Security Insights
Expert tips, industry trends, and practical advice to keep your business secure.
The Bitwarden npm Supply Chain Attack: When Security Tools Become Attack Vectors
For roughly 90 minutes on April 22, 2026, a trojanized version of the Bitwarden CLI sat on npm — the password manager's own developer tool turned credential thief. Here's what the incident really tells Canadian and US business leaders about supply chain trust in 2026.
Read Article →
When Your AI Goes Dark: Why Businesses Need a Continuity Plan for LLM Outages
ChatGPT, Claude, and every other LLM will have outages — it has already happened, and it will happen again. If your business can't operate without them, that's a single point of failure. Here's how to plan for AI outages, export what you can, and reduce your exposure to vendor lockouts.
Read Article →
The Vercel Breach: How One AI Tool's Google Workspace OAuth Token Exposed Hundreds of Organizations
Vercel was breached after an employee granted a third-party AI tool unrestricted access to Google Workspace. Here's what happened, how to check if your organization is affected, and why vetting the OAuth apps connected to your Microsoft 365 or Google tenant matters more than ever.
Read Article →
SaaS Security for Small Businesses: How to Vet Vendors in the AI Era
Most small businesses don't run their own web apps — they run on SaaS. AI has now shrunk the window between a disclosed bug and a live exploit to hours. Here's how to evaluate your SaaS providers, protect your backups, and keep your own apps off the public internet.
Read Article →
AI Meeting Recorders Are Collecting More Than You Think
We reviewed the privacy policies of six popular AI meeting and note-taking tools — Otter.ai, Fathom, Fellow.ai, Read.ai, Microsoft Copilot, and Google Gemini. What we found surprised us. Here's what businesses need to know before their next meeting.
Read Article →
AI Security Checklist: 7 Steps Every Small Business Should Take Now
AI tools are everywhere in the workplace — and so are the risks. Here's a practical checklist for small businesses to secure their AI usage before it becomes a liability.
Read Article →
Why Most Businesses Still Fail Password Audits — And How to Fix It
NIST rewrote the rules, but most organizations haven't caught up. Here's what a modern password audit actually looks for and where businesses consistently fall short.
Read Article →
Phishing-as-a-Service: Why Credential Theft Platforms Are a Growing Threat to Businesses
Phishing kits have evolved from crude hacker tools into polished, subscription-based platforms with built-in evasion and MFA bypass. Here's what that shift means for your business security.
Read Article →
The Claude Code Source Code Leak: What Businesses Using AI Coding Tools Need to Know
Anthropic accidentally published 512,000 lines of Claude Code source code to npm. Here's what was exposed, what it means for businesses relying on AI development tools, and the broader security questions every organization should be asking.
Read Article →
Two Chrome Zero-Days Exploited in the Wild: What CVE-2026-3909 and CVE-2026-3910 Mean for Your Business
Google has patched two actively exploited Chrome zero-day vulnerabilities affecting 3.4 billion users. Here's what happened, why the patch window is shrinking, and what your business should do right now.
Read Article →
The Axios Supply Chain Attack: What 100 Million Weekly Downloads of Compromised Code Means for Your Business
A live supply chain attack on axios—one of npm's most depended-on packages—injected malware through a malicious dependency. Here's what happened, how supply chain attacks work, and what your business should do to protect itself.
Read Article →
Introducing CybersecurityCanada.ca: A Free Cybersecurity Assessment for Canadian Businesses
We've launched CybersecurityCanada.ca — a free, comprehensive cybersecurity assessment built on the Canadian Centre for Cyber Security (CCCS) framework. Designed for any Canadian business, no technical expertise required.
Read Article →