All Posts

Overview The UK's National Cyber Security Centre (NCSC) has urged organisations to take a measured approach to adopting agentic AI, highlighting growing cyber and operational risks associated with highly autonomous AI systems. [The Cyber Express](https://thecyberexpress.com/agentic-ai-expands-enterprise-attack-surface/) The joint guidance, titled Careful Adoption of Agentic AI Services, was published on May 18, 2026, co-authored by the NCSC with international partners. [Let's

CYBERUK 2026, held in Glasgow at the SEC from April 21–23, 2026, marked a decade of the NCSC’s flagship event. Under the theme "The Next Decade: Accelerating Our Cyber Defence," the conference focused on the rapid evolution of AI, the closing window for post-quantum migration, and the shifting tactics of nation-state actors. 🛡️ Key Headlines & Major Announcements 1. Defending Against "Covert Networks" (China-Linked Threats) The NCSC, alongside 15 international partners, laun

The recent Artemis II mission ( April 2026 ) represented the transition from testing the hardware in a vacuum (Artemis I) to testing the hardware's ability to keep humans alive in deep space. While Artemis I proved the rocket could fly, Artemis II is essentially a "shakedown cruise" for the systems and technology that support human life and high-bandwidth communication beyond Low Earth Orbit (LEO). 1. Orion Multi-Purpose Crew Vehicle (MPCV) The Orion capsule for Artemis II i

Claude Mythos Preview has dominated this weeks AI news so far not to be outdone OpenAI’s released GPT-5.4 in the next round of "Frontier LLM War's" 🛑 Validation Status: Verified "Capybara" tier, the Project Glasswing consortium, and the specific "Sandwich Incident" (the sandbox escape). Key Verification Notes: The Model: Claude Mythos Preview is indeed unreleased to the public. It is a "Step Change" model that has redefined expectations for AI agentic behavior. The B

The European Commission has launched a new ICT Supply Chain Security Toolbox , designed to provide a unified European approach to identifying, assessing, and mitigating cybersecurity risks within ICT supply chains. The news, published on February 13, 2026, highlights the EU's proactive stance against increasingly sophisticated cyberattacks that threaten both economic stability and regional security. Key Components of the Toolbox Risk Mitigation: The toolbox outlines specific

Continuous Threat Exposure Management (CTEM) is a five-stage strategic framework—comprising Scoping, Discovery, Prioritization, Validation, and Mobilization —designed to move organizations from reactive vulnerability patching to proactive, business-aligned risk reduction. In the context of the Digital Operational Resilience Act (DORA), CTEM serves as a primary methodology for meeting the rigorous mandates of Article 17 , which requires financial entities to establish comprehe

The 2026 offensive security landscape has fundamentally shifted from malware-centric network intrusions to identity-first exploits, autonomous AI operations, and Living-off-the-Cloud (LotC) architectures, driven by geopolitical conflict and the pursuit of low-cost, scalable Tactics, Techniques, and Procedures (TTPs). Key Threat Drivers and Statistics: Cyber-attacks are up 18% YoY, ransomware is up 48%, and 82% of malicious attacks still start via email. The focus is shifting

Introduction: The Advent of the Agentic Internet The digital world is shifting from generative AI (2023-2025) to agentic AI (2026), marking an architectural evolution since cloud computing. Generative AI risks were limited (misinformation, phishing), but agentic AI, with read-write access, persistent memory, and autonomous execution, presents a fundamentally altered, catastrophic attack surface. Compromised agents now execute high-impact actions, operating within an "attribut

This week has seen a significant intersection of major infrastructure breaches and a high-stakes legislative battle in the European Union over the future of AI and privacy. 🛡️ Major Security Incidents European Commission Cloud Infrastructure Breach The European Commission is investigating a significant cyberattack on its Amazon Web Services (AWS) environment, which hosts the Europa.eu portal. The Damage: Approximately 350 GB of data was allegedly exfiltrated. The Perpetr

The EU's transition to the European Digital Identity (EUDI) Wallet, mandated by eIDAS 2.0 (Regulation (EU) 2024/1183), is a strategic response to fragmented national eID schemes and rising deepfake-powered identity fraud. The EUDI Wallet, which must be offered by all Member States by December 2026, aims for 80% citizen adoption by 2030, aligning with the Digital Decade objectives. The architecture is decentralized and user-centric, utilizing a Wallet Unit to store Person Iden

Domain-Driven Design (DDD) offers a profound solution to modern cybersecurity vulnerabilities by shifting from perimeter-based, technology-driven defenses to an intrinsic "Secure by Design" approach. Historically, security was "bolted on" with firewalls, but the complexity of micro-services demands that security be structural. DDD, conceived by Eric Evans, aligns code with core business domain models, which naturally enforces rigorous security. This paradigm, called "Domain-D

Introduction For years, competitors such as Samsung, Huawei, and Google have iterated through multiple generations of foldable devices, capturing early adopters while contending with technological compromises. Apple's entry in September 2026, synchronized with the debut of the iPhone 18 Pro and iPhone 18 Pro Max models, is engineered to capitalize on matured supply chains and a consumer base that has been normalized to the foldable paradigm. Strategic recalibrations within Ap

Threat modeling is a foundational design time activity and good developmental practice, the key goal is to understand threats and risks to the systems and services as early in the lifecycle as possible before spending too much time, effort and money, to the uninitiated it can sometimes feel overwhelming or need specialist skills. In this basic introduction I will start with basic design time collaborative threat modelling, that anyone can do! By breaking down the early solu

Introduction to the Semantic Threat Landscape The rapid integration of Large Language Models (LLMs) into enterprise infrastructure, autonomous systems, and critical workflows has precipitated a fundamental paradigm shift in application security. Because the underlying architecture of transformer-based generative models processes natural language prompts probabilistically, it inherently conflates trusted system instructions with untrusted user input or external data. This stru

Introduction Operational Technology (OT) and Industrial Control Systems (ICS) have reached a critical and highly volatile inflection point. Historically, these systems were designed for physical reliability, operational longevity, and absolute closed-loop isolation. They governed the fundamental processes of modern civilization, from the purification of municipal water supplies and the generation of electrical power to the automation of heavy manufacturing and the routing of

Geek time, so unless you have been in a sandbox this week or not been paying attention the team at Kali Linux dropped 2025.4 , you know the landscape is shifting. With the complete transition to Wayland on GNOME 49 and the introduction of native AI-driven tools like hexstrike-ai, OffSec is clearly signaling that artificial intelligence is no longer just a gimmick—it is a core component of modern offensive security. But here is the candid reality: piping your sensitive red-te

The realization of quantum computational advantage represents a fundamental shift in the capabilities of information processing, marking the transition from theoretical quantum mechanics to the era of practical, large-scale quantum devices. At the forefront of this transition is the Jiuzhang series, a lineage of photonic quantum computers developed by the University of Science and Technology of China (USTC) under the leadership of Pan Jianwei and Lu Chao-Yang. Named after the

Social media has transitioned from a networking tool to an omnipresent, algorithmic, and AI-driven environment, fundamentally rewiring human interaction and causing interconnected crises in cognitive, psychological, political, and economic domains. This hyper-connectivity paradoxically fuels a global loneliness epidemic and systemic erosion of trust. The extractive attention model of platforms has led to a population-level cognitive collapse, with the average digital attentio

SbD In the world of software and cybersecurity, we’ve spent decades playing "Whack-A-Mole"—trying to patch holes in software after hackers have already climbed through them. Secure by Design (SbD) is the industry's way of saying, "Maybe we should just build a house that doesn't have holes in the first place." It is a fundamental shift from treating security as a final "check-the-box" feature to making it a core requirement from the very first line of code. What is Secure by

Data driven overview on MITRE's Adversarial threat Landscape for AI Systems, ATLAS. You can check out MITRE ATLAS here https://atlas.mitre.org/