Security analysis, minus the noise
Vulnerability breakdowns, CISA KEV alerts, and plain-English security guides — written and reviewed from real MSP project work.
CMMC Level 2: the 110 controls, plotted onto your existing security stack
110 CMMC L2 controls mapped to M365, CrowdStrike, and your SMB stack — plus the 5 controls that kill most assessments.
Oracle PeopleSoft Auth Bypass CVE-2026-35273: Patch Now
Oracle PeopleSoft Enterprise PeopleTools has a critical authentication bypass vulnerability — CVE-2026-35273 — that lets an unauthenticated attacker
Log retention: what each framework actually requires (HIPAA, PCI, SOC 2, CMMC) — in plain English
HIPAA, PCI DSS, SOC 2, and CMMC all have different log retention rules. Here's exactly what each framework requires, with no filler.
EDR vs antivirus: what's actually different, and the 4 features that justify the price
EDR vs antivirus difference explained without the vendor spin. 4 features that justify the price, 2 that don't, and how to choose SentinelOne, CrowdStrike, or Defender.
Check Point VPN Auth Bypass CVE-2026-50751: Patch Now
Check Point Security Gateway has a critical authentication bypass vulnerability in its IKEv1 key exchange implementation — CVE-2026-50751. An unauthe
DNS query monitoring for SMBs: cheap detection that catches malware C2
DNS query monitoring is the cheapest detection layer most SMBs skip. Here's how to deploy it, what to alert on, and which tools are worth paying for.
Subdomain takeover: the 60-second check every site owner should run (and how attackers find yours)
Dangling DNS records hand attackers a live subdomain under your brand. Learn how subdomain takeover works, how to detect it, and how to fix it fast.
Just-in-time admin access: the pragmatic SMB version of privileged identity management
Standing admin rights are a breach waiting to happen. Here's how SMBs implement just-in-time admin access without enterprise PAM budgets.
Service account hygiene: the 4 mistakes that turn one compromised key into full domain takeover
Four service account hygiene mistakes that let attackers pivot from one leaked credential to full domain takeover — and the 90-day fix.
SolarWinds Serv-U CVE-2026-28318: Patch Now
CISA added CVE-2026-28318 to the Known Exploited Vulnerabilities catalog on June 5, 2
Oracle WebLogic CVE-2024-21182: Block T3 & IIOP Now
CISA added CVE-2024-21182 to the Known Exploited Vulnerabilities catalog on June 1, 2
PAN-OS Auth Bypass CVE-2026-0257: Patch Your Firewall Now
A critical authentication bypass vulnerability in Palo Alto Networks PAN-OS is now on CISA's Known Exploited Vulnerabilities catalog. [C
HSTS preload: should you submit your domain? (decision flow + the risks)
HSTS is a one-way ratchet. Once you send the Strict-Transport-Security header, any browser that receives it will refuse to make plain HTTP connections to your
Horizon Brief: CISA KEV Turns Developer Tooling Into Infrastructure Risk
CISA's May 2026 supply-chain alerts called out compromised developer tooling, including Nx Console, TanStack npm packages, and malicious GitHub workflows. Here is what security and MSP teams should check first.
Business Email Compromise: The $50B Scam Small Businesses Underestimate
Business Email Compromise has cost businesses over $50 billion since 2013 — and small and mid-sized businesses are the highest-value, lowest-friction targets. Here's how the attack actually works, the specific patterns to train your team on, and the configuration changes that block 90% of attempts.
Cisco SD-WAN Auth Bypass: CISA Emergency Directive 26-03
CISA added CVE-2026-20182 to the Known Exploited Vulnerabilities catalog and issued Emergency Directive 26-03 for Cisco SD-WAN systems. Review affected versions, exposure, and immediate mitigation steps.
Cyber Insurance for Small Business: The Honest Buyer's Guide for 2026
Cyber insurance premiums have jumped 30-100% in three years and carriers are denying claims more aggressively. Here's the honest 2026 buyer's guide for small businesses: what's actually covered, what underwriters audit, and how to negotiate.
DMARC Setup for Google Workspace and Microsoft 365: A Small Business Guide
DMARC is the single highest-leverage email security configuration for a small business — it stops attackers from impersonating your domain in invoice-fraud and BEC scams. This is the no-fluff setup guide for Google Workspace and Microsoft 365 tenants, with the exact DNS records, the right policy progression, and the gotchas.
EDR for Small Business: What It Is, What It Costs, and Whether You Need It
Endpoint Detection and Response is the security control most often required by cyber insurance and most often misunderstood by small business owners. Here's what EDR actually does, what it costs, and which of the four major options fits which kind of business.
MFA everywhere: an honest rollout guide for small businesses
Where to start with MFA, what to do about the SMS problem, the dumb-cheap hardware key path, and how to handle the one user who refuses. A pragmatic 2026 rollout guide for SMB owners, not a product brochure.
Security headers explained for small business owners (2026)
What HSTS, CSP, X-Frame-Options, Referrer-Policy, and Permissions-Policy actually do — and which ones a small business has to ship versus which ones are nice-to-have. Plain-English explanations, copy-paste configs for nginx, Cloudflare, and Vercel.
Should Your Business Pay a Ransomware Demand? The Honest Math
The decision to pay a ransomware demand is presented online as a moral question. For most small businesses, it's actually an operational and legal one. Here's how the math actually works, what your insurer will and won't cover, when paying makes sense, and when it absolutely doesn't.
How to Set Up DMARC for Google Workspace in 2026
Step-by-step DMARC setup for Google Workspace: SPF, DKIM, monitoring, and moving to enforcement. Common pitfalls and how to verify it actually works.