RESEARCH
Part 1: Threat Actors Don't Pick You. You Just Happen to Be There.
There's this idea that floats around—usually in boardrooms and in forums—that advanced threat actors operate like surgeons. They pick a target, they plan it out, they execute. Super deliberate. Undeniably cinematic. It implies that a breach is something that happens ...
Cyber Compliance
Stop Getting Mad When Your Client Won’t Buy Compliance
You know the look. You explain how they need MFA, a risk assessment, documented policies, backups that actually restore… and your client stares back at you like you just recited the GDPR in ancient Greek. You leave the meeting frustrated. ...
“Fined Without a Breach?” Why the Wojeski $60,000 Penalty Matters—even if You Think You’re Small
You’ve seen two kinds of headlines after cyber incidents: (1) lawsuits and (2) regulatory enforcement. The recent $60,000 fine against Wojeski ...
New California Audit Law Just Put Your MSP on the Hook. Here’s How to Turn It Into Recurring Revenue
If your clients process sensitive data, your MSP is now part of the legal conversation. On July 24, 2025, California finalized new rules that require businesses processing high-risk personal information to undergo annual, independent cybersecurity audits. This isn’t just for ...
Cyber Liability
One Misconfigured AI Agent Can Impact Every Client You Manage
When One Action Hits Every Client, Governance Decides the Outcome Imagine a hypothetical that’s taught in law school every semester: A delivery driver abandons his route to join a drum circle for three days. On his way back, he causes ...
They Already Have an IT Department. Good. That’s Why You Should Call.
Last night I was at dinner with the CEO of an MSP. Good operator. Growing. Adding clients. Doing the work. We were walking around his town before dinner talking about the usual founder stuff. Processes. How to get people to ...
Agentic AI at the Edge: Opportunity, Autonomy & the Coming Legal Minefield
You’ve probably heard executives gush about autonomous AI agents, the shiny new productivity booster that can automate workflows faster than you can say “zero-trust.” But what they don’t hype is how agentic AI turns your cybersecurity playbook into an existential ...
Insurance & MSP Liability
The Clients You're Ignoring Are the Ones Who Will Sue You
I said something on stage at XChange last week that made a lot of people in the room uncomfortable. "Your smallest clients are your biggest risk." Not your enterprise accounts. Not the ones with complex environments and demanding SLAs. The ...
You’re Not Insured. You’re Just Hopeful.
So there I am, wrapping up a conference session—over 1,000 MSPs in the building—and one guy comes up clutching a fresh copy of Standardized like it’s a fire extinguisher in a server room. He’s nodding along, clearly rattled in all ...
Your MSP Carries More Risk Than a Magazine Stand—and That’s a Problem
Let’s talk about airport gift shops for a minute. You know the ones—tiny kiosks with $14 neck pillows, expired jerky, and three copies of Men’s Health no one’s ever going to read. Now, tell me—how much sensitive data do you ...
More Articles
Some Carrier Embedded Android Apps May Have Security Vulnerabilities
Recently, Microsoft reported high severity security vulnerabilities in multiple apps offered by large international mobile service providers. What makes this especially noteworthy is the fact that these vulnerabilities aren't app specific, but ...
Millions Of MySQL Server Users’ Data Found On The Internet
Do you maintain a MySQL server? If so, you're certainly not alone. What you may not know is that according to research conducted by The Shadowserver Foundation, (a cybersecurity research group) there ...
Hackers Are Using Personal Messages On WhatsApp To Attack
Are you a WhatsApp user? If so, be aware that hackers have worked out a means of hijacking a user's WhatsApp account and gaining access to a user's contact list and personal ...
Microsoft Releases Multiple New Features For Teams
Teams was "just another Microsoft application" before the pandemic. Thanks to Covid-19 though, demand for video conferencing solutions shot through the roof, and suddenly Teams found its groove. Microsoft had been gamely ...
Intel Users Should Update Firmware To Avoid This Ransomware
Not long ago, researchers at Eclypsium got a lucky break. An unknown and unidentified individual began leaking communications from inside the Conti ransomware organization. These leaked communications seemed to confirm what has ...
The Windows Follina Vulnerability Has A Temporary Fix
File this away under "good news, bad news." The bad news is that there's a new, critical zero-day threat to be concerned about. The threat has been dubbed 'Follina.' It is being ...
Microsoft Will Not Release Exchange Server Updates Until 2025
Are you planning on setting up an Exchange server soon or are you running one now? If so, be aware that Microsoft is changing their guidance when it comes to the technology ...
Enemybot Malware May Go Beyond DDOS Attacks
Unless you're an IT Security Professional, you may never have heard of EnemyBot. It is a bit like the Frankenstein of malware threats, a botnet that has borrowed code from multiple different ...
This Android Malware Is Stealing Login Credentials
If you're deeply involved in IT security, you may already be familiar with the ERMAC Android banking trojan. If this is the first time you're hearing of it, be aware that the ...
Screencastify Issue Could Allow Someone To Steal Recorded Videos
Are you one of the legions of users making use of the Screencastify Chrome extension? It's a fantastic Chrome extension that allows you to almost effortlessly create screencasts for a variety of ...
Update Google Chrome Soon To Fix Multiple Security Issues
Are you a Google Chrome user? If so, be aware that the company recently released a stable version of Chrome 102 and is urging all users of its browser to update right ...
General Motors Customer Data Leaked By Credential Stuffing Attacks
Do you own a Chevrolet, Buick, GMC, or Cadillac? If so, be aware that GM recently acknowledged that they fell victim to a credential stuffing attack a little over a month ago. ...
