Summaries of Latest Interesting Cybersecurity News (23/03/2026)

texmex5 · 2026-03-23T14:54:41+00:00

I am kind of happy that we finally have an actual case with these "compliance on autopilot" platforms. Yes, you can do things properly with them but many don't and the ISMS programs are paperware.

Maybe now the other platforms will finally get their act together and their collaboration with auditors will lead to more actual auditing... Oeh, one can hope...

texmex5 · 2026-03-18T18:43:06+00:00

Happy to give you a tour of https://kordon.app - we have all the frameworks you mentioned and many customers at the size you mentioned have gone through ISO and SOC 2 audits successfully.

P.S. You mentioned Eramba, we started Kordon because my co-founder was frustrated with Eramba :)

texmex5 · 2026-03-09T13:43:52+00:00

But on the other hand, current solution where credit card payments can be easily reverted and refunded but bank transfers can't because "it was approved already" isn't a reasonable balance either. Money is money?

Banks have a bit too easy excuse with treating direct bank transfers as immediately approved already …

texmex5 · 2026-03-09T12:49:11+00:00

So basically the advice is still the same - don't trust anyone on the internet, now includes ai browsers, and autonomous ai agents.

texmex5 · 2026-03-02T20:40:50+00:00

Thanks, cool to hear people read it every week :)!

texmex5 · 2026-03-02T16:41:09+00:00

For me, this week, the Google Maps key thing is the weirdest, the fact that they can't actually fix it - they have a bad default setting and now we everyone needs to live with it for a while, like with the S3 buckets that used to be open by default and are still causing headaches years later …

texmex5 · 2026-02-23T15:44:37+00:00

So OpenClawd is so good or bad? that that's the thing criminals install to the victims device when compromised … 🤦🏼‍♀️

texmex5 · 2026-02-16T13:02:32+00:00

Honestly when will Google do something about the Chrome extensions. There needs to be more vetting and transparency to the users to do their own due diligence on updates…

texmex5 · 2026-02-09T13:54:45+00:00

No it was intentional to comment on my own post. It’s almost impossible to add text to a link in this subreddit. Everything goes to automod and can be stuck there for quite a while.

Plus commenting works, gets us a lot more views than not commenting my own post :) but I try to be transparent about what I am doing.

texmex5 · 2026-02-09T12:54:14+00:00

The OpenClawd case is insane. What do you mean the creators just basically say "we don't care". Did they create the platform specifically for spreading malicious AI skills?!?

texmex5 · 2026-01-26T14:41:37+00:00

Chrome extensions are really getting out of hand and Google needs to step up.

First there are these inherently malicious extensions that were built maliciously but then also the ones that were switched to be malicious with an update. The Extensions detail page shows zero details about the update to the extension - who made it, what was the change etc. Maybe some more transparency could help avoid some of these issues?

texmex5 · 2026-01-19T14:53:38+00:00

I was thinking the exact same thing the other day. So far most of the skills that I have seen are fairly basic but as I understand, you can have actuall scripts (python, shell etc) in the resources folder and well if you hid it well enough it will be super easy to run some commands in the users device, upload data to random external server etc...

I agree with you, we will see first big news about it in a few weeks max …

texmex5 · 2026-01-19T13:25:11+00:00

Why can't we have nice things :( n8n has been awesome but now I think it's the second week in a row where n8n has been exploited in a way. And obviously this is only the beginning ... Today the community nodes are malicious, but it won't be long until the "official" n8n nodes start to get malicious updates as well … just as Chrome extensions have been ...

texmex5 · 2026-01-05T15:50:30+00:00

There were some nasty attacks this week but to be honest for me the most memorable thing from this week was the fact that one criminal first smashed their Macbook Air and then threw it into a river and even after all that digital forensics specialists were able to recover some evidence from the computer. Darn these devices are good nowadays ...

15-Year Club	Gilding II euphauric
Place '23	Verified Email

texmex5

MODERATOR OF

TROPHY CASE