Breach Horizon
The blog

Security analysis, minus the noise

Vulnerability breakdowns, CISA KEV alerts, and plain-English security guides — written and reviewed from real MSP project work.

compliance

CMMC Level 2: the 110 controls, plotted onto your existing security stack

110 CMMC L2 controls mapped to M365, CrowdStrike, and your SMB stack — plus the 5 controls that kill most assessments.

11 min read
vulnerabilities

Oracle PeopleSoft Auth Bypass CVE-2026-35273: Patch Now

Oracle PeopleSoft Enterprise PeopleTools has a critical authentication bypass vulnerability — CVE-2026-35273 — that lets an unauthenticated attacker

6 min read
compliance

Log retention: what each framework actually requires (HIPAA, PCI, SOC 2, CMMC) — in plain English

HIPAA, PCI DSS, SOC 2, and CMMC all have different log retention rules. Here's exactly what each framework requires, with no filler.

9 min read
vendors

EDR vs antivirus: what's actually different, and the 4 features that justify the price

EDR vs antivirus difference explained without the vendor spin. 4 features that justify the price, 2 that don't, and how to choose SentinelOne, CrowdStrike, or Defender.

9 min read
vulnerabilities

Check Point VPN Auth Bypass CVE-2026-50751: Patch Now

Check Point Security Gateway has a critical authentication bypass vulnerability in its IKEv1 key exchange implementation — CVE-2026-50751. An unauthe

6 min read
technical

DNS query monitoring for SMBs: cheap detection that catches malware C2

DNS query monitoring is the cheapest detection layer most SMBs skip. Here's how to deploy it, what to alert on, and which tools are worth paying for.

8 min read
technical

Subdomain takeover: the 60-second check every site owner should run (and how attackers find yours)

Dangling DNS records hand attackers a live subdomain under your brand. Learn how subdomain takeover works, how to detect it, and how to fix it fast.

8 min read
guides

Just-in-time admin access: the pragmatic SMB version of privileged identity management

Standing admin rights are a breach waiting to happen. Here's how SMBs implement just-in-time admin access without enterprise PAM budgets.

9 min read
guides

Service account hygiene: the 4 mistakes that turn one compromised key into full domain takeover

Four service account hygiene mistakes that let attackers pivot from one leaked credential to full domain takeover — and the 90-day fix.

8 min read
vulnerabilities

SolarWinds Serv-U CVE-2026-28318: Patch Now

CISA added CVE-2026-28318 to the Known Exploited Vulnerabilities catalog on June 5, 2

5 min read
vulnerabilities

Oracle WebLogic CVE-2024-21182: Block T3 & IIOP Now

CISA added CVE-2024-21182 to the Known Exploited Vulnerabilities catalog on June 1, 2

6 min read
vulnerabilities

PAN-OS Auth Bypass CVE-2026-0257: Patch Your Firewall Now

A critical authentication bypass vulnerability in Palo Alto Networks PAN-OS is now on CISA's Known Exploited Vulnerabilities catalog. [C

6 min read
technical

HSTS preload: should you submit your domain? (decision flow + the risks)

HSTS is a one-way ratchet. Once you send the Strict-Transport-Security header, any browser that receives it will refuse to make plain HTTP connections to your

7 min read
supply-chain

Horizon Brief: CISA KEV Turns Developer Tooling Into Infrastructure Risk

CISA's May 2026 supply-chain alerts called out compromised developer tooling, including Nx Console, TanStack npm packages, and malicious GitHub workflows. Here is what security and MSP teams should check first.

4 min read
threats

Business Email Compromise: The $50B Scam Small Businesses Underestimate

Business Email Compromise has cost businesses over $50 billion since 2013 — and small and mid-sized businesses are the highest-value, lowest-friction targets. Here's how the attack actually works, the specific patterns to train your team on, and the configuration changes that block 90% of attempts.

9 min read
vulnerabilities

Cisco SD-WAN Auth Bypass: CISA Emergency Directive 26-03

CISA added CVE-2026-20182 to the Known Exploited Vulnerabilities catalog and issued Emergency Directive 26-03 for Cisco SD-WAN systems. Review affected versions, exposure, and immediate mitigation steps.

6 min read
guides

Cyber Insurance for Small Business: The Honest Buyer's Guide for 2026

Cyber insurance premiums have jumped 30-100% in three years and carriers are denying claims more aggressively. Here's the honest 2026 buyer's guide for small businesses: what's actually covered, what underwriters audit, and how to negotiate.

8 min read
guides

DMARC Setup for Google Workspace and Microsoft 365: A Small Business Guide

DMARC is the single highest-leverage email security configuration for a small business — it stops attackers from impersonating your domain in invoice-fraud and BEC scams. This is the no-fluff setup guide for Google Workspace and Microsoft 365 tenants, with the exact DNS records, the right policy progression, and the gotchas.

8 min read
guides

EDR for Small Business: What It Is, What It Costs, and Whether You Need It

Endpoint Detection and Response is the security control most often required by cyber insurance and most often misunderstood by small business owners. Here's what EDR actually does, what it costs, and which of the four major options fits which kind of business.

8 min read
guides

MFA everywhere: an honest rollout guide for small businesses

Where to start with MFA, what to do about the SMS problem, the dumb-cheap hardware key path, and how to handle the one user who refuses. A pragmatic 2026 rollout guide for SMB owners, not a product brochure.

6 min read
guides

Security headers explained for small business owners (2026)

What HSTS, CSP, X-Frame-Options, Referrer-Policy, and Permissions-Policy actually do — and which ones a small business has to ship versus which ones are nice-to-have. Plain-English explanations, copy-paste configs for nginx, Cloudflare, and Vercel.

4 min read
incident-response

Should Your Business Pay a Ransomware Demand? The Honest Math

The decision to pay a ransomware demand is presented online as a moral question. For most small businesses, it's actually an operational and legal one. Here's how the math actually works, what your insurer will and won't cover, when paying makes sense, and when it absolutely doesn't.

10 min read
Email Security

How to Set Up DMARC for Google Workspace in 2026

Step-by-step DMARC setup for Google Workspace: SPF, DKIM, monitoring, and moving to enforcement. Common pitfalls and how to verify it actually works.

7 min read