blog 2 Minutes

Breach of Confidence

I’ve spent the week watching people argue about whether AI will replace security analysts whilst ignoring the fact that most organisations still can’t tell you where their crown jewels are stored. Priorities remain wonderfully intact.

Broadcom’s Breakup Strategy

Allstate tried to leave VMware. Broadcom immediately audited them, then sued them for leaving during the audit. It’s the enterprise software equivalent of slashing your ex’s tyres because they dared to move house. You already paid for the gun, and now they’re charging you for the bullets.

https://arstechnica.com/information-technology/2026/07/allstate-accuses-broadcom-of-auditing-it-because-it-quit-vmware-ca

When CISA Gets Breached

CISA published a proper, granular account of how they handled their own incident. Rare to see this level of transparency from anyone, let alone the people telling everyone else how to do it. Worth reading if only to see what honesty looks like in an incident report.

https://www.cisa.gov/news-events/news/lessons-cisas-cyber-incident

The Espionage Love Triangle

Both China and India spent two years independently hacking the same Pakistani police force. Nothing screams geopolitical trust like needing to bypass your ally’s security to see what they’re actually up to. The digital equivalent of reading your mate’s diary whilst they’re in the loo.

https://www.securityweek.com/china-india-linked-hackers-both-targeted-same-pakistani-police-force

Apple’s Trust Model Takes a Beating

A standard user can now silently disable EDR, MDM, and every security agent on macOS without kernel access or triggering alerts. Apple’s code signing trust model just collapsed like a badly stacked Jenga tower. The assumption that only vendor software could talk to privileged processes? That was doing some heavy lifting.

https://xmcyber.com/blog/faind-my-xpc-breaks-a-key-trust-boundary

GRU University’s Quiet Success

Moscow’s been running a proper hacker academy under fake department names at Bauman University for years, feeding FancyBear with fresh talent. The really depressing bit isn’t that they’re doing it. It’s that it’s working perfectly, and everyone knew, and nothing changed.

https://vsquare.org/welcome-to-the-gru-university-where-moscow-turns-students-into-spies-and-hackers-bauman-stupakov/

Ghost Accounts Growing Up

Attackers are creating dormant GitHub accounts and letting them age gracefully before using them for reconnaissance. The patience required is genuinely impressive. It’s like ageing whisky, except the end result is a supply chain compromise instead of a nice evening.

https://thehackernews.com/2026/07/dormant-github-accounts-help-attackers.html

Everest’s Business Model

Everest ransomware encrypts your files, sells access to your network, and pays your employees to help. It’s a triple threat with the business model of a well-run consultancy. Part of me is disgusted. Another part cannot help but admire the operational efficiency.

https://cybersec.picussecurity.com/s/everest-ransomware-triple-threat-of-encryption-access-and-insiders-28566

Your AI Playbook Doesn’t Exist

71% of organisations have AI in production. 16% can actually govern it. Your incident response playbook doesn’t cover hallucinations, and you cannot patch a probability distribution. If you’re waiting for the perfect framework, you’ve already lost. Start building now.

https://www.csoonline.com/article/4196303/ai-incidents-need-a-new-playbook-heres-how-to-build-one.html

That’s your week. Same time next week, assuming the world hasn’t automated itself into a corner by then.

Reply to this email if something made you laugh or wince. I read them all, even the angry ones.