All Articles

One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain.

A new study found that many commercials VPNS are (often surreptitiously)

By Byron V. Acohido

SAN FRANCISCO — The first rule of reporting is to follow the tension lines—the places where old assumptions no longer quite hold. Related: GenAI disrupting tech jobs

I’ve been feeling that tension lately. Just arrived in the City

Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones.

Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information:

• Res

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking hel

By Byron V. Acohido

SAN FRANCISCO — The cybersecurity industry showed up here in force last week: 44,000 attendees, 730 speakers, 650 exhibitors and 400 members of the media flooding Moscone Convention Center in the City by the Bay. Related: RSAC 20

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for

The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer ve

My article on Help Net Security highlighting how the banking industry is leveraging their powerful lobbying groups to try and undermine the U.S. Securities and Exchange Commission 4-day cybersecurity reporting rule, which has been in place for over a

Banking industry lobbyists are pressuring the SEC to gut the four-day breach disclosure rule — an essential safeguard for shareholders and potential victims. Their arguments are misleading, self-serving, and designed to protect profits over public tr

In the world of cybersecurity leadership, resource allocation is far from a simple budgeting exercise. It is a strategic chess game where every move has a price, and the consequences of each decision resonate across systems, teams, and risk landscape

Russia is one of the most aggressive nations when it comes to state coordinated cyberattacks — and Ukraine has been at the center of their crosshairs for 3 years. This report, provided the State Service of Special Communications and Information Prote

As cryptocurrency becomes more popular and the adoption rises, we see a related increase in the number of cybercrimes, fraud, and malware schemes. Criminals like to hunt and plunder where there is money! If you hold cryptocurrency or are using Web3 p

Gemini imagines RSA 2025 (very tame!)

Ah, RSA. That yearly theater (Carnival? Circus? Orgy? Got any better synonyms, Gemini?) of 44,000 people vaguely (hi salespeople!) related to cybersecurity … where the air is thick with buzzwords and the v

Top 10 posts with the most lifetime views (excluding paper announcement blogs, Medium posts only):

1. Security Correlation Then and Now: A Sad Truth About SIEM
2. Can We Have “Detection as Code”?
3. Detection Engineering is Painful — and It Shouldn’t Be (

Another big healthcare sector data breach, impacting 480 thousand Catholic Health patients. Their 3rd party vendor Serviceaide is the root cause of this exposure.

This is the latest in many healthcare data breaches this year! Year-to-Date we are at a