Services About Insights Pricing Contact

Security Insights

Expert tips, industry trends, and practical advice to keep your business secure.

Token Theft: How Attackers Skip the Password and MFA With a Stolen Session
Business Security July 10, 2026

Token Theft: How Attackers Skip the Password and MFA With a Stolen Session

Token theft lets attackers log in as your employees without a password or MFA prompt. Infostealers exposed an estimated 1.8 billion credentials and billions of session cookies in 2025. Here's how it works and how to reduce the risk.

Read Article →
What Cyber Insurers Actually Check Before Quoting a Policy: The 2026 Underwriting Checklist
Business Security July 3, 2026

What Cyber Insurers Actually Check Before Quoting a Policy: The 2026 Underwriting Checklist

Before a carrier quotes cyber insurance, underwriters verify MFA, EDR, tested backups, and an incident response plan—often with evidence. Here's the 2026 checklist that decides your premium, or whether you're covered at all.

Read Article →
Claude Code Poisoned-Repository Attack: Why This Threat Makes Shadow AI So Dangerous
AI Security June 30, 2026

Claude Code Poisoned-Repository Attack: Why This Threat Makes Shadow AI So Dangerous

Mozilla researchers showed a clean-looking GitHub repo can trick Claude Code into opening a reverse shell with no malware in the code. Here's what it means for businesses—and the shadow AI risk it exposes.

Read Article →
OpenClaw, Hermes, and NanoClaw: The Business Benefits and Security Risks of Personal AI Agents
AI Security June 24, 2026

OpenClaw, Hermes, and NanoClaw: The Business Benefits and Security Risks of Personal AI Agents

OpenClaw, Hermes, and NanoClaw are the personal AI agents your employees are already running on WhatsApp and Slack. Here are the real business benefits—and the security risks, from a CVSS 8.8 remote-code-execution flaw to 1.5 million leaked API tokens.

Read Article →
FortiBleed: What the Fortinet Firewall Credential Campaign Means for SMBs in Canada and the US
Threats June 17, 2026

FortiBleed: What the Fortinet Firewall Credential Campaign Means for SMBs in Canada and the US

FortiBleed is an active campaign that exposed credentials for 73,932 Fortinet firewall and VPN URLs across 194 countries. It is not a vulnerability — it is reused passwords at industrial scale. Here is what business leaders should do.

Read Article →
Shadow AI, Meet Your Match: Cyber Unit Now Detects and Stops It in Real Time
AI Governance June 8, 2026

Shadow AI, Meet Your Match: Cyber Unit Now Detects and Stops It in Real Time

Cyber Unit now offers Workforce AI Security — it discovers every shadow AI app in use, redacts sensitive data before it leaves your environment, and deploys in minutes. Free trial available.

Read Article →
AI-Powered Worm: What a 'Fundamentally New Threat' Means for Your Business
AI Security June 4, 2026

AI-Powered Worm: What a 'Fundamentally New Threat' Means for Your Business

University of Toronto and Cambridge researchers built an AI-powered worm that compromised 73.8% of a simulated network in seven days using a free, open-weight model. Here's what it means for business leaders.

Read Article →
Kali365 and the Microsoft 365 MFA Bypass: What the FBI Warning Means for Your Business
Business Security May 31, 2026

Kali365 and the Microsoft 365 MFA Bypass: What the FBI Warning Means for Your Business

The FBI warned (PSA I-052126, May 21 2026) that the Kali365 phishing kit steals Microsoft 365 access tokens and bypasses multi-factor authentication without ever touching your password. Here is what it is and how to protect your business.

Read Article →
Cybersecurity Canada Report 2026: The State of Canadian SMB Cyber Risk
Business Security May 30, 2026

Cybersecurity Canada Report 2026: The State of Canadian SMB Cyber Risk

The inaugural Cybersecurity Canada Report 2026 publishes verified findings on Canadian SMB cyber risk: CA$704M in 2025 fraud losses, a CA$6.98M average breach cost, Bill C-8 status, and 100+ AiTM phishing campaigns hitting Canadian Microsoft 365 tenants.

Read Article →
Claude Mythos's First Month: 10,000+ Flaws Found and Why Every Exposed Business Is Now at Higher Risk
Threats May 30, 2026

Claude Mythos's First Month: 10,000+ Flaws Found and Why Every Exposed Business Is Now at Higher Risk

In its first month, Anthropic's Claude Mythos Preview surfaced more than 10,000 security flaws across tech giants including Apple and Mozilla. Here is the imminent risk it creates for Canadian and US businesses — big and small.

Read Article →
Shadow AI in 2026: Why Canadian and US Businesses Need to Detect, Prevent, and Redact in Real Time
AI Governance May 25, 2026

Shadow AI in 2026: Why Canadian and US Businesses Need to Detect, Prevent, and Redact in Real Time

Shadow AI no longer lives in a browser tab. MCP servers, desktop agents, and local AI tools are quietly moving company data into models you do not own. Here is what to inventory, detect, and redact — by DLP policy — before it becomes a breach.

Read Article →
GitHub Breach, May 2026: What the TeamPCP VS Code Extension Attack Means for Canadian and US SMBs
Business Security May 20, 2026

GitHub Breach, May 2026: What the TeamPCP VS Code Extension Attack Means for Canadian and US SMBs

On May 20, 2026, GitHub confirmed attackers exfiltrated roughly 3,800 internal repositories after a poisoned VS Code extension landed on an employee's device. Here is what Canadian and US SMBs should take from the TeamPCP incident.

Read Article →