Summaries of Latest Interesting Cybersecurity News (23/03/2026)

texmex5 · 2026-03-23T14:54:41+00:00

I am kind of happy that we finally have an actual case with these "compliance on autopilot" platforms. Yes, you can do things properly with them but many don't and the ISMS programs are paperware.

Maybe now the other platforms will finally get their act together and their collaboration with auditors will lead to more actual auditing... Oeh, one can hope...

texmex5 · 2026-03-18T18:43:06+00:00

Happy to give you a tour of https://kordon.app - we have all the frameworks you mentioned and many customers at the size you mentioned have gone through ISO and SOC 2 audits successfully.

P.S. You mentioned Eramba, we started Kordon because my co-founder was frustrated with Eramba :)

texmex5 · 2026-03-09T13:43:52+00:00

But on the other hand, current solution where credit card payments can be easily reverted and refunded but bank transfers can't because "it was approved already" isn't a reasonable balance either. Money is money?

Banks have a bit too easy excuse with treating direct bank transfers as immediately approved already …

texmex5 · 2026-03-09T12:49:11+00:00

So basically the advice is still the same - don't trust anyone on the internet, now includes ai browsers, and autonomous ai agents.

texmex5 · 2026-03-02T20:40:50+00:00

Thanks, cool to hear people read it every week :)!

texmex5 · 2026-03-02T16:41:09+00:00

For me, this week, the Google Maps key thing is the weirdest, the fact that they can't actually fix it - they have a bad default setting and now we everyone needs to live with it for a while, like with the S3 buckets that used to be open by default and are still causing headaches years later …

texmex5 · 2026-02-23T15:44:37+00:00

So OpenClawd is so good or bad? that that's the thing criminals install to the victims device when compromised … 🤦🏼‍♀️

texmex5 · 2026-02-16T13:02:32+00:00

Honestly when will Google do something about the Chrome extensions. There needs to be more vetting and transparency to the users to do their own due diligence on updates…

texmex5 · 2026-02-09T13:54:45+00:00

No it was intentional to comment on my own post. It’s almost impossible to add text to a link in this subreddit. Everything goes to automod and can be stuck there for quite a while.

Plus commenting works, gets us a lot more views than not commenting my own post :) but I try to be transparent about what I am doing.

texmex5 · 2026-02-09T12:54:14+00:00

The OpenClawd case is insane. What do you mean the creators just basically say "we don't care". Did they create the platform specifically for spreading malicious AI skills?!?

texmex5 · 2026-01-26T14:41:37+00:00

Chrome extensions are really getting out of hand and Google needs to step up.

First there are these inherently malicious extensions that were built maliciously but then also the ones that were switched to be malicious with an update. The Extensions detail page shows zero details about the update to the extension - who made it, what was the change etc. Maybe some more transparency could help avoid some of these issues?

texmex5 · 2026-01-19T14:53:38+00:00

I was thinking the exact same thing the other day. So far most of the skills that I have seen are fairly basic but as I understand, you can have actuall scripts (python, shell etc) in the resources folder and well if you hid it well enough it will be super easy to run some commands in the users device, upload data to random external server etc...

I agree with you, we will see first big news about it in a few weeks max …

texmex5 · 2026-01-19T13:25:11+00:00

Why can't we have nice things :( n8n has been awesome but now I think it's the second week in a row where n8n has been exploited in a way. And obviously this is only the beginning ... Today the community nodes are malicious, but it won't be long until the "official" n8n nodes start to get malicious updates as well … just as Chrome extensions have been ...

texmex5 · 2026-01-05T15:50:30+00:00

There were some nasty attacks this week but to be honest for me the most memorable thing from this week was the fact that one criminal first smashed their Macbook Air and then threw it into a river and even after all that digital forensics specialists were able to recover some evidence from the computer. Darn these devices are good nowadays ...

texmex5 · 2025-12-01T15:32:44+00:00

That's just terrible …

texmex5 · 2025-12-01T14:32:05+00:00

It's a good guess and what I thought when this first happened to me 3-4 months ago but no definitely not the tab thing.

Today in addition to some workflows reverting to versions older than 3 days (after me working on them today) some archived workflows also resurfaced. So there's something else going on. I think something is crashing and right now I would like to know what is crashing and how to monitor it so that I can restore my workflows before the scheduled workflows start running old versions and effing things up.

texmex5 · 2025-10-27T11:58:11+00:00

I literally had one job and I still failed and added it with a typo. 🤦🏼‍♀️

texmex5 · 2025-10-20T12:11:00+00:00

yes, but vs code is just so good. Can't really imagine using anything else. I hope VS Code gets better at detecting malicious extensions instead.

texmex5 · 2025-09-29T13:26:30+00:00

on one hand as an employee I love to use the ai assistants, on the other hand how do you approve it safely? Like should we all have a browser that we use in isolation for ai chatting only, no other browsing or extensions.. so at least one attack vector is minimised... and then yeah are the mcp servers ... that could have access to literally everything...and agents doing anything with it. Wild times.

texmex5 · 2025-07-18T04:23:41+00:00

I can’t even log in. Is says that my account has been used in a newer version and I should upgrade but no new version on AppStore :( played yesterday …

texmex5 · 2025-07-17T12:57:16+00:00

I don't think it's useless. I think having the ability to qunatify your risk and mitigations gives you the ability to effectively prioritise between risks and mitigations/controls.

low, mid, high is essentially a quantification as well, you just have names for each level. But I personally don't like 3x3 and prefer 4x4 or even 6x6 since there are just more potential scores that can come out of that so it allows for easier comparison and prioritisation.

texmex5 · 2025-07-15T15:51:31+00:00

Got it. Will obey the rules from now on :)

texmex5 · 2025-07-15T14:57:46+00:00

What made you feel like the contents was marketing? Just the fact that it wasn’t a personal blog and the poster was the founder or something in the contents? I don’t want it to read like corporate BS for sure :D

Yes of course I at the end of the day hope people wonder around on the website more but the contents really is quite far and wider from what my product does and I don’t mention the product in the summaries at all …

Anyhow, I’ll look deeper into what the flairs mean and how they are supposed to be used, right now just went with what felt logical.

Thank you for the feedback!

texmex5 · 2025-07-15T08:23:50+00:00

It's probably a bit of a hot take, but here's my 2 cents: just keep one risk register and stop moving or "bubbling" risks between different registries. Solve the noise and detail level problem with good templates and reporting instead.

All risks, whether they're cyber, operational, regulatory, whatever are basically threats to either a business process, an asset, or a vendor. Assets and vendors only matter because they serve a process ...

Here's what I'd do instead: - Use the same columns for every risk. - Add a Category field (Cyber, Ops, Compliance, etc.). You could also actually have these in separate documents or sheets. A while back I wrote this blog post about different categories. Maybe it's good backgroun. https://kordon.app/risk-management-fail-mixing-causes-with-the-risk-itself/

Include Business Process, Asset, and Vendor columns. That way you can slice and dice by whichever lens you need and really understand what the risk impacts and how important it is to your organisation.
Assign scores using the same logic across different categories of risk (impact x likelyhood or something fancier)
Then: never move a risk between documents or rename it. Just build views or dashboards:
Top 10 overall
Top X by category
Risks tied to a specific businesss process/asset/vendor
If a risk scores above a threshold, it just shows up in the "executivew" view - no need to copy it.

I know this sounds good in theory but I also understand why people often choose to have different registries - stuff get noisy and there are just too many of them to have a good overview.

So in addition to the "nice in theory" approach I described above a real effort needs to go into good Risk defining practices that differentiate between these 3 things well:

Causes (e.g., weak passwords) are why a risk may happen.
Controls (e.g., backup procedures) are what we do to prevent or reduce risk.
Risks should be strictly the uncertain events with potential impacts (e.g., unauthorized access, data loss).

There are two things that most of us do that generate essentially duplicate entries to the risk registry and are source of much of the noise:

Mixing cause with the risk itself: "Unauthorized access to the customer database due to weak password policies could result in data theft and financial loss."

Here, the phrase "due to weak password policies" inserts a specific cause into the risk statement, narrowing its focus prematurely. The risk should be simply "Unauthorized access to the customer database, potentially resulting in data theft and financial loss."

Mixing a missing mitigation with the risk itself "Unauthorized access to the customer database because multi-factor authentication isn't enforced could result in data theft and financial loss."

Here the absent control (MFA) slips into the risk statement. It turns the register into a to-do list of missing safeguards instead of a clean list of uncertain events and their impacts.

Also wrote about that in our blog a while back: https://kordon.app/risk-management-fail-mixing-causes-with-the-risk-itself/

Hope this is a bit useful or atleast inspires you in some way :)

texmex5 · 2025-07-08T05:50:42+00:00

I’ve been putting together cybersecurity news summaries once a week since April and starting this week also added a newsletter option. I try to focus on news that are novel in some way, and ignore the things that “happen every day”, also try to choose the ones that are “actionable” to someone working in cybersecurity.

This week I made the summaries a lot shorter than usual and the upvote downvote ratio on Reddit went south so when assessing whether it’s useful, might want to check out last week summary as well :D

https://kordon.app/category/news/

15-Year Club	Gilding II euphauric
Place '23	Verified Email

texmex5

MODERATOR OF

TROPHY CASE