Security Insights
Expert tips, industry trends, and practical advice to keep your business secure.
Token Theft: How Attackers Skip the Password and MFA With a Stolen Session
Token theft lets attackers log in as your employees without a password or MFA prompt. Infostealers exposed an estimated 1.8 billion credentials and billions of session cookies in 2025. Here's how it works and how to reduce the risk.
Read Article →What Cyber Insurers Actually Check Before Quoting a Policy: The 2026 Underwriting Checklist
Before a carrier quotes cyber insurance, underwriters verify MFA, EDR, tested backups, and an incident response plan—often with evidence. Here's the 2026 checklist that decides your premium, or whether you're covered at all.
Read Article →Claude Code Poisoned-Repository Attack: Why This Threat Makes Shadow AI So Dangerous
Mozilla researchers showed a clean-looking GitHub repo can trick Claude Code into opening a reverse shell with no malware in the code. Here's what it means for businesses—and the shadow AI risk it exposes.
Read Article →OpenClaw, Hermes, and NanoClaw: The Business Benefits and Security Risks of Personal AI Agents
OpenClaw, Hermes, and NanoClaw are the personal AI agents your employees are already running on WhatsApp and Slack. Here are the real business benefits—and the security risks, from a CVSS 8.8 remote-code-execution flaw to 1.5 million leaked API tokens.
Read Article →FortiBleed: What the Fortinet Firewall Credential Campaign Means for SMBs in Canada and the US
FortiBleed is an active campaign that exposed credentials for 73,932 Fortinet firewall and VPN URLs across 194 countries. It is not a vulnerability — it is reused passwords at industrial scale. Here is what business leaders should do.
Read Article →Shadow AI, Meet Your Match: Cyber Unit Now Detects and Stops It in Real Time
Cyber Unit now offers Workforce AI Security — it discovers every shadow AI app in use, redacts sensitive data before it leaves your environment, and deploys in minutes. Free trial available.
Read Article →AI-Powered Worm: What a 'Fundamentally New Threat' Means for Your Business
University of Toronto and Cambridge researchers built an AI-powered worm that compromised 73.8% of a simulated network in seven days using a free, open-weight model. Here's what it means for business leaders.
Read Article →Kali365 and the Microsoft 365 MFA Bypass: What the FBI Warning Means for Your Business
The FBI warned (PSA I-052126, May 21 2026) that the Kali365 phishing kit steals Microsoft 365 access tokens and bypasses multi-factor authentication without ever touching your password. Here is what it is and how to protect your business.
Read Article →Cybersecurity Canada Report 2026: The State of Canadian SMB Cyber Risk
The inaugural Cybersecurity Canada Report 2026 publishes verified findings on Canadian SMB cyber risk: CA$704M in 2025 fraud losses, a CA$6.98M average breach cost, Bill C-8 status, and 100+ AiTM phishing campaigns hitting Canadian Microsoft 365 tenants.
Read Article →Claude Mythos's First Month: 10,000+ Flaws Found and Why Every Exposed Business Is Now at Higher Risk
In its first month, Anthropic's Claude Mythos Preview surfaced more than 10,000 security flaws across tech giants including Apple and Mozilla. Here is the imminent risk it creates for Canadian and US businesses — big and small.
Read Article →Shadow AI in 2026: Why Canadian and US Businesses Need to Detect, Prevent, and Redact in Real Time
Shadow AI no longer lives in a browser tab. MCP servers, desktop agents, and local AI tools are quietly moving company data into models you do not own. Here is what to inventory, detect, and redact — by DLP policy — before it becomes a breach.
Read Article →GitHub Breach, May 2026: What the TeamPCP VS Code Extension Attack Means for Canadian and US SMBs
On May 20, 2026, GitHub confirmed attackers exfiltrated roughly 3,800 internal repositories after a poisoned VS Code extension landed on an employee's device. Here is what Canadian and US SMBs should take from the TeamPCP incident.
Read Article →