[SIGNALS WEEKLY] Shifting Extortion Tactics and Fragile Software Supply Chains

The pipeline had keys. Nx Console and Megalodon are the same warning: your CI/CD workflow may be production access wearing YAML pajamas. CI/CD is not “just automation.”

[FORECAST] The next secret-stealing campaign may start with a tool you trusted

AI coding tools are becoming trusted middlemen. That gives defenders a new attack path to understand before it gets ugly.

[BREACH] The Extension Had the Keys

The plugin had keys. A VS Code extension sat beside repos, tokens, terminals, and AI configs. That is not just productivity. That is inherited access.

[SIGNALS WEEKLY] Tokens, Edges, and Exploits: Shifting Paths to Compromise

The token survived. npm packages, CI/CD runners, and edge boxes keep turning “contained” into “still owned.” The boring weakness became the breach path.

[GAME THEORY] AI-agent spoofing is becoming a claim-vs-proof problem

Known AI agents are becoming trusted traffic. The first defender move is finding claims without proof.

[FORECAST] The Threat Was Real. The Public Proof Probably Falls Short (Final: 2026-05-21)

The forecast likely resolves No, but the useful lesson is where Iran-linked operators still depend on access defenders can pressure.

[SIGNALS WEEKLY] Identity-First Intrusions and AI-Driven Attack Surface Shifts

The login was real. The control plane did the rest. Storm-2949 is the ugly part: one Entra ID identity can turn into SaaS theft and Azure abuse. Nobody owns this until incident day.

[PODCAST] ANALYST YELLS AT CLOUD

Get closer to the people who understand where threat actors are today — and where they are likely headed tomorrow.

[FORECAST] Iran-Linked Cyber Risk Is Real. The Evidence Bar Is Harder (Updated: 2026-05-14)

The forecast is 29%, but the operational risk is still worth preparing for this week.

[SIGNALS WEEKLY] Edge Access, False Flags, and Emerging AI Attack Surfaces

The edge box blinked. PAN-OS, Ivanti, Teams lures, ClickFix, AI agents. Different doors. Same ugly pattern: access keeps hiding in the plumbing. The boring surface became the breach path.

[FORECAST] Will Akira trigger a week-long hospital disruption by end of 2026? (Updated 2026-05-11)

We’re revising the Akira hospital disruption forecast down to 2%. The risk is real, but the question is narrower than it looks.

[FORECAST] Device-Bound Sessions Are Coming. Defaults Are the Hard Part.

“Secure by default” sounds great until it meets BYOD, VDI, federated SSO, and the help desk exception list from hell. Device-bound sessions help. Waiting for every SaaS vendor to flip the default is not a strategy.