board risk
10 posts
Exposure you cannot see
A board-level assessment of why unverified detection against a public vulnerability campaign leaves exposure unconfirmed and control unproven.
Ransomware spreading through trusted accounts
A novel ransomware variant spread through compromised accounts, exposing identity - not the perimeter - as the boundary that must be enforced at runtime.
Europol's second database ran unwatched for years
A board-level analysis of Europol's unsafeguarded secondary database and the European Commission oversight gap that did not constrain it for years.
Gizmodo's front door now hands visitors malware
Gizmodo's homepage delivered a ClickFix attack at runtime, showing how unenforced content delivery controls turn a trusted brand surface into a delivery point.
GitHub pulls the account, the repos live on
A board-level analysis of GitHub's ban on a researcher publishing Windows zero-days alongside violent threats, and what it reveals about disclosure risk.
Your file renames are a security control
CVE-2025-48095 in 7-Zip exposes the governance gap around utility software that processes untrusted input without formal ownership or version control.
CISA administrator published GovCloud keys to GitHub
A CISA administrator's publication of AWS GovCloud keys to public GitHub exposes the gap between cloud segregation policy and runtime control.
Your bot defenses just failed
A board-level view of how a stealth Playwright build erodes the assurance value of anti-bot and CAPTCHA controls across the business.
An avatar walked through Face ID
A Face ID bypass using an avatar reduces the assurance of every business process that treats biometric success as proof of human presence.
Linux security intake is overwhelmed
Linus Torvalds says AI-generated reports have made the Linux kernel security list almost entirely unmanageable. A board-level read on the exposure.