Filings tagged: Security
Practical thinking on security, infrastructure, and AI. No thought leadership for the sake of it.
-
The free security awareness campaign you didn't know existed
18 February 2026 · Security
The NPSA gives away a complete, professionally designed security awareness campaign kit. Posters, booklets, checklists, and a full starter guide. Most organisations don't know it exists.
-
Chrome's first zero-day of 2026 – update now, don't wait
17 February 2026 · Security Commentary
CVE-2026-2441 is actively being exploited in the wild. A use-after-free bug in CSS handling means a crafted webpage is all it takes. Push the update now.
-
Prompt injection is not the new SQL injection
16 February 2026 · AI Security Commentary
Schneier and co have reframed prompt injection as 'promptware' — a full 7-stage kill chain. The uncomfortable truth: LLMs can't distinguish instructions from data. This isn't a bug you can patch.
-
The first five minutes of incident response
15 February 2026 · Security
Containment over correctness, reversibility over impact, protecting state before touching services. What your first five minutes should actually look like.
-
Patch your text editors
11 February 2026 · Security Commentary
Notepad++ had its update service hijacked by state-sponsored attackers. Windows Notepad got a CVSS 8.8 command injection. Two editors, two attack vectors, same lesson.
-
Insecure defaults have a long half-life
10 February 2026 · Security Commentary
Global Telnet scanning dropped overnight in January 2026. Days later, a critical telnetd authentication bypass was disclosed. The protocol is old. The lesson is current.
-
What Cyber Essentials actually involves
7 February 2026 · Security
A plain-English walkthrough of the five Cyber Essentials controls, what the assessment looks like, and what it does and doesn't prove about your security.