%term

If You're Worried About Mythos, Your Security is Broken #infosec #alert

Apr 28, 2026 By Razorthorn Security In Razorthorn

This episode looks at what happens when AI starts finding vulnerabilities at scale, restricted access creates market imbalance, and security teams struggle to keep pace. It covers fragile infrastructure, bug brokers, overloaded analysts, CISO fear, and the growing sense that cyber defence is entering a faster and harsher era.

View Video

Razorthorn

AI
Security

Read more about If You're Worried About Mythos, Your Security is Broken #infosec #alert

Todd's Tenth Rule of certificate automation

Apr 28, 2026 By Todd H. Gardner In CertKit

I’m an old engineer at heart. Many of my ideals were formed by Joel’s Things You Should Never Do, Fred’s No Silver Bullet, and Brian’s Big Ball of Mud. One of my favorites was Greenspun’s Tenth Rule: The joke isn’t really about programming languages. It’s about a pattern: certain problems have a shape, and no matter how you approach them, you end up building the same solution, in the same order, until you arrive at the same messy place.

Read Post

CertKit

Read more about Todd's Tenth Rule of certificate automation

System Prompts Are Not Security Controls: A Deleted Production Database Proves It

Apr 28, 2026 By Chris Hughes In Zenity

On April 25th, a Cursor AI coding agent running Anthropic's Claude Opus 4.6, one of the most capable models in the industry, deleted the production database for PocketOS, a software platform used by car rental businesses across the country to manage their entire operations. The deletion took 9 seconds.

Read Post

Zenity

Read more about System Prompts Are Not Security Controls: A Deleted Production Database Proves It

How to Evaluate Security Tools for the Software Supply Chain

Apr 28, 2026 By Natalie Tischler In Veracode

Engineering teams today face a dual mandate: ship high-quality features faster while keeping the underlying infrastructure secure. As development velocity increases, so does the complexity of the tools, libraries, and third-party components that make up your applications. The challenge? Your application’s security is now tied to a vast supply chain of code you didn’t write.

Read Post

Veracode

Read more about How to Evaluate Security Tools for the Software Supply Chain

Most Critical Infrastructure is Held Together by Sticky Tape

Apr 28, 2026 By Razorthorn Security In Razorthorn

The fear is not only what advanced AI can do, it is what it can do to brittle systems already running on neglect and compromise. When critical infrastructure is patched together with ageing controls and restricted tools land in a few powerful hands, the imbalance gets worse fast.

View Video

Razorthorn

Read more about Most Critical Infrastructure is Held Together by Sticky Tape

Mandatory Cyber Incident Reporting Arrives in 2026: What It Means for Businesses and How to Prepare

Apr 28, 2026 By Claire Tennant In Device Authority

This year marks a pivotal shift in global cybersecurity regulation. Mandatory cyber incident reporting is no longer a recommendation—it is a legal obligation. Across major jurisdictions, regulations such as the EU’s Cyber Resilience Act (CRA), the NIS2 Directive, and the U.S. Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) are introducing strict reporting timelines, expanded scope, and significant penalties for non-compliance.

Read Post

Device Authority

Read more about Mandatory Cyber Incident Reporting Arrives in 2026: What It Means for Businesses and How to Prepare

Detection Engineering with LimaCharlie and Claude Code

Apr 28, 2026 By Daniel Ballmer In LimaCharlie

Detection engineering is fundamentally a translation problem: rules need to be converted between formats, IOCs need to be converted into detection logic, and noisy alerts need to be converted into precise suppressions. That translation work is what consumes analyst time, and it's what Claude Code handles well.

Read Post

LimaCharlie

Read more about Detection Engineering with LimaCharlie and Claude Code

Patch management best practices: An enterprise guide

Apr 28, 2026 By Tanium In Tanium

Effective patch management requires a structured process of inventorying assets, prioritizing vulnerabilities by risk, testing fixes before broad deployment, and automating rollout: steps that collectively help narrow the window between a vendor's patch release and active exploitation across enterprise systems.

Read Post

Tanium

Read more about Patch management best practices: An enterprise guide

SMB Risks, AI, and Regional Realities with Paul Harris - The 443 Podcast - Episode 368

Apr 28, 2026 By WatchGuard Technologies In WatchGuard

This week on the podcast, Marc and Corey sit down with Paul Harris, CEO of BGLA and Futurity Corp at WatchGuard's Impact Partner Conference in Tulum, to explore the evolving cybersecurity landscape across Latin America. Paul shares his journey from early days in cybersecurity to leading organizations in the region, while breaking down the biggest concerns facing LATAM SMBs today. The conversation also covers how AI is reshaping cybersecurity, the challenges of securing partners across diverse markets, and practical advice for business leaders looking to stay ahead of cyber risk in LATAM.

View Video

WatchGuard

Read more about SMB Risks, AI, and Regional Realities with Paul Harris - The 443 Podcast - Episode 368

Why 75%+ of Enterprises Admit They Can't Secure Their Non-Human Identities

Apr 28, 2026 By The Apono Team In Apono

Security teams are losing the battle to secure non-human identities (NHIs) for one simple reason: machine identities are now created inside the systems that ship software. They appear in CI/CD pipelines, Kubernetes workloads, SaaS integrations, and AI-driven workflows faster than central IAM teams can inventory or review them.

Read Post