Shadow AI and Exposed LLMs: Why Your Organization’s AI Security is Probably Worse Than You Think

I’ve been digging through this week’s security news, and there’s a pattern emerging that should make every CISO lose sleep. We’re seeing AI security failures across multiple fronts – from shadow AI deployments to exposed language model hosts to malicious browser extensions stealing ChatGPT tokens. The common thread? Organizations are rushing to adopt AI without understanding the attack surface they’re creating.

Microsoft’s NTLM Retirement and the AI-Powered Security Arms Race

I’ve been watching some interesting developments unfold this week that really highlight where our industry is heading. Microsoft finally announced they’re pulling the plug on NTLM authentication by default in future Windows releases, while at the same time, AI capabilities in both offensive and defensive security are advancing faster than many of us anticipated.

The End of an Era for NTLM

After three decades, Microsoft is finally retiring NTLM authentication by default in upcoming Windows releases. Honestly, it’s about time. This protocol has been a thorn in our side for years, with its vulnerabilities making it a favorite target for attackers looking to move laterally through networks.

Why 2026 Might Be the Year AI Attacks Finally Live Up to the Hype

I’ve been watching the AI security threat predictions for years now, and honestly, most of them have felt like fear-mongering wrapped in buzzwords. But something interesting happened this week that made me pause. Dark Reading ran a poll asking their readers what they think will be the biggest security story of 2026, and “agentic AI attacks” came out as a frontrunner alongside advanced deepfakes.

When Dating Apps Get Hacked: Match Group Breach Highlights Our Ongoing Security Challenges

Let me start with something that probably hit close to home for a lot of us this week. Match Group, the company behind pretty much every dating app you’ve ever heard of—Tinder, Hinge, OkCupid, Match.com—just confirmed they got breached. And honestly, it’s a perfect example of how our industry keeps facing the same fundamental problems, just in different packages.

Google Takes Down IPIDEA Proxy Network While Critical Infrastructure Shows Alarming Security Gaps

Last week brought some sobering reminders about the state of our cybersecurity defenses, from a major proxy network disruption to widespread vulnerabilities in critical infrastructure. Let me walk you through what happened and why it matters for our industry.

The IPIDEA Takedown: A Win Against Malware Infrastructure

Google’s Threat Intelligence Group scored a significant victory this week by disrupting IPIDEA, one of the largest residential proxy networks used by threat actors. This wasn’t just any proxy service – IPIDEA was essentially running on compromised residential devices infected with malware, creating a massive botnet disguised as a legitimate business service.

Zero-Day Season Continues: Ivanti Hit Again While FBI Launches Winter SHIELD

It feels like we’re stuck in a particularly rough patch of vulnerability disclosures, and this week’s news isn’t helping that feeling. The most pressing issue on my radar is another Ivanti situation – this time affecting their Endpoint Manager Mobile (EPMM) platform with two critical flaws that attackers are already exploiting in the wild.

The Ivanti Problem Keeps Getting Worse

I’ll be honest – when I saw another Ivanti vulnerability announcement, my first thought was “here we go again.” The company disclosed two critical vulnerabilities in their EPMM platform, tracked as CVE-2026-1281 and CVE-2026-1340, and these aren’t theoretical risks. Attackers are actively exploiting them.

When Trusted Platforms Turn Against Us: This Week’s Supply Chain Wake-Up Call

You know that sinking feeling when you realize attackers have found a new way to weaponize something we all thought was safe? That’s exactly what happened this week across multiple fronts, and honestly, it’s got me rethinking how we evaluate “trusted” platforms.

The most eye-opening story has to be the Hugging Face abuse campaign. Attackers are using the popular AI model repository to host thousands of Android malware variants targeting financial apps. Think about that for a second – Hugging Face has become such a cornerstone of the AI ecosystem that most of us probably whitelist it without a second thought. Now criminals are exploiting that trust to distribute credential-stealing malware.

When AI Servers Go Rogue and Car Doors Won’t Open: This Week’s Security Wake-Up Calls

You know that feeling when you realize just how interconnected and vulnerable our digital infrastructure really is? This week delivered a perfect storm of reminders, from 175,000 exposed AI servers scattered across the globe to Russian drivers literally locked out of their cars by hackers. Let me walk you through what happened and why it matters for all of us.

Critical Fortinet Flaw Under Active Attack While AI Reshapes Security Assumptions

If you’re running Fortinet infrastructure, drop what you’re doing and check your patch status. The company just released emergency fixes for CVE-2026-24858, a critical authentication bypass in FortiOS that’s already being exploited in the wild. With a CVSS score of 9.4, this isn’t just another vulnerability to add to your backlog—it’s an active threat that affects FortiOS, FortiManager, and FortiAnalyzer systems.

When AI Assistants Become Security Liabilities: This Week’s Enterprise Wake-Up Calls

If you’ve been keeping an eye on enterprise AI adoption lately, you probably won’t be surprised to hear that we’re seeing some predictable security growing pains. But this week brought a particularly stark reminder of why security teams need to stay ahead of the curve when it comes to AI deployments.

The Moltbot Reality Check

The biggest story hitting my radar is the security mess surrounding Moltbot (formerly Clawdbot), an AI assistant that’s been making waves in enterprise environments. BleepingComputer reported that security researchers are finding some seriously concerning deployment issues that could expose API keys, OAuth tokens, conversation histories, and user credentials.