Avsnitt
-
450%. That's how much more network traffic an AI agent generates than a human doing the same task. Cisco measured it, put it on the big screen at Cisco Live 2026, and then rebuilt its entire company around it.
Last week in Las Vegas, Cisco made its biggest platform bet in two decades: every product — Catalyst, Meraki, Nexus, security, collaboration, Splunk — managed from one place, Cisco Cloud Control. This episode tears down what's real, what's vapor, and what it means for your network.
What you'll hear:
• Cloud Control — what it actually unifies, the AI runbooks, autonomous remediation, and the Codex natural-language agent builder
• Cisco IQ, the sleeper hit — 2,036 customers onboarded vs. 800 expected, 88% support-case routing, the end of the 35-minute data-collection phase
• The math: 450% more traffic per agent · AI traffic tripling in 3 years · tokenomics ($200/week per AI employee → $400M/year at 40,000)
• Post-Mythos security — Live Protect rebootless mitigation, Nexus 9K smart switches with L4 firewalls in the data plane, the agentic SOC discarding 92% of alerts
• Vendor English, translated — AgenticOps, "trillions of agents," and which claims are shipping vs. decorative
• The Monday playbook — four things to actually do this week
The products are real. The math is scary. The dashboard promise? Ask us again at Cisco Live 2027.
Sources: Cisco Live 2026 keynotes (Robbins, Patel, Centoni — Las Vegas, June 2026) · Cisco Newsroom keynote TL;DR · SiliconANGLE five takeaways · Computer Weekly post-Mythos analysis · Anthropic Claude Mythos / Project Glasswing disclosures (April 2026).
— Andrés Sarmiento
#CiscoLive #networking #AgenticOps #CloudControl #cybersecurity #TechUpdates -
45 to 1. In the average enterprise, for every human user there are 45 machine identities. Every API key. Every service account. Every agent token. Every secret in every config file. Your IAM platform probably tracks about 2% of them. That's where the breaches are coming from now — Snowflake, GitHub PATs, Azure IMDS. This episode unpacks the NHI crisis, the vendor landscape, and the three control patterns that actually work this quarter.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📚 WHAT YOU'LL LEARN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ What counts as a non-human identity (it's more than service accounts)
✅ The 45:1 ratio — and why it's 200:1 in agentic shops
✅ Why "service account" is doing too much work (meet Dave)
✅ How Snowflake, GitHub PAT theft, and Azure IMDS all trace to NHIs
✅ Why your PAM solution doesn't cover any of this
✅ The NHI vendor landscape — Astrix, Oasis, Clutch, Teleport, Natoma
✅ The 3 control patterns that work (inventory, rotate, scope down)
✅ Why agents make this 10× worse by 2027
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⏱ CHAPTERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0:00 Intro — the 45:1 ratio
0:49 What is an NHI? (it's not just service accounts)
2:05 Dave is your problem
2:48 The breach file — Snowflake, GitHub PAT, Azure IMDS
4:20 Why PAM doesn't cover this
5:24 The NHI vendor landscape (still a 2-year-old category)
6:30 The 3 control patterns that work
7:46 Agents are NHIs — the 500:1 future
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎯 THE MEMORABLE LINES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
• "A service account was created by Dave in 2017, has god-mode permissions, no rotation policy, is used by 42 systems nobody audited, and Dave left in 2020."
• "Snowflake did what Snowflake was told to do. The instructions were 'trust this credential.' Guess what didn't have MFA."
• "We are about to go from 45-to-1 to 500-to-1."
• "Stop hardcoding secrets in your Git repos. Every scanner finds them in the first five minutes."
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🛠 THE 3 FREE CONTROL PATTERNS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
• Inventory — you can't secure what you can't see
• Rotate — replace long-lived creds with short-lived alternatives
• Scope down — every NHI has more perms than it needs
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📡 TECH UPDATES · THE PODCAST
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔗 techupdates.it-learn.io
Previous → EP20 · Typhoon Season, One Year Later
End of the EP17–21 arc. Thanks for listening.
#TechUpdates #NHI #NonHumanIdentity #IAM #Snowflake #GitHub #PAM #Astrix #Oasis #Teleport #IdentitySecurity #CyberSecurity
-
Saknas det avsnitt?
-
$140K. When you mess up, the lights go out for real.
Final episode of TechUpdates Special Series. The most consequential security job almost nobody talks about — defending the systems that keep the country running. Power grids. Water utilities. Petrochemical plants. Pipelines.
What you'll hear:
• What OT/ICS defenders actually do — segmentation, SCADA patching, PLC defense, plant-engineer coordination
• Comp reality — why OT pays 40–60% less than cloud security at the same companies, and the "purpose tax"
• The real stakes: Ukraine 2015 grid attack · Triton 2017 (Saudi Arabia) · Oldsmar 2021 · Aliquippa 2023 · Volt Typhoon pre-positioning across U.S. critical infrastructure
• A real day — substations at 6 AM, vendors that still ship Windows 7 SCADA, plant managers explaining why your last predecessor retired in 2015
• The two paths in — plant engineer to security, or IT security to OT — and why CISSP doesn't help but GICSP does
• LinkedIn's "critical infrastructure defender" vs. the actual day (30% travel to plants, 20% talking plant engineers into caring)
When you mess up here, there's a body count. When you do it right, nobody notices the lights stayed on. That's the whole job description. And it matters more every year as adversaries pre-position inside the operational networks of utilities they intend to disrupt on a date of their choosing.
Sources: CISA joint advisory on Volt Typhoon (early 2024) · Ukrainian power grid attack (Dec 2015) · Triton/TRISIS analysis (Saudi Arabia, 2017) · Oldsmar water treatment incident (Florida, 2021) · Aliquippa Municipal Water Authority compromise (Pennsylvania, 2023, attributed to CyberAv3ngers).
That wraps the Special Series. Pick the role that fits you. The field is wide.
— Andrés Sarmiento
#OTSecurity #ICSSecurity #CriticalInfrastructure #VoltTyphoon #cybersecurity #TechUpdates -
In late 2024, Verizon, AT&T, and T-Mobile all admitted the same thing: their lawful-intercept systems — the ones they build for law enforcement — had been compromised by a Chinese state actor called Salt Typhoon. Years of dwell time. Wiretap infrastructure for politicians, including a presidential campaign. Sixteen months later, what have we actually fixed? Plus — why Volt Typhoon is the warning shot nobody's responding to, and why OT networks are still flat.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📚 WHAT YOU'LL LEARN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ The Salt / Volt / Flax Typhoon lineup — who they are, what they do
✅ How Salt Typhoon abused CALEA — the FBI's own backdoor
✅ Why Volt Typhoon is military pre-positioning, not espionage
✅ CISA's Feb 2026 lessons-learned report — wins and ugly parts
✅ Why OT networks remain "largely unchanged" from pre-2023 posture
✅ The defensive playbook that ties to Network+ Obj 3.5 (out-of-band mgmt, jump servers)
✅ Why this can't be fixed with a product purchase — it needs policy
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⏱ CHAPTERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0:00 Intro — 3 telecoms, same breach, same actor
0:49 The Typhoon lineup — Salt, Volt, Flax
2:07 CALEA — the 1994 law that became an attack surface
3:42 CISA's 2026 report — wins and ugly parts
5:06 OT is still flat — the uncomfortable truth
6:51 The defensive playbook — segmentation, zero-trust OT, OOB mgmt
8:45 The real lesson — this is policy, not a product
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎯 THE MEMORABLE LINES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
• "The FBI's backdoor is also the PRC's backdoor."
• "Predicted — by everyone. Dismissed — by everyone in government. Here we are."
• "You don't get promoted for the attack that doesn't happen."
• "Volt Typhoon is what happens when nobody replaces the kit."
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📡 TECH UPDATES · THE PODCAST
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔗 techupdates.it-learn.io
Previous → EP19 · AI Is Eating the Grid
Up next → EP21 · Non-Human Identities Are Eating Your Network
#TechUpdates #SaltTyphoon #VoltTyphoon #CALEA #CriticalInfrastructure #OTSecurity #Telecoms #CISA #CyberPolicy #ChinaCybersecurity
-
$450K. The job didn't exist 24 months ago. Every Fortune 500 is hiring.
Episode three of TechUpdates Special Series. AI bug bounties have crossed six figures for a single prompt injection. Frontier labs run model evaluation contests with prize pools in the hundreds of thousands. Two years ago the title "AI Security Engineer" was on zero org charts. Today it's on most of them.
What you'll hear:
• What an AI security engineer actually does — red-team LLMs, secure RAG pipelines, defend training data and weights, write guardrails
• Compensation in price discovery — Fortune 500 $180–250K, big tech $350–500K, frontier labs $700K–$1M+
• The full attack surface: prompt injection, indirect prompt injection, embedding exfiltration, training data poisoning, weight theft, agentic misalignment
• A real day — jailbreak harness, code review of an agent, adversarial eval, MCP review, post-mortem on the attack that almost worked
• The two paths in — security to AI, or AI to security — and why path three doesn't exist yet
• LinkedIn's "responsible AI leader" vs. the actual day (30% red-teaming models, 30% shipping guardrails to production)
This is the most leveraged role in security right now. The hype is loud. The opportunity is real. Don't let one stop you from seeing the other.
Sources: public AI bug bounty programs at Anthropic / OpenAI / Google · OWASP Top 10 for LLM Applications · industry comp data at frontier labs.
Next in the series: The OT/ICS Defender.
— Andrés Sarmiento
#AISecurity #LLMSecurity #PromptInjection #infosec #cybersecurity #TechUpdates -
In 2024, Microsoft signed a 20-year power purchase agreement to restart Three Mile Island. The nuclear plant. The one from the disaster. In 2025, Amazon bought a small modular reactor. In 2026, Meta locked up 20 years of natural gas at a cost nobody will put on record. We are watching hyperscalers become utilities. This episode covers the numbers, the deals, the grid bottleneck, the green accounting scandal, and the policy fight coming to your electric bill.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📚 WHAT YOU'LL LEARN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ The 2020 → 2030 data center power trajectory (spoiler: vertical)
✅ Training energy costs for GPT-4 class vs GPT-5 class models
✅ The PPA deals board — Microsoft/TMI, Amazon/SMR, Google/geo, Meta/gas
✅ Why the US grid can't take it — 5-to-7-year interconnect queues
✅ The Loudoun County story — one Virginia county, 35% of global cloud
✅ The Scope 3 carbon accounting scandal
✅ Who actually pays for this (hint: your electric bill)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⏱ CHAPTERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0:00 Intro — Microsoft reopens Three Mile Island
0:44 The data center power trajectory (2020 → 2030)
2:00 The deals board — who bought what
3:38 The grid breaks — PJM, ERCOT, interconnect queues
5:10 Loudoun County, Virginia — the canary
6:29 The green accounting scandal
7:53 Who pays — your electric bill
9:09 Watch list — the 2027 indicators
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎯 THE MEMORABLE LINES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
• "The thing about nuclear is, everyone's pro-nuclear until it shows up next to their data."
• "You cannot offset training a frontier model with forest credits. The carbon is burning. The trees are optional."
• "By 2030, data centers will consume the electricity of an always-on Japan that does nothing but run AI."
• "Most creative accounting since WeWork."
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📡 TECH UPDATES · THE PODCAST
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔗 techupdates.it-learn.io
Previous → EP18 · The Supply Chain Attack Nobody's Talking About
Up next → EP20 · Typhoon Season, One Year Later
#TechUpdates #AIPower #DataCenters #ThreeMileIsland #SMR #Hyperscalers #GridInfrastructure #Microsoft #AWS #Meta #Google #Sustainability
-
$240K. No degree required. The SOC analyst is dead.
Episode two of TechUpdates Special Series. The SOC industry quietly restructured itself in the last 18 months — tier-one analyst headcount shrinking, SIEM vendors pivoting their pitch — and one role pulled away with software-engineer-grade compensation. The Detection Engineer.
What you'll hear:
• What detection engineers actually do (write detections, tune false positives, hunt, partner with the red team)
• The pay reality — tier-1 SOC $80K vs. principal detection engineer $350K+ at top tech
• Detection-as-code: why "80 alert categories become 800 detections" with the same headcount
• A real day — standup, tuning, hunt, purple team, coffee. No on-call rotation at well-run shops.
• The 6-year path in (vs. the 15-year CISO ladder) — and why zero certifications matter for this role
• LinkedIn's "cyber sherlock" branding vs. the YAML-wrangling reality
If you're a SOC analyst right now, this episode is your map. The role that's replacing yours pays more, ships actual code, and treats security as a software-engineering discipline — not a queue you acknowledge.
Sources: public Splunk and Elastic detection-as-code case studies · industry compensation surveys at Fortune 500 / FAANG / streaming companies.
Next in the series: The AI Security Engineer.
— Andrés Sarmiento
#cybersecurity #DetectionEngineering #ThreatHunting #SOC #SIEM #TechUpdates -
In February, a maintainer of a widely-used npm package pushed a release that shipped malware to 47,000 downstream applications. The maintainer's GitHub account had been compromised four months earlier. Nobody noticed. It happened again in March. Again in early April. This episode is the supply chain security story the vendors aren't telling you correctly.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📚 WHAT YOU'LL LEARN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ The 4 Q1 2026 supply chain incidents you may have missed
✅ Maintainer takeover — the 5-step playbook attackers actually use
✅ Why SBOM (Software Bill of Materials) doesn't prevent this
✅ SLSA (pronounced "salsa") levels — and why <1% of enterprise hits Level 3
✅ Sigstore adoption by registry — the ugly numbers
✅ The pragmatic defense playbook for a 50-person shop
✅ What package maintainers need to hear right now
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⏱ CHAPTERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0:00 Intro — the February npm incident
0:49 The Q1 2026 timeline — 4 incidents, 4 vectors
2:01 Maintainer takeover — the 5-step template
3:39 SBOM theater vs reality
4:35 SLSA adoption by level
5:39 Sigstore adoption by registry
6:36 The pragmatic defense — what to do this quarter
8:29 To the maintainers watching — enable MFA. Please.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎯 THE MEMORABLE LINES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
• "An SBOM is a receipt. It's proof you bought the groceries. It does not mean you cooked dinner."
• "94% of enterprise builds are still at SLSA Level 1."
• "If your CI can push to npm, steal crypto wallets, and read your production database — that's not a CI account. That's a supervillain."
• "We are collectively running on trust and good luck."
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🛡 THE PRAGMATIC DEFENSE CHECKLIST
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
• Hard-pin every dependency · no floating ranges
• Dependabot/Renovate with auto-merge OFF · review every diff
• Dependency firewall (JFrog, Cloudsmith, Artifactory)
• Minimize your supply chain — every dep is a trust decision
• Segregate build credentials · principle of least privilege on CI
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📡 TECH UPDATES · THE PODCAST
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔗 techupdates.it-learn.io
🔔 Subscribe for the full EP17–21 run.
Previous → EP17 · The Collapse of SaaS
Up next → EP19 · AI Is Eating the Grid
#TechUpdates #SupplyChainSecurity #npm #SBOM #SLSA #Sigstore #DevSecOps #OpenSource #MaintainerSecurity
-
$1.4M comp. SEC subpoena. Same job.
Welcome to TechUpdates Special Series — four episodes on the cybersecurity roles people actually want to hear about. We start with the only C-suite job in tech where doing it right can still get you indicted: the CISO.
What you'll hear:
• What a CISO actually does (and what they delegate)
• The real comp ladder — Series B startup $250K → Fortune 500 $800K → big tech $1.4M+
• The Tim Brown and Joe Sullivan reckoning: why CISOs now face personal SEC and DOJ exposure
• A composite 24-hour day, from 7 AM board prep to a 3 AM pager
• The 15-year path to the seat — and the 18-month average tenure once you're in
• What LinkedIn promises ("strategic visionary") vs. what the calendar actually delivers (60% vendor management)
We say it straight: this is the most consequential security job in tech when the company backs you, and the worst job in tech when they don't. Pick the company before you pick the title.
Sources referenced: SEC v. SolarWinds & Timothy G. Brown (Oct 2023) · United States v. Joseph Sullivan (Uber, conviction Oct 2022) · public CISO compensation surveys.
Next in the series: The Detection Engineer — the role that quietly killed the SOC.
— Andrés Sarmiento
#cybersecurity #CISO #infosec #SecurityLeadership #SolarWinds #TechUpdates -
"SaaS is dead." Satya Nadella said it on All-In in late 2024. Everyone laughed. Eighteen months later, Klarna went on the record — they fired Salesforce, fired Workday, and replaced them with Python scripts wired to Claude. ~$40M in annual SaaS spend. Gone. This episode breaks down what's actually happening to enterprise software, which layer is getting compressed, which layer is getting bigger, and what IT buyers should do Monday.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📚 WHAT YOU'LL LEARN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ What Nadella actually predicted vs what sounded absurd at the time
✅ The Klarna playbook — exactly what got replaced, and with what
✅ The 4 layers of every SaaS product (and which 3 are now commodity)
✅ Which SaaS categories are getting compressed (middleware, dashboards, generic CRM/HRIS)
✅ Which categories get bigger (infra, APIs-as-products, vertical SaaS, IAM, GRC)
✅ The per-seat pricing collapse — what vendors are trying instead
✅ What to actually do Monday if you're in IT leadership
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⏱ CHAPTERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0:00 Intro — "SaaS is dead"
0:38 The Klarna teardown
1:26 What SaaS actually sold — the 4 layers
2:37 What's getting cooked — dying categories
3:54 What survives — the layer that gets bigger
5:15 Pricing model chaos
6:26 What to do Monday — 5-step playbook
7:52 The real story — the dashboard tax is dead
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎯 THE MEMORABLE LINES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
• "Companies were paying two thousand dollars a seat for permissions and a log file."
• "Buyer's market for the first time in a decade."
• "The middle layer is getting compressed — infrastructure is bigger than ever."
• "Do not sign a three-year SaaS deal in 2026. Do not."
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📡 TECH UPDATES · THE PODCAST
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Tech Updates covers the real stories behind enterprise tech — no hype, no vendor pitches. Host: Andrés Sarmiento.
🔗 techupdates.it-learn.io
🔔 Subscribe for the rest of the EP17–21 run: SaaS, Supply Chain, AI Power, Typhoons, NHIs.
Up next → EP18 · The Supply Chain Attack Nobody's Talking About
#TechUpdates #SaaS #Klarna #EnterpriseTech #AgenticAI #Nadella #ITLeadership #CIO #EnterpriseSaaS
-
In 2022, the median time between initial access and the secondary threat hand-off was 8 hours. At RSAC 2026, Mandiant put the new number on the main stage: 22 seconds. That one stat explains everything that got announced in San Francisco this year.
This episode of Tech Updates is a full RSAC 2026 recap — the product flood, the agentic AI pivot, and the six predictions every CISO and senior engineer should be tracking over the next 12 months.
⏱ CHAPTERS
0:00 — Intro
0:03 — Cold open: the 22-second attacker hand-off
0:31 — Segment 1: Agentic AI, for real this time
2:20 — Agent Identity & Runtime Control
3:35 — Agentic SOC & the Death of the SIEM
5:09 — AI-Generated Code Security
5:43 — Post-Quantum, Quietly
6:36 — Palo Alto's Full Stack
6:55 — The Cryptographers' Panel
8:10 — Six Predictions for the Next 12 Months
10:45 — The honest takeaway
🔑 VENDORS & PRODUCTS COVERED
• Cisco DefenseClaw · Duo IAM for agents
• Microsoft Entra ID + Foundry guardrails
• Teleport Beams (per-agent Firecracker micro-VMs)
• 1Password Unified Access (Anthropic, Cursor, GitHub, Perplexity, Vercel)
• Astrix Security · shadow agent coverage
• Databricks Lakewatch — agentic SIEM
• Google Cloud Triage & Investigation Agent
• Accenture + Anthropic Cyber.AI
• CrowdStrike Charlotte AI AgentWorks
• SentinelOne Prompt AI Agent Security
• Secure Code Warrior Trust Agent: AI
• Black Duck Signal
• ZeroTier Quantum (hybrid PQC transport)
• Palo Alto Prisma AIRS 3.0 · Agentic SASE · Prisma Browser for Business
• pQCee crypto-agile CNG
• SandboxAQ AQtive Guard
• Acalvio 360 Deception
🎤 KEY QUOTES
"With chatbots you worry about getting the wrong answer. With agents you worry about taking the wrong action." — Jeetu Patel, Cisco
"AI will kill the SIEM in 2026." — Ali Ghodsi, Databricks CEO (CNBC)
"The cryptographic algorithms have really held up over the last 25 years. You can't say that about a lot of areas within cybersecurity." — Paul Kocher, 25th Cryptographers' Panel
"We're spending more on cybersecurity than ever before, but the breaches keep happening. Something is fundamentally broken about how we've approached this problem." — Karl Van den Bergh, Illumio
🎯 SIX PREDICTIONS FOR THE NEXT 12 MONTHS
1. Non-human identity becomes the primary identity problem
2. MCP is now part of the attack surface — treat it like an API gateway
3. The SOC gets automated, or it gets outrun
4. Prompt injection is the new SQL injection
5. Post-quantum is closer than you think (CNSA 2.0 deadlines are real)
6. Active defense and deception are coming back
📚 SOURCES
Mandiant M-Trends 2026 · RSAC 2026 official press releases · SecurityWeek daily roundups · Help Net Security · Futuriom · Google Cloud blog · Lumu Technologies recap · Biometric Update · Govtech Lohrmann column · Hive Pro disclosure of Operation Olalampo + Rust-based Char backdoor
🎧 LISTEN & SUBSCRIBE
Spotify · Apple Podcasts · YouTube
techupdates.it-learn.io
New episode every week.
#RSAC2026 #AgenticAI #Cybersecurity #SIEM #ZeroTrust #PostQuantum #InfoSec #CISO #MCP #PromptInjection #AIAgents #RSAConference
-
Malware isn't just "a virus." It's a whole ecosystem of tools designed to damage, steal, spy, and extort — and in 2026 it's more dangerous than ever. This episode is your complete field guide.
WHAT IS MALWARE?
Malware (malicious software) is any program intentionally designed to harm a system, steal data, or gain unauthorized access. It's not accidental — it's engineered.
THE 5 MAJOR TYPES
Viruses & Worms
Viruses attach to clean files and spread when a user runs them. Worms self-replicate without any user interaction — ILOVEYOU (2000) infected 50 million machines in 10 days.
Trojans & Ransomware
Trojans disguise themselves as legitimate software. Ransomware encrypts your files and demands payment — Colonial Pipeline paid $4.4M in 2021. Double extortion is now standard: pay or we publish your data.
Spyware & Keyloggers
Spyware silently monitors your activity. Keyloggers capture every keystroke — passwords, credit cards, everything. Pegasus (NSO Group) targeted journalists and world leaders via a single missed call.
Rootkits & Botnets
Rootkits hide deep in the OS or firmware — the only guaranteed fix is a full OS wipe. Botnets turn your device into a zombie for DDoS attacks, spam, and crypto mining. Mirai (2016) infected IoT cameras and routers, then took offline Twitter, Netflix, Reddit, and Amazon.
HOW MALWARE GETS IN
- Phishing emails — #1 delivery method
- Drive-by downloads — visit a compromised site, malware auto-downloads
- Malvertising — malicious ads on legitimate websites
- USB drops — infected drives left in public places
- Unpatched vulnerabilities — no user interaction needed
- Supply chain attacks — SolarWinds (2020) hit 18,000 organizations including US government agencies
DEFENSE IN DEPTH — 7 LAYERS
01. Patch everything — OS, apps, firmware
02. Endpoint protection / EDR — behavioral detection catches what signatures miss
03. Email filtering + sandboxing — detonate attachments before delivery
04. Least privilege access — limits blast radius
05. 3-2-1 Backups — 3 copies, 2 media types, 1 offsite, immutable
06. Security awareness training — humans are the #1 attack surface
07. Network segmentation / Zero Trust — never trust, always verify
2024–2026 THREAT TRENDS
- Ransomware-as-a-Service (RaaS): criminals rent malware like a SaaS subscription — no coding required
- AI-powered malware: better phishing, polymorphic evasion that adapts to bypass defenses
- IoT explosion: billions of unpatched smart devices are easy targets
- Nation-state attacks: Stuxnet, Flame, Triton, Pegasus — government-grade malware in the wild
- Average ransomware attack cost in 2024: $4.5 million (downtime, recovery, legal)
- Reminder: paying the ransom does NOT guarantee you get your files back
THE BOTTOM LINE
Malware is intentional. Understanding how each type works is the first step to defending against it. No single tool protects you — layers do.
New episode every week. Subscribe on Spotify, Apple Podcasts, or YouTube.
techupdates.it-learn.io
-
Tech Updates — Ransomware in 2026: Industrial Extortion and How to Fight Back
Ransomware isn't just encryption anymore. In 2026, it's a full extortion operation — and it's getting more aggressive as fewer victims pay up.
What's changed: Ransomware-as-a-Service has effectively lowered the barrier to entry for cybercrime, and in 2026 it's the dominant engine driving the threat landscape. Huntress Groups now layer encryption with data theft, DDoS attacks, and direct victim harassment. Many groups are skipping encryption entirely in 2026 — focusing purely on data exfiltration, which puts organizations under immediate legal and reputational pressure even if systems stay online. Level
Three attack scenarios covered in this episode:
Credential-based intrusion — Stolen logins, no MFA, AD enumeration, Kerberoasting, domain takeover, backup destruction, then encryptionHypervisor compromise — Unpatched ESXi vulnerabilities, VM datastore encryption, snapshot manipulation, bundled DDoSAI-assisted data-only extortion — Deepfake phishing, silent exfiltration, no encryption, no early alertsKey defenses: Phishing-resistant MFA (FIDO2/passkeys) · Privileged Access Management · EDR/XDR with behavioral rules · Immutable/air-gapped backups (3-2-1-1-0 rule) · Network microsegmentation · Zero Trust Network Access · Aggressive patching prioritized by the CISA KEV catalog · Rapid EDR auto-quarantine on encryption indicators
📎 Resources & Further Reading
🔗 CISA StopRansomware Guide — https://www.cisa.gov/stopransomware 🔗 CISA Known Exploited Vulnerabilities (KEV) Catalog — https://www.cisa.gov/known-exploited-vulnerabilities-catalog 🔗 Verizon 2025 Data Breach Investigations Report — https://www.verizon.com/business/resources/reports/dbir/ 🔗 Ransomware Trends 2026 (Huntress) — https://www.huntress.com/ransomware-guide/ransomware-trends 🔗 Ransomware Statistics & Facts 2026 (TechTarget) — https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts 🔗 Top 10 RaaS Operations 2026 (Cyber Sierra) — https://cybersierra.co/blog/top-ransomware-operations-2026/ 🔗 10 New Ransomware Groups of 2025 (Cyble) — https://cyble.com/knowledge-hub/10-new-ransomware-groups-of-2025-threat-trend-2026/
-
Description / Summary:
Phishing remains the #1 initial access vector in 2026, now supercharged by generative AI, voice cloning, and multimodal deception. This episode dissects classic phishing, spear-phishing, smishing (SMS), vishing (voice), and emerging AI variants (hyper-personalized content, real-time voice synthesis, deepfake video calls).
We walk through realistic attack scenarios with indicators of compromise (IOCs), attack chains, and living-off-the-land techniques—then deliver layered, modern defenses: phishing-resistant MFA, behavioral analytics, zero-trust controls, DMARC enforcement, and AI-native detection.
Key Takeaways:
Modern phishing uses perfect grammar, OSINT personalization, and urgency manipulation—no typos needed.
AI variants generate tailored messages in seconds, clone voices from public audio, and simulate live video calls for multi-million BEC fraud.
Core attack chains: credential harvesting → token/session replay → lateral movement or ransomware.
Strongest defenses: FIDO2/passkeys (phishing-resistant), behavioral EDR rules (block anomalous process spawning), strict DMARC p=reject, continuous posture checks, and multi-vector simulated attacks.
Organizations must assume AI acceleration—prioritize cryptographic MFA, URL rewriting/sandboxing, and verification protocols over awareness alone.
Links
Classic & Spear-Phishing Scenarios:
Microsoft Defender for Office 365 – Phishing Attack Chain Examples – https://learn.microsoft.com/en-us/defender-office-365/anti-phishing-protection
Proofpoint 2025 State of the Phish Report (attack trends & indicators) – https://www.proofpoint.com/us/resources/threat-reports/state-of-the-phish
Smishing & Vishing (including quishing):
CISA – Smishing and Vishing Guidance (technical indicators & mitigations) – https://www.cisa.gov/news-events/news/smishing-and-vishing
FBI Internet Crime Complaint Center (IC3) – Business Email Compromise & Voice Impersonation Alerts – https://www.ic3.gov/Media/Y2026/PSA250301
AI-Enhanced Phishing & Deepfakes:
Google Cloud Blog – AI-Powered Phishing Detection & Voice Cloning Risks (2026) – https://cloud.google.com/blog/topics/threat-intelligence/ai-enhanced-phishing-2026
Dark Reading – Deepfake Video Calls Enable Record BEC Losses (case studies) – https://www.darkreading.com/cyberattacks-data-breaches/deepfake-video-calls-business-email-compromise
Defenses & Phishing-Resistant MFA:
NIST SP 800-63B – Digital Identity Guidelines (FIDO2 & phishing-resistant authenticators) – https://pages.nist.gov/800-63-3/sp800-63b.html
Yubico – Implementing Phishing-Resistant MFA (practical deployment guide) – https://www.yubico.com/authentication-standards/fido2/
-
Summary:
In this fast-paced technical roundup, we cover three high-impact cybersecurity developments from the last 7 days (Feb 28–Mar 4, 2026): escalating Iranian-linked cyber operations amid U.S.-Israel strikes, CISA's addition of an actively exploited VMware Aria Operations command injection flaw to the KEV catalog, and the University of Hawaiʻi Cancer Center's disclosure of a 2025 ransomware attack exposing up to 1.2 million individuals' sensitive data.
We break down attack vectors, indicators of compromise, exploitation mechanics, and immediate defensive steps—essential listening for SOC teams, incident responders, and risk managers navigating blended threats, virtualization vulnerabilities, and long-tail data extortion.
Geopolitical Cyber Escalation (Iran-linked activity post-Feb 28 strikes):
Canadian Centre for Cyber Security Threat Bulletin – https://www.cyber.gc.ca/en/guidance/cyber-threat-bulletin-iranian-cyber-threat-response-usisrael-strikes-february-2026
Palo Alto Networks Unit 42 Threat Brief (phishing campaign details) – https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026
VMware Aria Operations Vulnerability (CVE-2026-22719):
CISA Known Exploited Vulnerabilities Catalog Addition – https://www.cisa.gov/news-events/alerts/2026/03/03/cisa-adds-two-known-exploited-vulnerabilities-catalog
Broadcom Security Advisory VMSA-2026-0001 – https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
University of Hawaiʻi Cancer Center Ransomware Breach:
Official UH Cancer Center Notice of Cyberattack – https://www.hawaii.edu/news/2026/02/27/notice-of-cyberattack-uh-cancer-center
HIPAA Journal Coverage (impact and timeline details) – https://www.hipaajournal.com/university-of-hawaii-cancer-center-ransomware-data-breach
-
Description / Summary:
In this technical deep dive, we examine leading products for microsegmentation at the application and workload level—essential for stopping lateral movement in hybrid, multi-cloud, and containerized environments. As breaches become inevitable, these solutions enforce least-privilege policies based on process identities, behaviors, dependencies, and real-time telemetry, using host-based enforcement, AI-driven recommendations, and dynamic containment.
We cover three standout platforms:
Illumio Zero Trust Segmentation: Host/agentless visibility, AI-powered policy computation, and rapid breach isolation.
Akamai Guardicore Segmentation: Process-level kernel enforcement, automated policy generation, and Osquery threat hunting.
Cisco Secure Workload: Workload dependency graphing, eBPF tracing, and ACI/Kubernetes integration.
Stay neutral as we highlight technical architectures, enforcement mechanisms, and 2025-2026 enhancements like agentless modes, ML anomaly detection, and scalability for thousands of workloads.
Supporting Links:
Illumio Zero Trust Segmentation Overview – https://www.illumio.com/illumio-segmentation
Akamai Guardicore Segmentation Product Page – https://www.akamai.com/products/akamai-guardicore-segmentation
Cisco Secure Workload Documentation & Releases – https://www.cisco.com/c/en/us/support/security/tetration/products-release-notes-list.html
Gartner Peer Insights: Network Security Microsegmentation (2026 Customers' Choice mentions) – https://www.gartner.com/reviews/market/network-security-microsegmentation
Akamai Segmentation Impact Study 2025 – https://www.akamai.com/site/en/documents/research-paper/segmentation-impact-study-2025.pdf
-
The Future of Firewalls: Hybrid Mesh Architectures Take Center Stage in 2026
In this episode of Tech Updates, we explore the evolving world of network security as traditional firewalls give way to hybrid mesh architectures. With enterprises operating across on-premises, multi-cloud, edge, and remote environments, unified protection is no longer optional—it's essential.
Gartner formalized the Hybrid Mesh Firewall (HMF) category in its inaugural 2025 Magic Quadrant, predicting that over 60% of organizations will deploy multiple firewall types by 2026. We break down what HMF means technically—multi-deployment firewalls (hardware, virtual, cloud-native, FWaaS) managed from a single cloud-based plane for consistent policies, threat prevention, and reduced complexity.
We cover key developments from leading vendors:
Palo Alto Networks' Strata platform unifying PA-Series, VM-Series, CN-Series, and cloud options with AI-powered threat intel.Fortinet's FortiOS convergence across appliances and cloud, emphasizing ASIC performance and Security Fabric integration.Cisco's Hybrid Mesh Firewall with intent-based policy management via Security Cloud Control and Mesh Policy Engine, supporting multi-vendor enforcement (including third-party like Palo Alto and Fortinet).Plus quick mentions of Check Point, Juniper/HPE, and others pushing similar unified approaches.
Key Takeaways:
Hybrid mesh firewalls simplify ops with centralized management while extending advanced protections (DPI, microsegmentation, AI detection) everywhere.
The shift addresses east-west threats, hybrid work, and multi-cloud realities—no more silos.
Expect more SASE/SSE integration and quantum-readiness in the coming years.
Listen in for a neutral, technical deep dive into where firewall tech is headed. Subscribe for more updates on emerging security trends!
If you found this information useful share with a friend or colleague, Thank you for your support.
Feel free to tweak these—let me know if you'd like more title options or adjustments to the notes!
Gartner Magic Quadrant for Hybrid Mesh Firewall (official report page, August 2025)https://www.gartner.com/en/documents/6871166Palo Alto Networks: Leader in the 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall (with download link)https://start.paloaltonetworks.com/gartner-hybrid-mesh-firewalls-mq-2025Fortinet: Leader in the 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall (highest in Ability to Execute)https://www.fortinet.com/resources/analyst-reports/gartner-magic-quadrant-hmfCisco Hybrid Mesh Firewall Overview (with Security Cloud Control and unified management details)https://www.cisco.com/site/us/en/solutions/security/hybrid-mesh-firewall/index.htmlPalo Alto Networks Blog: What Is a Hybrid Mesh Firewall and Why It Matters (explains Strata platform unification)https://www.paloaltonetworks.com/blog/2025/08/hybrid-mesh-firewall-and-why-it-matters -
1. Palo Alto Networks Prisma Access
Feb 2025 (Prisma SD-WAN): Flow visualization, SGT propagation, GCM encryption, ION 9300 support.https://docs.paloaltonetworks.com/prisma-sd-wan/release-notes/new-features/prisma-sd-wan-release-information/prisma-sd-wan-features-introduced-in-2025/features-introduced-in-february-2025Aug 2025 (Strata Cloud Manager): Entity timestamps, region-based config management.https://docs.paloaltonetworks.com/content/techdocs/en_US/strata-cloud-manager/release-notes/new-features-strata-cloud-manager/new-features-in-august-20252. Zscaler
2025 Upgrades (ZIA/ZPA/ZDX): EDM/IDM in email DLP, tenancy restrictions, Sandbox tokens, NSS exclusions.https://help.zscaler.com/zia/release-upgrade-summary-2025https://help.zscaler.com/zpa/release-upgrade-summary-2025Jan/Feb 2026: AI Security Suite, Client Connector 4.7/4.8 (strict enforcement, offload controls, DNS fixes, vuln mitigations). https://www.zscaler.com/press/zscaler-unveils-new-innovations-secure-enterprise-ai-adoptionhttps://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2026https://help.zscaler.com/zscaler-client-connector/release-upgrade-summary-2026ZPA Feb 2026: RHEL 8/9 RPMs, Private Service Edge VPN (IPsec/GRE, BGP).https://help.zscaler.com/zpa/release-upgrade-summary-20263. Cisco Secure Access
2025: Universal ZTNA, trusted network detection, scheduled rules, endpoint/email DLP (ML inspection).https://www.cisco.com/site/us/en/products/security/secure-access/index.htmlhttps://www.cisco.com/c/en/us/td/docs/security/cdo/whats-new-for-cisco-defense-orchestrator/m-features-highlights-of-2025.htmlFeb 2026: AI Defense (supply chain governance, prompt injection protection), AI-Aware SASE, ThousandEyes app insights. https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m02/cisco-redefines-security-for-the-agentic-era.htmlAdditional: Hybrid ZTNA, AI Access, policy assurance, enterprise browser.https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2025/pdf/BRKSEC-2285.pdf -
🎙️ Tech Updates Weekly
Episode: How Exploit Kits Are Automating Attacks Against Recent CVEs
Exploit kits are transforming how cyberattacks happen — automating vulnerability exploitation at internet scale and dramatically shrinking the window between disclosure and compromise.
In this episode, we break down how exploit kits work, why recent CVEs are being weaponized faster than ever, and what defensive teams must do to stay ahead.
Attackers are no longer relying on manual exploitation. Instead, they’re leveraging automated frameworks that continuously scan the internet, identify vulnerable systems, and deploy payloads within hours of vulnerability disclosure.
Understanding this shift is critical for security teams, IT leaders, and anyone responsible for protecting internet-facing infrastructure.
🧭 Episode Breakdown
Section 1 — How Exploit Kits Work
Exploit kits are automated attack platforms that allow attackers to scan, identify, and exploit vulnerable systems at scale.
Section 2 — Why CVEs Are Being Exploited Faster Than Ever
The time between vulnerability disclosure and active exploitation continues to shrink.
Section 3 — How Defensive Teams Can Stay Ahead
Security teams must shift from reactive patching to proactive exposure management.
Key defensive strategies include:
🎯 Key Takeaways
Exploit kits automate vulnerability exploitation at scaleThe exploitation window after CVE disclosure is shrinking rapidlyInternet-facing infrastructure is the primary targetPatch prioritization and attack surface reduction are criticalProactive defense is essential in today’s threat landscape🔗 Recommended Resources
CISA Known Exploited Vulnerabilities Cataloghttps://www.cisa.gov/known-exploited-vulnerabilities-catalogNIST National Vulnerability Databasehttps://nvd.nist.gov/MITRE CVE Databasehttps://www.cve.org/SANS Internet Storm Centerhttps://isc.sans.edu/ -
This week on Tech Updates:
A critical 9.8 vulnerability in Honeywell CCTV systems.
Ransomware groups increasingly targeting firewalls.
And a surge of high-severity CVEs hitting infrastructure this week alone.
The perimeter is no longer just a boundary — it’s the battlefield.
If you manage firewalls, IoT, or internet-facing systems, this episode breaks down what happened, why it matters, and what you should be doing right now.
Source Links
CVE-2026-1670 — Honeywell CCTV Camera Vulnerability👉 https://www.techradar.com/pro/security/honeywell-cctv-cameras-vulnerable-to-hijacking-which-allows-hackers-to-crack-passwords-easily
Ransomware Targeting Firewalls Report👉 https://www.techradar.com/pro/security/batten-down-the-hatches-ransomware-attacks-are-increasingly-targeting-firewalls-experts-claim
Recent High-Severity CVEs Published (NIST NVD overview)👉 https://nvd.nist.gov/general/nvd-dashboard
- Visa fler
