by valino | May 14, 2026 | Hacking, Compliance
The most expensive supply chain attack we triaged in 2026 reached our client through a build dependency that no human had reviewed in three years. A small open-source library — forty-two lines of utility code, sitting four levels deep in the npm dependency graph — had...
by valino | May 13, 2026 | Phishing
The first CEO deepfake fraud incident we worked in 2026 cost the victim company $2.3 million in a single afternoon. The CFO received a video call from someone who looked exactly like the chief executive, sounded exactly like him, and used the verbal mannerisms the CFO...
by valino | May 12, 2026 | Web App Pentesting, pentesting
The IDOR vulnerability we found on day three of a recent web application penetration test should not have existed in 2026. The endpoint accepted an integer customer ID in the URL, performed no authorization check whatsoever, and returned the full account record —...
by valino | May 11, 2026 | Hacking
The most consequential cloud misconfiguration we have triaged in 2026 was not a sophisticated zero-day or a nation-state intrusion. It was a single S3 bucket policy that quietly flipped from private to public during a Terraform refactor at 02:14 on a Tuesday. By the...
by valino | May 11, 2026 | Hacking
Of all the cybersecurity conversations a founder will have over the course of building a company, the most consequential one is the one she has with her spouse. It is rarely on the agenda. It is almost never scheduled. It usually happens, if it happens at all, on a...
