by valino | May 12, 2026 | Web App Pentesting, pentesting
The IDOR vulnerability we found on day three of a recent web application penetration test should not have existed in 2026. The endpoint accepted an integer customer ID in the URL, performed no authorization check whatsoever, and returned the full account record —...
by valino | May 11, 2026 | Hacking
The most consequential cloud misconfiguration we have triaged in 2026 was not a sophisticated zero-day or a nation-state intrusion. It was a single S3 bucket policy that quietly flipped from private to public during a Terraform refactor at 02:14 on a Tuesday. By the...
by valino | May 11, 2026 | Hacking
Of all the cybersecurity conversations a founder will have over the course of building a company, the most consequential one is the one she has with her spouse. It is rarely on the agenda. It is almost never scheduled. It usually happens, if it happens at all, on a...
by valino | May 9, 2026 | Compliance
For organizations between fifty and five hundred employees, the question of whether to hire a full-time chief information security officer or to engage a virtual CISO has become one of the most consequential governance decisions a chief executive will make in the year...
by valino | May 8, 2026 | Active Directory
In nearly every internal penetration test conducted against an Active Directory environment of any meaningful size, a single attack technique appears with such consistency that senior practitioners now treat it as the field-test equivalent of a coin toss that nearly...
