We handle the security, compliance, and day-to-day technology so you can focus on your clients.
Serving the Washington, DC metro area since 1994.
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Attackers flood inboxes with spam, then call victims posing as IT support to deliver the Havoc command-and-control framework via DLL sideloading and social engineering.
Vibe-Coded Spam: AI Tools Are Making Phishing Emails Harder to Spot
AI-assisted “vibe coding” now lets spammers produce polished, visually convincing phishing emails with almost no technical skill — making traditional red flags like poor formatting far less reliable.
Starkiller Phishing-as-a-Service Platform Proxies Real Login Pages to Bypass MFA
A new phishing platform called Starkiller loads legitimate login pages through headless browsers, intercepting credentials and session tokens in real time to defeat MFA.
ShinyHunters Gang Targets Microsoft Entra Accounts with Device Code Vishing Attacks
The ShinyHunters extortion gang is combining voice phishing with OAuth device code flows to hijack Microsoft Entra accounts and bypass MFA.
CISA Flags Four Actively Exploited Vulnerabilities — Including a Chrome Zero-Day
CISA added four flaws to its Known Exploited Vulnerabilities catalog. A Chrome use-after-free and a critical Zimbra SSRF top the list. Patch now.
Citizen Lab: Cellebrite Used to Extract Data from Kenyan Activist's Phone in Police Custody
Citizen Lab found forensic extraction indicators on a seized Samsung phone belonging to a Kenyan pro-democracy activist. The case adds to a growing pattern of surveillance tool misuse.
Microsoft Copilot Bug Summarized Confidential Emails Despite DLP Policies
A code bug let Microsoft 365 Copilot read and summarize emails marked confidential — bypassing sensitivity labels and DLP policies since late January.
Bitwarden Adds Free Shared Vaults for Two Users
Bitwarden’s new Cupid Vault feature lets free-tier users securely share credentials with one other person — no more texting passwords.
Patch Tuesday: February 2026 — Six Zero-Days Already Under Attack
Microsoft’s February patch batch fixes 50+ vulnerabilities, including six zero-days actively exploited in the wild. Patch now.
AI Makes the Easy Part Easier and the Hard Part Harder
A developer’s take on the real tradeoff with AI coding tools: writing code was never the hard part, and skipping it makes the hard parts — reading, reviewing, and understanding — even harder.