoperability. AI agents are becoming economic actors with zero legal infrastructure in place. We require businesses to register to operate. Why expect less of AI agents? nist.gov/news-events/news/20…

Treating your SD-WAN like 'set it and forget it' infrastructure? That assumption is being exploited right now. CISA confirmed active global exploitation of Cisco SD-WAN vulnerabilities -- including an auth bypass that requires *zero credentials*. A compromised controller isn't one device. It's your routing, your segmentation, your visibility. Three things to do today: 1. Confirm patch status on your SD-WAN controllers -- not your MSP's word, actual confirmation 2. Audit who has management-plane access and from where 3. If a third party manages this for you, ask for their patch cadence in writing

Patched the Ivanti EPMM zero-days and moved on? Stop. These backdoors survive patching -- meaning you may have locked an attacker *inside* your MDM. MDM owns every managed mobile device. Audit for compromise first, then patch. #CyberSecurity #MDM

Bargain time?

A Qilin ransomware gang breached Romania's national oil pipeline operator Conpet S.A., exfiltrating sensitive data and disrupting operations. The attack highlights the growing threat to critical infrastructure. Organizations can mitigate such risks by enforcing network segmentation, maintaining immutable backups, and implementing rapid incident‑response playbooks. Regularly patching systems and monitoring for anomalous privileged‑access activity are also essential. How are you strengthening defenses around your critical assets? For more details visit harborcoattech.com

A member of the Crazy ransomware gang was caught hijacking legitimate employee‑monitoring software and the SimpleHelp remote‑support tool. The abuse gave them persistent footholds in corporate networks, evaded detection and primed ransomware deployment. This highlights how trusted IT utilities can become a backdoor for attackers. Organizations should audit remote‑support access, enforce least‑privilege, and monitor for abnormal activity. How are you tightening controls on monitoring and support tools? harborcoattech.com

The EU Commission was hit by a hack at the end of January, targeting its mobile device management system. Attackers likely leveraged two fresh Ivanti Endpoint Manager Mobile flaws (CVE‑2026‑1281, CVE‑2026‑1340) to steal employee names and phone numbers, though no devices were compromised. The agency sealed the breach in nine hours, underscoring the value of rapid incident response and strict Zero‑Trust controls. Patch management and continuous monitoring are now non‑negotiable. How are you hardening your supply‑chain and MDM stack? More details at harborcoattech.com

A Phorpiex botnet‑aided phishing campaign is using malicious Windows shortcut (.lnk) files to drop the offline‑only Global Group ransomware. The LNK payload silently runs PowerShell, pulls the encryptor and encrypts files locally, sidestepping network‑based detection. Experts urge disabling hidden extensions, tightening LNK execution policies, and boosting endpoint behavior monitoring to spot the rapid encryption. How are you strengthening your endpoint defenses? harborcoattech.com

Today BeyondTrust disclosed a critical RCE vulnerability in its Remote Support and Privileged Remote Access tools that lets unauthenticated attackers execute code on any managed endpoint. The bug scores high on CVSS and affects every organization using the platform for remote assistance. Rapid patching and network segmentation are the first lines of defense, while continuous monitoring can spot any surprise command execution. Have you verified your remote support stack is up‑to‑date? More details at harborcoattech.com

BridgePay, a major U.S. payments gateway, confirmed a ransomware strike that knocked key systems offline Friday, sparking a nationwide outage across its platform. Attackers encrypted transaction databases, halting card processing for merchants east of the Mississippi. Experts say robust backups, network segmentation, and real‑time anomaly monitoring can limit damage. As the industry races to restore services, organizations are re‑evaluating their incident‑response playbooks. How are you protecting your payment infrastructure? More details at harborcoattech.com