Pagalishor markPagalishor Current

Category

Security

Reporting on identity, incident response, cloud risk, and software supply chain defense.

Risk, resilience, and the systems companies rely on.

Each category hub surfaces a lead story, recent reporting, and a clear path to related coverage.

8 published stories in this archive.

Cybersecurity and privacyIdentityIdentity SecurityPrivacy RegulationRansomware and BreachesSecurity operations
Nginx UI MCP vulnerability: why this exploited flaw matters now
SecurityRansomware and Breaches
Nginx UI MCP vulnerability: why this exploited flaw matters now
A newly exploited flaw in Nginx UI shows how quickly AI-connected management features can turn into a live server risk when core protections are skipped.
Aisha RahmanApr 23, 20263 min read
Risk, resilience, and the systems companies rely on.Read story

Latest in Security

Recent reporting from this category archive, ordered from newest to oldest.

The Cisco SD-WAN vulnerability on CISA's list needs attention now
SecurityRansomware and Breaches
The Cisco SD-WAN vulnerability on CISA's list needs attention now
A Cisco SD-WAN flaw that was only part of a broader February advisory has become more urgent after CISA flagged it as actively exploited, pushing network teams to revisit internet-facing management setups that may have looked low priority weeks ago.
Aisha RahmanApr 22, 20264 min read
Risk, resilience, and the systems companies rely on.Read story
The Apache ActiveMQ vulnerability on CISA's exploited list needs faster patching
SecurityRansomware and Breaches
The Apache ActiveMQ vulnerability on CISA's exploited list needs faster patching
CISA says attackers are already exploiting the Apache ActiveMQ vulnerability tracked as CVE-2026-34197, turning an old piece of enterprise middleware into another urgent reminder that forgotten infrastructure still creates outsized security risk.
Aisha RahmanApr 22, 20264 min read
Risk, resilience, and the systems companies rely on.Read story
Entra passkeys on Windows bring phishing-resistant sign-ins to unmanaged PCs
SecurityIdentity Security
Entra passkeys on Windows bring phishing-resistant sign-ins to unmanaged PCs
Microsoft has moved Entra passkeys on Windows into public preview, giving organizations a way to use device-bound passkeys on personal and shared PCs without relying on passwords.
Aisha RahmanApr 21, 20263 min read
Risk, resilience, and the systems companies rely on.Read story
Microsoft says device-code phishing has become a faster identity threat
SecurityIdentity Security
Microsoft says device-code phishing has become a faster identity threat
Microsoft’s April 6, 2026 research says attackers are scaling device-code phishing with automation and AI-written lures, turning a niche OAuth trick into a more practical account-takeover path.
Aisha RahmanApr 20, 20263 min read
Risk, resilience, and the systems companies rely on.Read story
Microsoft’s April hotpatch turned a Windows update bug into an identity warning
SecurityIdentity Security
Microsoft’s April hotpatch turned a Windows update bug into an identity warning
Microsoft’s April 19, 2026 out-of-band hotpatch fixed a domain-controller startup issue that followed the April 14 security update, underscoring how identity infrastructure changes can become availability risks before security teams have time to react.
Aisha RahmanApr 20, 20262 min read
Risk, resilience, and the systems companies rely on.Read story