Beyond the Browser: The Questions That Expanded the Attack Surface
After presenting this research at security conferences this year, I was expecting the usual post-talk questions like "what tools did you use?", "does this also work on mobile?", or a compliance officer asking if PDF forms are covered under their DLP policy. What the audience did instead was take ...
Continue Reading
Supply Chain Security: Trust Is the New Attack Surface
In February 2026, while participating in a panel at IT Expo, one statement kept resonating ...
Continue Reading
SaaS Sprawl, Identity, and the Illusion of Control
While participating in the SaaS Sprawl and Shared Responsibility: Regaining Control and Assuring ...
Continue Reading
Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
Subdomain takeover is one of those vulnerabilities that refuses to die. Every few years it gets ...
Continue Reading
-1.png)
Bypassing Browser PDF Security: Using Embedded JavaScript Forms for Social Engineering
I can say that, since I started my journey at Secure Ideas, I’ve felt extremely fortunate. Not only ...
Continue Reading
From Nmap to CSV
How Experience and Management Skills Improve Data Analysis for Security Professionals The other ...
Continue Reading
Best Practices and Risks Considerations in Automation like LCNC and RPA
best practices |
LCNC |
RPA
The Rise of Low-Code/No-Code and RPA in Digital Transformation Technologies such as ...
Continue Reading
The CISO's Myopia
Fifteen years ago, I wrote an article entitled "The CSO’s Myopia." At the time, I aimed to ...
Continue Reading