Zero trust architecture posts dive into the technical frameworks and infrastructure designs that support zero trust implementations. Topics include identity-aware proxies, software-defined perimeters, network access control, policy engines, and integration with cloud and hybrid environments.
posts
The VPN Is Dead. The Breach That Proved It. In May 2023, a threat actor used stolen VPN credentials to breach a major U.S. government contractor, moving laterally across the network for weeks before detection. The attacker didn't exploit some exotic zero-day. They logged in with a
The Breach That Proved Perimeter Security Is Dead In January 2023, T-Mobile disclosed that a threat actor had been siphoning data from 37 million customer accounts since late November 2022 — by exploiting a single API. The attacker was already inside the network, moving laterally, harvesting names, emails, phone numbers, and
A Single Misconfigured S3 Bucket Exposed 3 Billion Records In early 2023, independent security researchers discovered yet another wave of publicly exposed Amazon S3 buckets leaking sensitive customer data — healthcare records, financial documents, personally identifiable information. None of these organizations were hacked in the traditional sense. They simply got their
In March 2023, Samsung employees accidentally leaked sensitive source code and internal meeting notes by pasting proprietary data into ChatGPT — on their mobile devices. No malware was involved. No sophisticated threat actor broke through a firewall. Employees simply used their phones in ways the company's mobile device security
In March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives related to the 3CX supply chain compromise — a desktop phone app used by over 600,000 organizations globally. Threat actors had trojanized the software update itself, meaning every company that trusted the vendor's legitimate update
In April 2022, researchers at Palo Alto Unit 42 reported that nearly 99% of cloud user accounts, services, and resources grant excessive permissions — permissions that are granted but never used. That gap between what's allowed and what's needed is exactly where threat actors operate. If you&
In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the U.S. East Coast. The attackers used a legacy VPN account with no multi-factor authentication — a textbook example of what happens when an organization trusts its perimeter instead of verifying every access
In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised VPN credential gave attackers the keys to the kingdom. One password. No multi-factor authentication. No segmentation between IT and operational technology networks. The attackers from the DarkSide group walked through a flat network like it
The Colonial Pipeline Made "Never Trust, Always Verify" a Boardroom Priority In May 2021, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid a $4.4 million ransom — and the real costs ran far deeper. The attack exploited a legacy
An Open Door You Didn't Know You Left Unlocked In August 2021, the FBI and CISA issued a joint advisory warning that threat actors exploiting Remote Desktop Protocol (RDP) was the single most common initial access vector in ransomware attacks. Not phishing emails. Not zero-day exploits. RDP. The
