Stop the SOC Burnout: Fixing the Alert Fatigue Crisis | XM Cyber Alert fatigue is one of the most persistent and costly problems in security operations - and it's getting worse. According to Cybersecurity Insiders, 76% of SOC teams cite alert fatigue as a top opera...

Alert fatigue is one of the most persistent & costly problems in #SecOps & it’s getting worse. @Cybersecinsider reports 76% of SOC teams cite alert fatigue as a top operational challenge & 73% report analyst burnout. Important @XMCyber_ analysis & advice.
cybersec.xmcyber.com/s/stop-the-s...

Top 10 Password Security Myths Debunked Debunk the top 10 password security myths and learn how to protect your online accounts with actionable tips for stronger, safer passwords.

Informative piece from Psono that debunks the top 10 password security myths. Even without a password manager, strong passwords can protect online accounts. #infosec #cybersecurity
api.cyfluencer.com/s/top-10-pas...

CyberCanon's Review of Thinking, Fast and Slow

𝗙𝗿𝗲𝘀𝗵 𝗥𝗲𝘃𝗶𝗲𝘄 𝗟𝗮𝗻𝗱𝗲𝗱 🤔👟🐌

This week, 2 committee members are independently recommending Daniel Kahneman's 𝙏𝙝𝙞𝙣𝙠𝙞𝙣𝙜, 𝙁𝙖𝙨𝙩 𝙖𝙣𝙙 𝙎𝙡𝙤𝙬 for the CyberCanonHoF.

📝 Read why it's valuable for cyber pros -> cybercanon.org/thinking-fas...

#CybersecurityBooks #Cyberpsychology #CyberCanonHoFCandidate

1/3...

The State of Ransomware: March 2026 | BlackFog BlackFog's state of ransomware March 2026 report measures publicly disclosed and non-disclosed attacks globally.

March had 90 publicly disclosed #ransomware attacks, 2nd month this year incidents exceeded 90. Orgs in US accounted for 60% of all reported attacks. Ransomware groups like #DragonForce & #Anubis still making a massive amount of $$. HT @blackfogprivacy. api.cyfluencer.com/s/the-state-...

CyberCanon Review of Hacks, Leaks, and Revelations

🔓 Review Drop: Hacks, Leaks, and Revelations

This week, be sure to read Meghan Jacquot's CyberCanon Review of Micah Lee's 𝙃𝙖𝙘𝙠𝙨, 𝙇𝙚𝙖𝙠𝙨, 𝙖𝙣𝙙 𝙍𝙚𝙫𝙚𝙡𝙖𝙩𝙞𝙤𝙣𝙨 👇

cybercanon.org/hacks-leaks-...

#CybersecurityBooks #Databreach | @micahflee.com

CamoLeak: How GitHub Copilot Became An Exfiltration Channel | BlackFog CamoLeak turned GitHub Copilot into a silent data exfiltration channel via prompt injection and GitHub's own image proxy. CVSS 9.6.

#CamoLeak is a high-severity #vuln in #GitHub #Copilot Chat (CVE-2025-59145, CVSS 9.6) that gives attackers the ability to silently steal source code, API keys & secrets from private repos w/o executing any malicious code. Good overview from @blackfogprivacy. api.cyfluencer.com/s/camoleak-h...

My @OneRSAC information security book of the month review: Speak Security With A Business Accent: How to Communicate Cybersecurity Concepts Clearly, Ease Friction with Stakeholders & Influence Decision’ by Joshua Mason. Sage advice for #infosec pros. #RSAC www.rsaconference.com/library/blog...

Built by a veteran #cybersecurity team & led by former @Google and @Mandiant execs, Mallory AI is a new #AI intelligence platform & now in GA. It’s built for exposure investigation & intel workflows. Important for #infosec.
api.cyfluencer.com/s/mallory-go... #MalloryAI #Mallory

CyberCanon's Review of The AI Conundrum

𝗔𝗜 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝘁𝗵𝗲 𝗛𝘆𝗽𝗲 (𝗼𝗿 𝗕𝗹𝗶𝗻𝗱 𝗦𝗽𝗼𝘁𝘀) 🦾⚖️

For this week's review, Yisehak Lemma examines 𝙏𝙝𝙚 𝘼𝙄 𝘾𝙤𝙣𝙪𝙣𝙙𝙧𝙪𝙢, written by the father-son duo of Caleb and Rex Briggs.

🔎 Full review: cybercanon.org/the-ai-conun...

#CybersecurityBooks #AISecurity #AIGovernance

CyberCanon Review of Stepping Through Cybersecurity Risk Management

🏛️ 𝗛𝗮𝗹𝗹 𝗼𝗳 𝗙𝗮𝗺𝗲 𝗥𝗲𝗰𝗼 𝗜𝗻𝗰𝗼𝗺𝗶𝗻𝗴!

Jack Freund, a man who knows a thing or two about cyber risk (author of the FAIR HoF book), provides a Hall of Fame nomination for 𝙎𝙩𝙚𝙥𝙥𝙞𝙣𝙜 𝙏𝙝𝙧𝙤𝙪𝙜𝙝 𝘾𝙮𝙗𝙚𝙧𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙍𝙞𝙨𝙠 𝙈𝙖𝙣𝙖𝙜𝙚𝙢𝙚𝙣𝙩 by Jennifer Bayuk.

📝 Read Jack's thorough assessment: cybercanon.org/stepping-thr...

RSAC 2026: What AI Agent Security Looks Like Now - AGAT Software: Compliance, Security & Productivity For UC AI agent security reached a turning point at RSAC 2026. Here is what enterprises learned about the execution layer gap and what security teams must fix now.

The @OneRSAC Conference just wrapped & headline underneath every announcement is the same: Enterprises are deploying AI agents faster than #infosec teams can track them. This @AGATSoftware piece details #AI implementation work that needs to be done. api.cyfluencer.com/s/rsac-2026-... #RSAC

Scammers reply to President Trump’s Cyber Strategy for America — bring it on! Trump’s Executive Order

Last week, @realDonaldTrump established a task force to eliminate fraud via executive order. However, like information risk, fraud can’t be eliminated. What the Trump order doesn’t deal with is clueless users vulnerable to financial fraudsters & scammers.
brothke.medium.com/scammers-rep...

CyberCanon's Review of Behavioral AI

⚛ Review Day! ⚛

Thomas Laugle provides a "niche" recommendation for Dr. Rogayeh Tabrizi's 𝘽𝙚𝙝𝙖𝙫𝙞𝙤𝙧𝙖𝙡 𝘼𝙄: 𝙐𝙣𝙡𝙚𝙖𝙨𝙝 𝘿𝙚𝙘𝙞𝙨𝙞𝙤𝙣 𝙈𝙖𝙠𝙞𝙣𝙜 𝙬𝙞𝙩𝙝 𝘿𝙖𝙩𝙖

✍️ Read Thomas' thorough analysis: cybercanon.org/behavioral-a...

#CybersecurityBooks #AISecurity #GRC #SecurityAwareness

Top 5 insights on modern password security as we head into 2026 Discover the 5 key password security insights from our recent webinar and how security teams should respond in 2026.

That passwords aren't going away, or that they ever will, isn’t a novel idea. But interesting insights from this @specopssoftware piece are that traditional complexity rules create predictable behavior. Such as Password2 following Password 1. api.cyfluencer.com/s/top-5-insi...

Delve - Fake Compliance as a Service - Part I How Delve managed to falsely convince hundreds of customers they were compliant and then lied about it when exposed and called out

#Delve claims ‘Compliance in days’. But #DeepDelver #AICPNAY tells very different story, claiming “@getdelve built a machine designed to make clients complicit w/o their knowledge, to manufacture plausible deniability while producing exactly the opposite”. substack.com/home/post/p-...

Agent Access Management (AAM): Why Governing AI and Non-Human Identities Requires a Data-First Security Model Learn about agent access management and how it governs non-human identities to protect sensitive enterprise data.

#AI agents, service accounts, automation workflows & machine-to-machine processes are rapidly becoming leading characters in the enterprise. That leads to a new #infosec acronym - Agent Access Management (AAM). api.cyfluencer.com/s/agent-acce...

Not so fun fact. Any call, voicemail, text, or email you get about a vacation or cruise is from a scammer. I challenge you to find a single person who has received a voicemail, call, text, or email about a vacation that was not a #scam. brothke.medium.com/how-to-tell-...

Sandbox at Sunset: Innovation Finalist Happy Hour Cruise · Luma Join us for a private yacht happy hour during RSAC week — featuring FOUR Innovation Sandbox finalists and senior cybersecurity leaders. Cruise the San…

If you are going to be at RSA #infosec Conference @OneRSAC next week, @TheTokenSec is having a private yacht happy hour with #RSAC innovation sandbox finalists Fig Security, Geordie, @ZeroPathAI & senior cybersecurity leaders. api.cyfluencer.com/s/sandbox-at... #RSA

CyberCanon's Review of The Cybersecurity Guide to Governance, Risk, and Compliance

📝Review Incoming...

This week, we dive into GRC. Andrew Chrostowski provides a Hall of Fame Rec for 𝙏𝙝𝙚 𝘾𝙮𝙗𝙚𝙧𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙂𝙪𝙞𝙙𝙚 𝙩𝙤 𝙂𝙤𝙫𝙚𝙧𝙣𝙖𝙣𝙘𝙚, 𝙍𝙞𝙨𝙠, 𝙖𝙣𝙙 𝘾𝙤𝙢𝙥𝙡𝙞𝙖𝙣𝙘𝙚 by Jason Edwards and Griffin Weaver.

Andrew's review 👉 cybercanon.org/the-cybersec...

#CybersecurityBooks #GRC #CyberCanonHoFCandidate

Board-Level Cybersecurity Risk Communication Certification for CISOs | XM Cyber Equip yourself with the ultimate skill for today's CISO: board-level cyber risk communication. This certification course empowers security leaders to translate Exposure Management insights into compel...

Valuable @XMCyber_ free course: ‘Board-Level Cybersecurity Risk Communication Certification for CISOs’ led by @Gerald_Auger. Learn about risk communication, executive presence & boardroom influence to drive security investments & informed decision-making. cybersec.xmcyber.com/s/board-leve...

T1059.006 Python is a sub-technique of Command and Scripting Interpreter (T1059) in the MITRE ATT&CK framework, under the Execution tactic. It refers to adversaries using Python to execute code and automate actions on compromised systems.
cybersec.picussecurity.com/s/t1059-006-...

The LinkedIn recruiter seek-and-hide scam Yet another sneaky LinkedIn recruiter job scam

Anyone using LinkedIn may find more scammers reaching out to them than legitimate recruiters, especially if using the #OpenToWork tag. I write about the LinkedIn seek-and-hide scam. One of them poorly impersonated @Hyundai @Hyundai_Global. medium.com/@brothke/the... #scam #scams #fraud

CyberCanon's Review of Battlefield Cyber

🪖 It's Review Day! 🪖

Rick Howard reviews 𝘽𝙖𝙩𝙩𝙡𝙚𝙛𝙞𝙚𝙡𝙙 𝘾𝙮𝙗𝙚𝙧, by William Holstein and Michael McLaughlin...

📝 tinyurl.com/k624nsb8

#CybersecurityBooks #CyberWarfare

The LinkedIn recruiter seek-and-hide scam Yet another sneaky LinkedIn recruiter job scam

Anyone using #LinkedIn may find more scammers reaching out to them than recruiters, especially if using the #OpenToWork tag. I write of the LinkedIn seek-and-hide scam, which is yet another sneaky LinkedIn recruiter job #scam. Get a job, don’t get scammed.
medium.com/@brothke/the...

The DocuSign Email That Wasn't - A Three-Redirect Credential Harvest Attackers used a redirect chain via Google Maps and Amazon S3 to bypass scanners and harvest credentials from a fake DocuSign email.

As @Docusign is used to digitally sign sensitive & confidential documents, you know it’s a prime target for attackers. @Ironscales details a very crafty & convincing #Docusign attack. It used a redirect-chain attack designed to dodge scanners. #infosec
cybersec.ironscales.com/s/the-docusi...

The Emails Hitting K-12 Right Now Real phishing attacks targeting schools — vendor fraud, payroll theft, fake HR emails. What K-12 IT leaders are actually dealing with in 2026.

Vendor payment fraud remains the most expensive attack type in education. When it comes to K-12, they have very little to spend on #cybersecurity & that makes them prime attack targets. Good @Ironscales piece details the #infosec schools need to consider. cybersec.ironscales.com/s/the-emails...

Ben's Book of the Month: Becoming Quantum Safe: Protect Your Business and Mitigate Risks with Post-Quantum Cryptography and Crypto-Agility

My @OneRSAC book review of: Becoming Quantum Safe: Protect Your Business and Mitigate Risks with Post-Quantum Cryptography and Crypto-Agility. Excellent resource to prepare for the inevitability of #quantum #cryptography, from @WileyTech. #RSAC #infosec www.rsaconference.com/library/blog...

As @knash99 of @WSJ wrote: #Iran cyber retaliation would probably target US utility providers & include #DDoS attacks on high-profile websites. This necessitates preemptive security, which stops/deters #cyberattacks before they succeed. HT @PicusSecurity cybersec.picussecurity.com/s/what-is-pr...

How NetSupport RAT abuses a legitimate remote admin tool. #NetSupport RAT is a malicious repurposing of the legitimate remote administration tool, NetSupport Manager, which has been available for over 30 years. cybersec.picussecurity.com/s/how-netsup...

Sensitive Data at Risk: Managing Exposure & Governance During M&A Mergers, acquisitions, and divestitures are high-stakes inflection points for financial institutions – and for their data. Sensitive information is often duplicated, exposed, or fragmented across lega...

Interesting webinar: Sensitive Data at Risk: Managing Exposure & Governance During M&A. With Constantin Stanca of @Snowflake, @kenowens12 of @Fiserv & Jeff Weber of @bigidsecure. M&A are high-stakes inflection points for financial institutions & data. api.cyfluencer.com/s/sensitive-...