Learn
Why the robocalls about your Google listing won't stop
Put your business on Google and the robocalls never stop? Here's why it happens, why blocking fails, and what actually works.
security
Learn
What a VPN actually does
A user showed me a VPN ad on her phone last month and asked if she should buy it. The ad had a hooded figure at a coffee shop. Ominous music. A scrolling list of things hackers were apparently doing to her bank account while she ordered a latte. Fifteen
Learn
How to spot a phishing email in 2026
Have you ever been phished by your own work? Have you felt betrayed when you clicked a link in an email that looked legit and then your IT department sends you an email assigning you mandatory phishing training? Email phishing has evolved over time, and so has the way to
News
Patching is the new password
Verizon publishes a Data Breach Investigations Report every spring. It's the closest thing the security industry has to an annual census, built from real incident data submitted by hundreds of organizations and law-enforcement partners. The 2026 edition dropped yesterday, and it announced something that hadn't happened
News
A WordPress privacy plugin opened 115,000 sites to takeover
A WordPress plugin called Burst Statistics, installed on about 200,000 sites and marketed as a privacy-friendly alternative to Google Analytics, has a critical authentication-bypass flaw that lets attackers walk in as the site administrator. Wordfence discovered it on May 8th. A patch shipped May 12. As of about a
News
CISA contractor posted admin keys to public GitHub
A contractor at the Cybersecurity and Infrastructure Security Agency (CISA), the office of the federal government whose entire job is protecting U.S. critical infrastructure from cyberattacks, kept admin credentials for three Amazon GovCloud accounts in a public GitHub repository for six months. GovCloud is Amazon's cloud platform
Learn
What the heck is a Passkey?
If you're like me, you've probably been seeing prompts to set up a passkey for about a year now. And if you're also like me, you may have been hitting "not now" every time you see them. Every few weeks Google asks
News
IT twins wipe 96 government databases.
On February 18, 2025, twin brothers Sohaib and Muneeb Akhter were fired during a video call from Opexus, a Washington D.C. tech contractor that hosts data for more than 45 federal agencies. By the time the call ended, 96 federal databases were gone. The window from termination to destruction
News
Canvas got breached. Again.
Instructure, the company behind the Canvas learning management system used by roughly 7,000 universities and a growing slice of K-12 districts nationwide, confirmed a data breach this weekend. The extortion group ShinyHunters claims they took 3.65 terabytes of data covering 275 million students, teachers, and staff across nearly