by valino | May 13, 2026 | Phishing
The first CEO deepfake fraud incident we worked in 2026 cost the victim company $2.3 million in a single afternoon. The CFO received a video call from someone who looked exactly like the chief executive, sounded exactly like him, and used the verbal mannerisms the CFO...
by valino | May 12, 2026 | Web App Pentesting, pentesting
The IDOR vulnerability we found on day three of a recent web application penetration test should not have existed in 2026. The endpoint accepted an integer customer ID in the URL, performed no authorization check whatsoever, and returned the full account record —...
by valino | May 11, 2026 | Hacking
The most consequential cloud misconfiguration we have triaged in 2026 was not a sophisticated zero-day or a nation-state intrusion. It was a single S3 bucket policy that quietly flipped from private to public during a Terraform refactor at 02:14 on a Tuesday. By the...
by valino | May 11, 2026 | Hacking
Of all the cybersecurity conversations a founder will have over the course of building a company, the most consequential one is the one she has with her spouse. It is rarely on the agenda. It is almost never scheduled. It usually happens, if it happens at all, on a...
by valino | May 9, 2026 | Compliance
For organizations between fifty and five hundred employees, the question of whether to hire a full-time chief information security officer or to engage a virtual CISO has become one of the most consequential governance decisions a chief executive will make in the year...
