- The Privileged Roles Nobody Talks About
by Carlos Perez on June 4, 2026 at 4:00 am<p>Part 1: Why Your MDM Platform is a Tier 0 AssetThis is Part 1 of a two-part series on Intune security hardening. This post covers what we have seen in real world attacks as well as attack paths our Pentest Team has…</p>
- CMMC Conditional Status – Contracting Without Complianceby Chris Camejo on June 2, 2026 at 4:00 am
<p>The CMMC rollout is progressing. Contracts that require a CMMC Level 2 (Self) self-assessment have been circulating since the start of Phase 1 in November 2025, and contracts that require CMMC Level 2 (C3PAO) audits…</p>
- PCI DSS, Telephone Payments, and the Problems With VoIPby Chris Camejo on May 26, 2026 at 4:00 am
<p>Turns out your VoIP system has some opinions about your PCI DSS compliance. Director of Advisory Services Chris Camejo breaks down who’s affected and how to reduce your compliance burden.</p>
- Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystemby Carlos Perez on May 21, 2026 at 4:00 am
<p>Same worm, different wave. In our new blog, Director of Security Intelligence Carlos Perez covers Shai-Hulud, how this supply-chain malware can eat your whole ecosystem, and what you can do to protect your data.</p>
- Coverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflowsby Brandon McGrath on May 19, 2026 at 4:00 am
<p>1.1 IntroductionRalph is a solid tool that makes agents do…more. It's defined as: an autonomous AI agent loop that runs repeatedly until all PRD items are complete. The purpose is for it to handle bigger plans and…</p>
- Finding Your Way on the Passkey Pathby Brandon Colley on May 14, 2026 at 4:00 am
<p>Ready to ditch passwords for good, but not sure where to start? Introducing Passkey Path, a choose-your-own-adventure guide to transitioning from passwords to passkeys, built for every role in your organization.</p>
- Slamming the Door on Quick Assist Tech Support Scams and Abuseby Thomas Millar on May 12, 2026 at 4:00 am
<p>Tech support scams are simple by design—just a trusted tool and a convincing story. We break down Microsoft Windows Quick Assist as an attack vector, detection strategies, and how to close the door for good.</p>
- GRC in an AI World – Staying in the Fast Lane Without Losing the Race!by Stephanie Saunders on May 7, 2026 at 4:00 am
<p>Artificial Intelligence (AI) is the new buzz word on the streets. It’s becoming “the best thing since sliced bread” in the IT world and is being used by everyone from executives to employees, students, and even young…</p>
- The Defensive Stack is Exposed: LLMs, Reverse Engineering, and the End of Opaque Defenseby Justin Elze on May 5, 2026 at 4:00 am
<p>Everyone is talking about LLMs finding zero days. That is not the only story. The story is what happens when you point these models at the defensive tools organizations depend on for first line defense. AI is changing…</p>
- ARP Around and Find Out: Hijacking GPO UNC Paths for Code Execution and NTLM Relayby Austin Coontz on April 30, 2026 at 4:00 am
<p>TL;DR – If you have WriteGPLink on an Active Directory Organizational Unit (OU) and you’re on the same network segment as a computer within that OU, you can abuse that permission to link an existing Group Policy Objects…</p>
TrustedSec
We are an ethical website cyber security team and we perform security assessments to protect our clients.