A public tender from Sogei seeking COBOL programmers exposes a deeper issue: critical legacy systems still run modern economies. When knowledge disappears and governance lags behind, outdated environments become prime targets for phishing-driven takeovers. The real risk is not COBOL itself, but unmanaged identity and uncurated trust layered on aging infrastructure.
AI agents behave like users but are governed with static credentials and fragmented visibility. A technical analysis of identity drift, phishing risk, and why current IAM models are inadequate.
A backend misconfiguration exposed millions of API keys, session tokens, and user emails in plain sight. What developers missed, attackers found in minutes. This is what happens when novelty outruns fundamentals.
Cybersecurity didn’t fail because attackers evolved faster. It failed because many of our assumptions stopped being questioned. Rethink Month opens with a reflection on trust, habit, and why real security progress starts by challenging what feels “normal.”
Zombie identities are accounts and tokens that simulate real users long after their purpose is gone. This technical deep dive explains how they emerge in code, why they break recovery, and how attackers abuse them.
JWT audience confusion allows valid tokens to be reused across services, breaking identity boundaries without breaking cryptography. A technical, experience-driven analysis of how this happens in real systems.
A personal reflection on social engineering, human behavior, and identity in the age of AI, drawing from real-world experience and behavioral analysis to explain why understanding people still matters more than understanding machines.
Man-in-the-middle attacks persist not because of weak networks, but because developers trust code paths, certificates, and assumptions that are never properly curated. A technical deep dive into real MITM failure modes.
A personal reflection from years in offensive security on how recovery, community, and honest conversations have become more important than perfect defenses in modern cybersecurity.
Malicious browser extensions silently exfiltrate identity data, sessions, and chats while bypassing traditional security controls. This technical deep dive shows how they work and why recovery plans ignore them.
