I built a free, interactive Cloud Security Posture Scorecard and I want you to use it. One of the most common gaps I see isn't a lack of tools.Teams don't always know what to check, where to check it, or why it matters. So I built something to fix that. It's nothing crazy . its straightforward consisting of specific controls I have seen most people have issues with. That are also really important and a good foundation for a secure cloud environment. The Cloud Security Posture Scorecard is a free, interactive self-assessment tool that walks you through 36 security controls across 6 domains Identity & Access, Network Security, Data Protection, Compute, Logging & Monitoring, and Governance. What makes it different: ✅ Works for Azure, AWS, and GCP select your provider and get platform-specific verification steps for every single control ✅ No fluff every control tells you exactly where to go in your console to verify it ✅ Weighted scoring not all controls are equal. MFA and SIEM are weighted higher than tagging standards. The score reflects real risk ✅ No account needed, no data collected open it, assess your environment, close it Whether you're a cloud engineer doing a quick gut check, a security practitioner preparing for an audit, or a manager trying to understand your team's posture this tool was built for you. Try it here cloud-security-scorecard.ver… Coming in the next release: PDF Report Export: generate a full assessment report you can hand to your CISO or auditor Evidence Collection : document what you found for each control, creating an audit-ready paper trail behind every pass/fail More features in the pipeline. I hope this could be something helpful for you. Drop your feedback in the comments what would make this more useful for your team? #CloudSecurity #CyberSecurity #Azure #AWS #GCP #Security #CSPM #BlueTeam #Amazon #google #Microsoft #cybersecurity #cloud #posture

Whether you use Microsoft Azure , Google GCP or Amazon AWS I've got you covered.

Update on the Cloud Security Posture Scorecard new features have been added. I previously shared a free interactive security assessment tool for Azure, AWS, and GCP. Here's what's new: Compliance Mapping: every control is now mapped to SOC 2, ISO 27001, HIPAA, and PCI-DSS. Switch to the Compliance tab and instantly see your gap analysis per framework which clauses are at risk based on your failed controls. Remediation Guidance: the tool no longer just tells you what's wrong. For every failed control it now gives you step-by-step instructions on how to fix it, with exact console paths and CLI commands specific to your cloud provider. Evidence Collection: Document what you found for each control directly in the tool. Paste console output, note policy names, flag exceptions. Everything gets captured against the control it belongs to. PDF Report Export: Generate a full assessment report in one click. Cover page with your overall score, category breakdown, control-by-control findings with your notes, and a prioritized remediation list sorted by risk weight. Something you can actually hand to a CISO or auditor. Assessor Info: Stamp the report with your name, organization, and assessment date. Still free. Still no account required. Still no data collected. More features in the pipeline. What would you add? #CloudSecurity #CyberSecurity #Azure #AWS #GCP #CSPM #SOC2 #ISO27001 #BlueTeam #SecurityArchitecture #engineering #posture #management

I built a free, interactive Cloud Security Posture Scorecard and I want you to use it. One of the most common gaps I see isn't a lack of tools.Teams don't always know what to check, where to check it, or why it matters. So I built something to fix that. It's nothing crazy . its straightforward consisting of specific controls I have seen most people have issues with. That are also really important and a good foundation for a secure cloud environment. The Cloud Security Posture Scorecard is a free, interactive self-assessment tool that walks you through 36 security controls across 6 domains Identity & Access, Network Security, Data Protection, Compute, Logging & Monitoring, and Governance. What makes it different: ✅ Works for Azure, AWS, and GCP select your provider and get platform-specific verification steps for every single control ✅ No fluff every control tells you exactly where to go in your console to verify it ✅ Weighted scoring not all controls are equal. MFA and SIEM are weighted higher than tagging standards. The score reflects real risk ✅ No account needed, no data collected open it, assess your environment, close it Whether you're a cloud engineer doing a quick gut check, a security practitioner preparing for an audit, or a manager trying to understand your team's posture this tool was built for you. Try it here cloud-security-scorecard.ver… Coming in the next release: PDF Report Export: generate a full assessment report you can hand to your CISO or auditor Evidence Collection : document what you found for each control, creating an audit-ready paper trail behind every pass/fail More features in the pipeline. I hope this could be something helpful for you. Drop your feedback in the comments what would make this more useful for your team? #CloudSecurity #CyberSecurity #Azure #AWS #GCP #Security #CSPM #BlueTeam #Amazon #google #Microsoft #cybersecurity #cloud #posture

Just got a traditional slab phone again and I do miss this aspect ratio little. I kind of would like the Galaxy Fold 8 ultra to similar to this when not.folded. doesn't have to be this wide but wider. #Samsung #s26

GitHub Disables 73 Microsoft Repositories Following Supply-Chain Malware Attack Microsoft temporarily removed 73 repositories across its Azure, Microsoft, Azure-Samples, and MicrosoftDocs GitHub organizations after detecting the potential distribution of malicious code. The incident was contained in just 105 seconds, but it highlights how quickly a software supply-chain compromise can impact thousands of developers and CI/CD pipelines. Researchers have linked the activity to the ongoing Miasma / Shai-Hulud campaign, a sophisticated supply-chain threat that targets developer ecosystems, AI tooling, package repositories, and CI/CD environments. Evidence suggests a previously compromised Microsoft repository, durabletask, may have been leveraged as part of the attack chain. Why this matters This wasn't just malware hidden in a random repository. Modern software pipelines are built on trust: GitHub Actions Open-source dependencies CI/CD workflows Cloud deployment credentials AI coding assistants and SDKs Once attackers compromise a trusted repository, they can potentially: Steal GitHub Personal Access Tokens (PATs) Harvest cloud credentials and API keys Access CI/CD secrets Inject malicious code into downstream software builds Move laterally into enterprise environments through developer workstations The bigger trend The Shai-Hulud malware family has been associated with attacks against: GitHub repositories npm packages PyPI packages AI developer tools and SDKs The objective is increasingly shifting from targeting end users to targeting developers and software supply chains, where a single compromise can cascade into thousands of downstream environments. Security lessons for organizations ✅ Enforce MFA and phishing-resistant authentication for all code repositories ✅ Use GitHub secret scanning and dependency scanning ✅ Rotate credentials immediately after suspected exposure ✅ Limit GitHub Actions permissions using least privilege ✅ Pin actions and dependencies to verified versions instead of latest tags ✅ Monitor repositories for unauthorized workflow or package changes ✅ Treat CI/CD infrastructure as Tier-0 assets This incident is another reminder that the next major breach may not start with a firewall exploit or phishing email it may start with a trusted open-source dependency or compromised GitHub Action. #CyberSecurity #GitHub #SupplyChainSecurity #DevSecOps #CloudSecurity #Azure #GitHubActions #ThreatIntelligence #SoftwareSupplyChain #OpenSourceSecurity #CI_CD #Miasma #ShaiHulud

The Dangers of Easily Phishable Multifactor Authentication (MFA) • While multifactor authentication (MFA) is crucial for protecting valuable information, the majority of MFA solutions used today are easily compromised, offering little more protection than passwords. • Many MFA methods are vulnerable to phishing attacks, where users are tricked into visiting malicious websites that capture their credentials and MFA codes through man-in-the-middle proxy services. • Attacks can also involve social engineering tactics, such as tricking users into approving unauthorized login requests via push notifications or convincing them to download malware that steals MFA codes. • Despite the effort and expense involved in implementing MFA, its effectiveness is significantly diminished if the solution itself is easily phishable. • Hackers are rapidly adapting to the widespread use of MFA, with automated programs and bots now routinely bypassing these security measures. • The U.S. government, through NIST guidelines and presidential executive orders, has advised against using easily phishable MFA methods like SMS-based, voice call-based, one-time codes, and push notifications since 2017. • It is imperative for individuals and organizations to prioritize and demand phishing-resistant MFA solutions, educate users on the risks, and pressure vendors to improve their security offerings. blog.knowbe4.com/do-not-use-…

Active Exploitation Alert: Palo Alto GlobalProtect VPN Authentication Bypass (CVE-2026-0257) Attackers are actively exploiting a vulnerability in Palo Alto GlobalProtect VPN that allows unauthorized access to corporate networks by bypassing authentication. Originally rated Medium, the flaw was upgraded to High Severity after real-world exploitation was confirmed. Attackers can forge authentication override cookies when the same certificate is used for both HTTPS services and authentication overrides. Successful exploitation can allow unauthorized VPN access, potentially giving threat actors a foothold inside enterprise environments. Exploitation activity has been observed since May 17, 2026. CISA has ordered federal agencies to mitigate the vulnerability by June 1, 2026. Recommended Actions: Apply the latest PAN-OS security updates immediately. Disable the authentication override feature if not required. Use a dedicated certificate for authentication override instead of reusing the VPN HTTPS certificate. Review VPN logs for suspicious authentication activity and unexpected remote access sessions. This is another reminder that convenience features like authentication overrides can become high-impact attack paths when certificate management and segmentation controls are overlooked. #CyberSecurity #PaloAlto #GlobalProtect #CVE20260257 #ThreatIntel #InfoSec #BlueTeam #NetworkSecurity #CyberDefense

Japan is quietly building what could become the future of air travel. 🇯🇵✈️ JAXA just completed a Mach 5 hypersonic engine test fast enough to theoretically fly from Tokyo to New York in under 2 hours. That’s nearly 3x faster than the planned speed of Boom’s “new Concorde.” If this becomes commercially viable, it won’t just change travel… it could completely reshape business, military logistics, and global economics. The next major technological race may not be AI. It may be speed. luxurylaunches.com/travel/ja…

Yesterday, @bitwarden/cli version 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign. The malicious package was live on npm for approximately 93 minutes between 5:57 PM and 7:30 PM ET on April 22nd before Bitwarden identified and pulled it. Ninety-three minutes. That's all it took. Threat actors exploited a GitHub Actions workflow inside Bitwarden's own CI/CD pipeline. They injected malicious code into a file called bw1.js, which executed on package install and immediately began harvesting: • GitHub and npm authentication tokens • SSH keys and environment variables • Shell history and cloud credentials • GitHub Actions secrets from every pipeline the compromised token could reach Exfiltrated data was encrypted and committed to attacker-controlled GitHub repositories using GitHub itself as a C2 channel, because traffic to github.com typically doesn't raise flags in security tooling. Clever, and deeply concerning. They compromised the GitHub Actions workflow upstream of it, then let the trusted mechanism do the publishing for them. The security control worked exactly as designed. The attack happened one layer above it. And because Bitwarden CLI is deeply embedded in developer environments for secrets injection and automated deployments, a single developer with the affected version installed could become the entry point for a cascading supply chain compromises Bitwarden confirmed no end-user vault data was accessed steps to take: 1. Remove @bitwarden/cli@2026.4.0 immediately from all developer systems and build environments 2. Rotate every credential that may have been exposed GitHub tokens, npm tokens, SSH keys, cloud credentials, CI/CD secrets 3. Downgrade to v2026.3.0 or use official signed binaries directly from Bitwarden's site 4. Audit GitHub repos for unauthorized workflow files under .github/workflows/ and look for Dune-themed repository names (yes, really the malware had a Dune branding theme) 5. Review CI/CD logs for unusual workflow runs or unexpected artifact downloads Bigger picture for security leaders: This is part of a broader campaign that has already hit Trivy, Checkmarx, and LiteLLM since March 2026. The attack surface isn't the password manager. It's the developer toolchain the implicit trust we place in the build pipeline itself. We spend enormous energy securing what runs in production. This attack reminds us that the pipeline building that code is equally in scope. Pin your package versions. Audit your GitHub Actions permissions. Treat your CI/CD environment like the production surface it effectively is. #CyberSecurity #SupplyChainSecurity #DevSecOps #CISOInsights #npm #GitHub #BitwardenCLI #ThreatIntel #CloudSecurity #github

Update on the Cloud Security Posture Scorecard new features have been added. I previously shared a free interactive security assessment tool for Azure, AWS, and GCP. Here's what's new: Compliance Mapping: every control is now mapped to SOC 2, ISO 27001, HIPAA, and PCI-DSS. Switch to the Compliance tab and instantly see your gap analysis per framework which clauses are at risk based on your failed controls. Remediation Guidance: the tool no longer just tells you what's wrong. For every failed control it now gives you step-by-step instructions on how to fix it, with exact console paths and CLI commands specific to your cloud provider. Evidence Collection: Document what you found for each control directly in the tool. Paste console output, note policy names, flag exceptions. Everything gets captured against the control it belongs to. PDF Report Export: Generate a full assessment report in one click. Cover page with your overall score, category breakdown, control-by-control findings with your notes, and a prioritized remediation list sorted by risk weight. Something you can actually hand to a CISO or auditor. Assessor Info: Stamp the report with your name, organization, and assessment date. Still free. Still no account required. Still no data collected. Try it here → cloud-security-scorecard.ver… More features in the pipeline. What would you add? #CloudSecurity #CyberSecurity #Azure #AWS #GCP #CSPM #SOC2 #ISO27001 #BlueTeam #SecurityArchitecture #engineering #posture #management

Big Step Forward for Syria's Telecom Sector Syria has achieved a major milestone in its digital recovery: MTN Syria successfully completed the country's first VoLTE (Voice over LTE) call in Damascus. This new technology brings high-definition voice calls over 4G networks, allowing users to enjoy crystal-clear conversations while continuing to browse the internet, use apps, or stream data without dropping to older 2G/3G networks. The trial, supported by the Ministry of Communications and Information Technology, uses advanced IMS platforms and demonstrates Syria's commitment to modernizing its infrastructure amid post-war reconstruction.This progress comes despite external pressures. In February 2026, the US warned Syrian officials against heavy reliance on Chinese telecom equipment, citing security concerns and encouraging alternatives from the US or allied countries. Yet Huawei technology already powers more than 50% of the infrastructure for both Syriatel and MTN. At the same time, Syria is moving forward with an international tender for a new 20-year mobile operator license to replace MTN Syria (following MTN Group's planned exit). This aims to attract fresh investment, improve nationwide coverage (especially in rural areas), and boost overall service quality. How This Helps Syria's Technological Development:Better User Experience: VoLTE delivers superior call quality, faster connection times, and seamless data voice usage — a big upgrade for everyday Syrians, businesses, and remote communities. Network Efficiency: It helps optimize spectrum use and prepares the ground for future 5G rollout, reducing reliance on outdated infrastructure. Economic Growth: Modern telecom is essential for digital services, e-commerce, education, healthcare (telemedicine), and job creation in the tech sector. As part of broader reconstruction, these upgrades can support regional connectivity projects and attract more investment. Resilience & Sovereignty: By advancing with available technology while opening tenders for new operators, Syria is building a more robust, future-proof digital foundation even as it navigates geopolitical challenges and seeks vendor diversity. Syria's telecom sector is rebuilding after years of conflict, and steps like this show real momentum toward a more connected "New Syria." What do you think is rapid modernization the priority, or should external pressures influence tech choices more?Sources (for transparency):VoLTE launch ceremony: Syrian media & official announcements (e.g., Levant24, SANA reports) US warning: Reuters (Feb 26, 2026) "Washington presses Syria to shift from Chinese telecom systems" Huawei infrastructure share: Reuters reporting Mobile license tender: Reuters & SANA (March 2026 announcements at MWC Barcelona) #Syria #telecom #Huawei #4g #5g #technology #Damascus

I have also included steps to verify the control #cloudsecurity #security #azure #aws #gcp #google #amazon #microsoft

Adobe dropped emergency patches for CVE-2026-34621 a critical Acrobat Reader zero-day (CVSS 8.6) being actively exploited in the wild. Patch it now if you haven't. This same week, a North Korea-linked threat actor compromised Axios, a widely-used npm developer tool, as part of a software supply chain attack. OpenAI's macOS app signing certificates were affected forcing a full certificate rotation across their application stack. Two separate incidents. One shared lesson. 𝗧𝗵𝗲 𝗿𝗲𝗮𝗹 𝗿𝗶𝘀𝗸 𝗶𝘀𝗻'𝘁 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗯𝘂𝗶𝗹𝘁 𝗶𝘁'𝘀 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝘁𝗿𝘂𝘀𝘁𝗲𝗱. We spend a lot of time thinking about crown jewels and internal controls. But adversaries especially nation-state actors have shifted their focus upstream. They're not kicking in the front door. They're walking in through your vendors, your dev tools, your open-source dependencies. Three things every security team should be doing right now: 1. Patch Acrobat Reader enterprise-wide and verify your vulnerability management process caught this before you read it here 2. Audit your software supply chain which npm packages, SaaS tools, and build dependencies have privileged access to your systems or code signing pipeline? 3. Treat third-party developer tools as a threat surface, not just a productivity layer CrowdStrike's 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant's M-Trends shows adversary hand-off times collapsing to 22 seconds. Offense is accelerating. Detection logic alone won't save you. Architect for compromise assume one of your trusted tools is already being weaponized. #Cybersecurity #SecurityArchitecture #CISSP #SupplyChainSecurity #ThreatIntelligence #ZeroDay #PatchManagement #adobe #Axios

Storm Infostealer: The Threat That Bypasses MFA and Evades Your Endpoint Security A new infostealer called "Storm" emerged in early 2026 and it's not your typical credential harvester. For under $1,000/month, threat actors get a sophisticated-as-a-service platform that fundamentally changes how credential theft works. What makes Storm different? Traditional infostealers decrypt stolen data locally on the victim's machine giving endpoint security a fighting chance to catch it. Storm flips this entirely. Decryption happens server-side on the attacker's infrastructure completely out of reach of your EDR/AV tools. This means: → Browser credentials, session cookies, and crypto wallets are exfiltrated → Chrome's App-Bound Encryption? Bypassed → Stolen Google Refresh Tokens SOCKS5 proxies = authenticated sessions restored remotely → MFA? Effectively bypassed, attackers inherit your already-authenticated session → Messaging apps (Telegram, Signal, Discord) are also targeted → Operates entirely in-memory to minimize forensic footprint The infrastructure is built for resilience operators run their own VPS nodes connected to Storm's central servers, making takedowns extremely difficult. How to Mitigate Storm-Class Threats This isn't just an endpoint problem. It's an identity and session security problem. Here's your defense framework: 1. Phishing-Resistant MFA Deploy FIDO2/Passkeys wherever possible. Session token theft doesn't help attackers if they can't pass hardware-bound authentication challenges. 2. Continuous Session Validation Implement token binding and re-authentication policies for sensitive SaaS/cloud actions especially privileged operations. Zero Trust principles apply here. 3. Device Trust & Conditional Access Enforce compliant/managed device policies. Stolen session tokens replayed from an unknown device should trigger step-up authentication or be blocked outright. 4. Browser Isolation & Hardening Consider enterprise browser solutions or browser isolation platforms that prevent credential exfiltration at the browser layer. 5. Threat Intel & Dark Web Monitoring Storm uses a tiered subscription model with automated credential labeling. Your stolen creds may be prioritized before you even know you're compromised. Invest in early warning capabilities. 6. User Awareness Storm is likely delivered via phishing or malvertising. Your human layer remains the first line of defense. The evolution from local-decrypt to server-side-decrypt infostealers represents a paradigm shift in attacker tradecraft. Endpoint security alone is no longer sufficient. Your identity fabric, session management, and Zero Trust controls are now your primary battleground. #cybersecurity #browser #chrome #cookies #data #edr #mfa #phishing #chrome #tokens 🔗 More information via BleepingComputer: lnkd.in/gRDnJWF3

I'm really liking one ui 8.5 on the Samsung Galaxy Z fold 7 Let's see what this update brings

One ui 8.5 beta on Samsung Galaxy Z fold 7

New Android Malware Alert A newly discovered Android malware called BeatBanker is impersonating the Starlink app on fake Google Play Store sites and it's one of the more sophisticated mobile threats I've seen in a while. Here's what makes this one worth paying attention to: It's a triple threat: 1. Banking trojan steals credentials and hijacks crypto transactions 2. Full RAT capabilities via BTMOB keylogging, screen recording, camera/GPS access 3. Monero miner quietly draining your device's resources using a modified XMRig The evasion techniques are clever: To stay persistent, BeatBanker plays a nearly inaudible audio file on loop a creative abuse of Android's media services to avoid being killed by the OS. It also decrypts its payload in-memory and runs environment checks to detect sandbox/analysis tools before executing. The social engineering angle: Fake app stores mimicking Google Play are increasingly effective. Users searching for legitimate apps like Starlink are being redirected to malicious lookalike sites. This is a distribution vector that's scaling fast. Takeaways for defenders and users: 1. Only sideload APKs if you really know what you're doing 2. Monitor for unexpected audio service activity on managed devices 3. MDM policies restricting unknown sources remain critical 4. Educate your users the install vector here is 100% social engineering The combination of banking trojan RAT cryptominer in one payload tells me these threat actors are maximizing ROI per infected device. Expect more hybrid malware like this. More informarion below via BleepingComputer bleepingcomputer.com/news/se… #CyberSecurity #MobileSecurity #AndroidMalware #ThreatIntelligence #InfoSec #Malware #Android #google

A Simple Brute-Force Alert Just Exposed a Ransomware Infrastructure Sometimes the most routine alerts uncover the biggest threats. A standard RDP brute-force alert on an exposed server led Huntress’ Tactical Response Team to uncover a geo-distributed infrastructure tied to ransomware-as-a-service operations. Here’s how it unfolded: Initial Access A successful RDP login allowed the attacker to begin network enumeration, a common early-stage tactic in ransomware intrusions. Unusual Behavior Instead of the typical credential harvesting methods like LSASS dumping, the attacker searched for credentials inside files across the system. This anomaly triggered deeper investigation. Infrastructure Discovery Analysis of the attacking IP addresses revealed connections to Hive and BlackSuite ransomware operations. TLS & Domain Pivoting Investigating TLS certificates led to the discovery of a malicious domain: The domain resolved to a geo-distributed network of IPs using consistent naming conventions, a common tactic for resilient malicious infrastructure. Operational Support Services The infrastructure was linked to a suspicious VPN provider: The service advertises “0 logs”, making it attractive to ransomware operators looking to hide operational activity. Key Takeaway: A routine brute-force alert can easily be dismissed as noise. But when investigated properly, it can reveal the entire operational ecosystem behind modern ransomware campaigns. Detection isn’t just about stopping the intrusion. It’s about understanding the adversary’s infrastructure, tooling, and operational patterns. Sometimes the smallest alert leads to the biggest intelligence. #CyberSecurity #ThreatHunting #Ransomware #IncidentResponse #ThreatIntelligence #SOC

Microsoft Copilot had TWO security failures in 8 months and traditional security tools missed both of them. Incident 1 (Jan 2025 – CW1226324): Copilot ignored sensitivity labels for 4 weeks, accessing confidential emails from Sent Items & Drafts. NHS was among those affected. Incident 2 (June 2025 – EchoLeak / CVE-2025-32711): A zero-click critical vuln silently exfiltrated enterprise data bypassing multiple security layers without user interaction. Your EDR and WAF aren't designed to monitor AI retrieval pipelines. Copilot operates in a layer your current stack can't see. This is a design problem with RAG (Retrieval-Augmented Generation) AI agents process trusted and untrusted data together. That's structurally broken. What you should do NOW: Test DLP enforcement directly with Copilot don't assume it works. Block external content from Copilot's context window. Audit Microsoft Purview logs for anomalous AI interactions. Enable Restricted Content Discovery on sensitive SharePoint sites. Build IR playbooks for vendor-hosted inference failures. AI governance isn't a future problem. It's happening right now. #CyberSecurity #Microsoft365 #Copilot #AlRisk #DataProtection #DataGovernance #Microsoft #DLP