![[BREACH] The Extension Had the Keys](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/zzz.png)
breach
[BREACH] The Extension Had the Keys
The plugin had keys. A VS Code extension sat beside repos, tokens, terminals, and AI configs. That is not just productivity. That is inherited access.
browser
![[FORECAST] Device-Bound Sessions Are Coming. Defaults Are the Hard Part.](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/z-2.png)
forecasts
[FORECAST] Device-Bound Sessions Are Coming. Defaults Are the Hard Part.
“Secure by default” sounds great until it meets BYOD, VDI, federated SSO, and the help desk exception list from hell. Device-bound sessions help. Waiting for every SaaS vendor to flip the default is not a strategy.
browser
The Evolving Threat Landscape of Malicious Browser Extensions
Malicious browser extensions have long been a significant threat, exploiting the widespread use of web browsers to steal data, inject ads, hijack browser settings, and install additional malware...