Darren Entwistle named 2026 inductee into the BC Innovators Hall of Fame

Posted in Commentary with tags on May 29, 2026 by itnerd

TELUS announces that President and CEO Darren Entwistle has been named a 2026 inductee into the BC Innovators Hall of Fame, an honour recognizing visionary leaders whose contributions have helped shape and strengthen British Columbia’s innovation and technology ecosystem. The recognition celebrates Darren’s transformative leadership and longstanding commitment to innovation, connectivity and economic growth in British Columbia and across Canada.

Over the past 26 years and under Darren’s leadership, TELUS has transformed from a regional telecommunications provider into a world-leading technology company with global operations spanning digital connectivity, healthcare, agriculture, customer experience, security and artificial intelligence capabilities. Throughout this transformation, TELUS has maintained a deep commitment to British Columbia through significant commercial and social investments, and the company recently announced plans to invest $15 billion in the province through 2030 to enhance connectivity, support Canadian AI leadership and drive economic growth.  

Key milestones realized in British Columbia under Darren’s leadership include:

  • Since 2000, TELUS has invested $70 billion in British Columbia and $294 billion across Canada to enhance and expand TELUS’ world-leading broadband networks, driving connectivity, innovation, sustainability and economic growth across Canada. Today, TELUS’ 5G network reaches more than 90 per cent of Canadians and its PureFibre network connects 3.7 million homes and businesses
  • As part of TELUS’ copper retirement program resulting from its pervasive fibre build (and associated commitment to net-zero carbon footprint), TELUS has undertaken “urban mining”, reclaiming more than 4,600 tonnes of copper and enabling a reduction of 9,300 tonnes of GHG emissions — equivalent to removing nearly 2,000 cars from the road for one year.
  • Through the TELUS Living initiative, TELUS is helping address housing availability and affordability by redeveloping central office buildings (that have become redundant owing to TELUS’ fibre build) into purpose-built residential rental developments.
  • TELUS is developing one of the world’s leading and most sustainable AI infrastructure ecosystems through three advanced facilities in British Columbia, including an AI data centre in Kamloops and two planned facilities in Vancouver.
  • Over the past 26 years, TELUS has built a $1 billion TELUS Ventures portfolio, supporting innovative entrepreneurs and small businesses across the province.
  • Since 2000, TELUS and its team members have gifted more than $1.8 billion globally to innovative social programs, inclusive of helping communities all across British Columbia.
  • Through TELUS’ unique social products of Internet for Good, Mobility for Good and Tech for Good, complemented by TELUS Wise, TELUS has helped bridge digital divides for more than 204,000 people across British Columbia while keeping them safe online.
  • Since 2018, TELUS Health for Good has supported more than 145,000 patient visits for underserved British Columbians through 17 tech-enabled mobile clinics founded by TELUS.
  • TELUS has invested more than $12.6 million in local storytelling and emerging creators in British Columbia through STORYHIVE and TELUS originals.
  • The TELUS Friendly Future Foundation launched the TELUS Student Bursary in 2023. This program has already supported 300 student bursaries in British Columbia that will help realize future innovators in the province.

Established by BC Tech in 2023, the BC Innovators Hall of Fame celebrates leaders whose vision, leadership and innovation have made a lasting impact on British Columbia’s economy and technology sector. Inductees are recognized for advancing innovation, fostering economic growth and helping position B.C. as a globally competitive innovation hub. 

Leave a comment »

DataBee’s UAR Capability Redefines Identity Governance with a Data Fabric Approach

Posted in Commentary with tags on May 29, 2026 by itnerd

For most organizations, user access reviews are a compliance ritual that’s painful by default. Spreadsheets get circulated. Managers bulk-approve without reading. Stale permissions linger long after employees change roles or move on. And when audit season arrives, teams scramble to reconstruct a paper trail that was never built to hold up under scrutiny.

The standard prescription has often been to buy a standalone Identity Governance and Administration (IGA) platform. But that means months of implementation, a parallel system of record to maintain, and — still — the same rubber-stamped approvals that made the process unreliable in the first place.

There’s a better starting point: the identity data you already have.

The Gap Between Visibility and Control

Most security and GRC teams have some visibility into who has access to what — pulled from identity providers like Microsoft Entra ID or Okta, HR systems, or SaaS app exports. But that data typically lives in silos: disconnected sources that require manual effort to consolidate, reconcile, and act on. The picture exists, but it’s fragmented, and turning it into something auditable is where the process breaks down.

The problem has never been access to the data. It’s been turning that visibility into an auditable, repeatable control without bolting on another product to do it.

Certification Campaigns That Launch in Minutes

DataBee User Access Reviews (UAR) is a new capability built directly on the identity data already flowing through DataBee’s OCSF-based pipelines. Security, IT, and GRC teams can launch certification campaigns without procuring or integrating a standalone IGA platform — and without any implementation project to get there.

What that looks like in practice:

  • Campaigns at scale from day one. UAR pulls consolidated identity data from sources like Microsoft Entra ID and Okta, so there’s no manual export or data migration required to get started.
  • Automatic routing to the right people. Access decisions go directly to each user’s direct manager, with a simple SSO-enabled approval experience that requires no training.
  • Real organizational visibility. Completion status tracks across the full org hierarchy, so leaders can see where reviews are stalled and escalate accordingly — without chasing down individual emails.
  • An audit trail that’s built in, not bolted on. Every decision, escalation, and state change is recorded in an immutable archive. Completed campaigns are retained permanently for compliance reporting, with CSV and JSON export built in.
  • Remediation that doesn’t create a second mess. When a campaign closes, DataBee automatically groups remediation workflows by application — so IT teams work at the app level, not item by item.

For organizations that already have a standalone IGA solution, DataBee’s integrations with leading IGA vendors mean UAR complements what’s already in place rather than replacing it.

Raising the Bar on Review Quality

Getting campaigns done faster matters. But so does making the reviews themselves more meaningful — which is where most IGA tools quietly fall short.

DataBee UAR addresses review integrity directly. Smart deduplication ensures each user-application relationship is reviewed exactly once, regardless of how access was granted. Routing happens at the individual level to prevent the blanket group approvals that give auditors pause. And confirmation-first communications help reduce the risk of errors when sending bulk notifications to approvers.

The goal isn’t just to produce an audit artifact. It’s to produce one that reflects actual human decisions about actual access.

From Point-in-Time Compliance to Continuous Control

User Access Reviews is the first compliance workflow natively executed within the DataBee platform, but the intent is bigger than a single feature.

Like DataBee’s Continuous Controls Monitoring solution, DataBee User Access Reviews is part of a growing set of native workflows built on the security data fabric. These use cases represent a shift away from point-in-time compliance checkboxes toward something more durable: continuous, data-driven assurance that doesn’t require a new vendor every time you need a new control.

DataBee User Access Reviews is licensed separately and available now.

See for yourself how UAR works by requesting a demo.

Leave a comment »

New FIRE Report: “RatPressto” phish kit scales quietly via WordPress

Posted in Commentary with tags on May 29, 2026 by itnerd

Fortra Intelligence and Research Experts (FIRE) have just published a report on a new phishing kit, RatPressto, targeting large corporations with the goal of credential theft and data exfiltration. It uses compromised WordPress sites, often with exposed /wp-admin access, to deliver near-identical phishing pages that mimic trusted workflows and silently deploy remote access tools via hidden iframes.

Key findings:

  • Reusable, byte‑identical phishing infrastructure
  • Heavy reliance on compromised WordPress environments
  • Victim‑specific lures to boost credibility
  • GitHub staging and shift to self-hosted ScreenConnect
  • Silent payload delivery through hidden iframes

Insecure or exposed WordPress admin access is a critical risk factor, and organizations should audit and harden immediately as activity continues.

Full report can be found here: https://www.fortra.com/blog/ratpressto-phishing-kit

Leave a comment »

EDAMAME isn’t a DevSecOps problem — it’s a compliance blind spot every enterprise is about to face

Posted in Commentary with tags on May 28, 2026 by itnerd

The launch of EDAMAME — a platform specifically designed to catch AI coding agents going off the rails — signals that the industry is starting to reckon with something important: autonomous AI agents in software development pipelines can take unintended actions, and existing security tooling wasn’t built to see it. But the conversation is almost entirely happening in AppSec and DevSecOps circles, and it’s missing the bigger structural problem underneath.

You can find out more here: https://www.securityweek.com/new-edamame-platform-aims-to-catch-ai-coding-agents-going-off-the-rails/

Justin Beals, CEO & Founder, Strike Graph, an AI-native GRC and compliance automation platform

“Building guardrails for AI coding agents is a meaningful step, and recognizing that autonomous code generation needs behavioral oversight is the right instinct. What’s incomplete is treating this as purely a developer tooling problem — the moment AI-generated code is deployed, it becomes a compliance and risk management challenge that most GRC teams have zero visibility into.

The real gap isn’t just catching an agent that misbehaves in real time. It’s that organizations have no systematic way to evidence that their AI-assisted development process meets the security requirements their certifications demand. Your SOC 2 or ISO 27001 was written assuming humans made the code decisions — it has nothing to say about what an autonomous agent pulled, modified, or deployed on your behalf.

As AI coding agents become standard in engineering orgs, compliance programs will need to evolve from auditing what humans built to auditing what AI built in humans’ names. The frameworks haven’t caught up yet, and the organizations waiting for them to before they act are building a gap that auditors — and attackers — will eventually find.”

Organizations need to ensure that the AI coding agents are as secure as the human agents they use. If they don’t, then it will end very badly for that organization indeed.

Leave a comment »

Microsoft criticizes public disclosure of unpatched zero-day vulnerabilities

Posted in Commentary with tags on May 28, 2026 by itnerd

In a statement published yesterday, Microsoft warned that recent public disclosures of unpatched zero-day vulnerabilities without prior coordination have placed customers at “unnecessary risk.”  The company said several researchers disclosed vulnerability details publicly before Microsoft had an opportunity to develop and distribute security fixes.

The company said coordinated vulnerability disclosure allows vendors time to investigate reports, prepare mitigations, and release patches before technical details become widely available to attackers. Microsoft argued that premature disclosure can increase the likelihood of exploitation against customers who have no available patch or remediation at the time information becomes public.

The warning comes as Microsoft continues addressing multiple recently disclosed vulnerabilities across Exchange Server, Defender, Azure, Windows networking components, and enterprise products during an unusually high-volume patching cycle. Microsoft released fixes for 138 CVEs during May Patch Tuesday alone, while additional vulnerabilities and mitigations were disclosed outside the regular patch release schedule.

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

   “Coordinated disclosure is a shared obligation. Microsoft generates hundreds of billions in annual revenue. No researcher should be expected to subsidize product security for free. Six vulnerabilities across core Windows components including Defender and BitLocker that reached production represent a vendor engineering failure. These flaws should never have shipped. Vendors who ask for coordination must also invest in responsive triage and the development rigor that prevents this.

   “The traditional 90 day embargo was designed for a slower world. AI has compressed vulnerability discovery timelines so dramatically that ninety days is enough time for an entirely new frontier model to be deployed and pointed at the same codebase. Microsoft has patched over 500 CVEs in the first five months of 2026 alone. That volume is a signal that product security posture across the ecosystem is weaker than the market assumes. The Nightmare-Eclipse campaign has followed through on every public threat so far, and the warnings of further disclosures should be taken seriously.”

John Carberry, Solution Sleuth, Xcape, Inc.:

   “Microsoft’s sharp public rebuke against zero-day drops highlights an escalating war of attrition between independent researchers and enterprise vendors. While Microsoft argues that dropping vulnerabilities like RedSun, UnDefend, and BlueHammer puts the entire ecosystem at risk, this friction points to a deeper systemic breakdown. The security research community is clearly growing frustrated with vendor triage timelines, a bottleneck that has become critical given that Microsoft is already drowning in an engineering workload, evidenced by a massive 138-CVE patch cycle this month alone.

   “For enterprise risk leaders, this public spat is a dangerous distraction from the actual operational threat. The moment a researcher publishes full technical details or a working proof-of-concept for core Windows components like Defender, Azure, or Exchange Server, the time-to-exploit window for threat actors drops to zero.

   “Security executives cannot afford to wait around for vendor patches to slowly wind their way through QA and deployment pipelines. They must establish an aggressive, internal mitigation capability that treats uncoordinated disclosures as immediate, active incidents, forcing them to deploy temporary configuration workarounds and hyper-specific EDR detection rules the moment a flaw hits GitHub, long before the official automated fix arrives on a future Patch Tuesday.

   “Critical Takeaways

  •    “The zero-day names to watch: The uncoordinated drops specifically targeting core architecture(RedSun, UnDefend, BlueHammer, and the YellowKey BitLocker bypass) are not theoretical exercises. They represent immediate blueprints that threat actors are actively integrating into automated scanning tools.
  •    “Vendor triage under siege: Microsoft’s massive 138-CVE May release proves that vendor patch pipelines are stretched to their limits, systemically increasing the delay between a researcher’s initial private bug report and a public patch.
  •    “The mitigation engineering mandate: Relying entirely on automated patch management leaves an enterprise completely exposed during uncoordinated drops. Teams must be structurally capable of manually applying complex, out-of-band scripts and registry mitigations.

   “When researchers choose to drop working exploit code for core enterprise infrastructure directly to the public, they are giving the entire Internet an immediate, unauthenticated pass into your network before a lock has even been engineered.

   “The current standoff proves that the traditional model of coordinated vulnerability disclosure is buckling under its own weight, leaving enterprise security teams stuck in the crossfire between impatient researchers and overextended software vendors.”

Lydia Zhang, President & Co-Founder,Ridge Security Technology Inc.:

   “The number of CVEs patched by Microsoft on Patch Tuesday highlights the challenge facing security teams which is, what should I be prioritizing?   Security tools that just identify vulnerabilities are insufficient.   In fact, even knowing that a vulnerability is exploitable is insufficient.  Knowing the kill-chain is insufficient.  The missing piece of the puzzle is combining that exploitability and kill-chain knowledge with business context such as what assets can be reached thru these exposures and how valuable are those assets?”

My only advice is to hold companies like Microsoft accountable. Otherwise we will have vendors deciding what is and isn’t public domain. Which is of course dangerous.

Leave a comment »

Local volunteers create a friendlier future for 500 youth across London

Posted in Commentary with tags on May 28, 2026 by itnerd

Here’s some photos from yesterday’s volunteer event in London, where TELUS team members and community volunteers came together to create a friendlier future for 500 youth across London by packing 300 Kits for Kids, backpacks filled with essential school supplies and assembling 200 Kindnessgrams, sweet treats with handwritten notes of hope, as part of the 21st annual TELUS Days of Giving

Kits for Kids

For many families, rising costs are putting essential school supplies out of reach. Through TELUS’ Kits for Kids program, backpacks filled with school essentials including notebooks, pencils, pens, colouring supplies and loose-leaf paper are distributed to students facing financial barriers. To date, TELUS has distributed more than 250,000 Kits for Kids across Canada, including 10,000 this year alone.

Kindnessgrams

Sometimes, a simple gesture is all it takes to remind someone they aren’t alone. Each Kindnessgram package pairs a bag of sweet treats with a handwritten note of inspiration, designed to let our community’s most vulnerable youth know that their neighbors are rooting for their success. These small tokens serve as a powerful reminder that they are seen, supported, and valued.

Camp Mail

Attendees created camp mail kits to ensure youth who are attending camp are not left out while other campers are receiving camp mail from home. These kits include fun activities and hand written youth friendly jokes. 

The items from the London event will support five local charity partners: Big Brothers Big Sisters of London and AreaLondon Food BankLondon and Middlesex Community HousingYMCA of Southwestern Ontario and Youth Opportunities Unlimited (YOU). Together, these organizations provide critical support to vulnerable families, children and youth across London through social housing, food insecurity, health and fitness programming, camps, child care, specialized newcomer services, mental health and career support programs.

Leave a comment »

Check Point Software Launches Agentic Exposure Validation to Counter Frontier AI Models Now Capable of Autonomous Exploitation

Posted in Commentary with tags on May 28, 2026 by itnerd

Check Point today launched Agentic Exposure Validation (AEV) for Exposure Management, to put defenders on equal footing with AI-driven attackers. As frontier AI models like Anthropic’s Mythos and OpenAI’s GPT-5.5 gain the ability to autonomously find thousands of exploitable vulnerabilities at scale, the question for boards and CISOs is no longer “are we patched?” but “what can attackers actually exploit right now? and how do we find it before they do?” AEV is the answer.

Agentic Exposure Validation (AEV) uses AI agents that reason like attackers across the organization’s specific environment, correlating exposure data, asset context, live exploit research, threat intelligence, and protection coverage to determine whether an exposure is truly exploitable. Rather than relying on static severity scores, AEV follows a safe proving loop: it analyzes the relevant asset or CVE, enriches findings with live Check Point threat intelligence, checks whether existing controls already block the path, and builds a targeted validation that mirrors attacker reasoning without disruptive techniques. It then either proves the exposure with direct evidence, pivots to a new attack path when blocked, or discards the threat altogether.

AEV is a critical validation capability within Continuous Threat Exposure Management (CTEM) programs, helping organizations move from discovery and prioritization into confident, evidence-based exposure reduction at AI scale.
Early customer engagements have already demonstrated this pattern, and AEV was able to create novel exploit for dozens of vulnerabilities that had no known exploit.

Agentic Exposure Validation is available now as part of Check Point Exposure Management. To learn more or to request a complimentary AEV scan, organizations can complete the demo request form here to see what an agentic attacker would uncover on their external attack surface

1 Comment »

TERAGO and Ericsson Launch Enterprise Private 5G Network at McMaster Manufacturing Research Institute

Posted in Commentary with tags , on May 28, 2026 by itnerd

TERAGO today announced the successful deployment of an Ericsson Private 5G network in collaboration with Ericsson Enterprise Wireless Solutions at the McMaster Manufacturing Research Institute (MMRI).

Building on its strategic partnership with Ericsson Enterprise Wireless Solutions, TERAGO continues to accelerate the adoption of enterprise-grade 5G infrastructure across Canada. This latest deployment represents a significant milestone bringing Private 5G into a live manufacturing and research environment where organizations can explore, validate, and scale next-generation applications.

The private 5G network at MMRI, utilizing the recently released Canadian industry spectrum, delivers secure, high-performance, low-latency connectivity across the facility, enabling advanced use cases such as AI-driven automation, robotics, real-time data processing, and smart manufacturing. Designed as a fully managed, dedicated network, it provides the reliability and control required for mission-critical industrial operations.

Ericsson’s Enterprise 5G solutions provide the mobility, performance, and flexibility required for complex industrial environments. Combined with TERAGO’s expertise in managed connectivity and licensed spectrum, the solution delivers a robust, enterprise-ready platform tailored to the evolving needs of modern industry.

Exclusive Ericsson Private 5G Launch Event – June 2, 2026

To mark the deployment, TERAGO and Ericsson will host an exclusive Ericsson Private 5G Launch Event at MMRI on June 2, 2026, bringing together industry leaders, customers, and partners for an immersive, hands-on experience showcasing Private 5G technology as well as applications.

This event will provide attendees with a unique opportunity to experience how Ericsson Private 5G enables integrated intelligence across modern industrial operations, bridging connectivity, automation, and real-time decision-making.

Leave a comment »

TELUS Rewards earns global loyalty award recognition and unveils massive program enhancements

Posted in Commentary with tags on May 28, 2026 by itnerd

TELUS Rewards is setting a new standard for customer loyalty with major new enhancements that give Canadians more benefits, more savings, and more everyday value. Starting today, every TELUS Rewards member gains access to an expanded suite of health, travel, entertainment and lifestyle perks worth more than $400 in annual value — simply for being a TELUS customer. This commitment to member value has earned TELUS Rewards global recognition, with three first-place honours at the 

2026 Loyalty360 Awards, including the 360-Degree Brand Award. The expanded lineup of exclusive benefits now available to all members include:

  • New TELUS Perks: Complimentary access to a virtual counselling session through TELUS Health MyCare (valued at up to $120), plus a complimentary veterinary consultation through TELUS Health MyPet (a $40 annual value) — making it easier for members to access trusted support and care for themselves and their pets.
  • New Partner Perks: Everyday savings through new partnerships with Skip and Turo. Perks include a complimentary one-year Skip+ membership, unlocking $0 delivery fees on eligible orders, member-exclusive offers, and hundreds in potential annual savings from Canada’s homegrown delivery network. And hit the road this summer with a one-time $50 Turo car rental credit.

TELUS Rewards is Canada’s award-winning loyalty program, featuring a tiered experience that rewards customers for their loyalty. As members progress through Purple, Gold, Platinum and Diamond tiers, they unlock increasingly exclusive perks, enhanced benefits and greater everyday value. Customers who sign up for TELUS Rewards with one eligible TELUS service join the Purple tier and gain access to a growing collection of benefits, savings and experiences from day one. Members can unlock Gold, Platinum and Diamond tiers by adding additional qualifying TELUS services, including Mobility, Internet, Optik TV and SmartHome Security.

For more information about TELUS Rewards, visit https://www.telus.com/my-rewards.

Leave a comment »

CrowdStrike Details Takedown of Glassworm

Posted in Commentary with tags , , on May 28, 2026 by itnerd

CrowdStrike, Google, and the Shadowserver Foundation said they disrupted the Glassworm botnet, a global threat targeting developers and open-source software ecosystems through supply chain attacks. CrowdStrike said the coordinated takedown simultaneously disabled all four of the botnet’s C2 channels, preventing communications with infected systems and delivery of additional malware payloads.

You can find out more by reading CrowdStrike’s writeup here: https://www.crowdstrike.com/en-us/blog/inside-crowdstrike-takedown-of-a-developer-targeting-botnet/

Liquibase VP Ryan McCurdy offers perspective:

   “Glassworm is a reminder that ungoverned automation can quickly become a privileged attack path. Once attackers compromise developer tooling, poison repositories, or steal CI/CD credentials, the pipeline stops being background infrastructure and starts acting like a privileged identity. That is what makes these attacks so dangerous. The answer is not less automation. It is more standardized, governed automation, so the workflows developers and pipelines already rely on are consistent, controlled, and harder to abuse.”

Honestly, while this is to be celebrated, it’s also time for organizations to look at themselves and retool themselves so that automation is not an attack path. Otherwise bad things will happen.

UPDATE: There’s additional commentary starting with Ryan McCurdy, VP of Marketing, Liquibase:

   “Glassworm is a reminder that ungoverned automation can quickly become a privileged attack path. Once attackers compromise developer tooling, poison repositories, or steal CI/CD credentials, the pipeline stops being background infrastructure and starts acting like a privileged identity. That is what makes these attacks so dangerous. The answer is not less automation. It is more standardized, governed automation, so the workflows developers and pipelines already rely on are consistent, controlled, and harder to abuse.”

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

   “When dismantling a single developer targeting botnet requires three organizations to simultaneously strike four independent command and control channels, that is a measure of how seriously adversaries have invested in compromising the people who build software. Glassworm’s operators layered Solana blockchain dead drops and BitTorrent alongside legitimate services like Google Calendar, building infrastructure designed to survive exactly this kind of operation. This coordination sets a model for how the security community should respond to entrenched supply chain threats. Precision and partnership delivered operational results without years of judicial process.

   “Disruption buys defenders a window. It does not reverse more than a year of credential theft. Glassworm used credentials stolen in earlier infections to poison over 300 GitHub repositories, the same cascading pattern the industry has tracked across multiple supply chain campaigns this year. Any organization consuming open source software should be checking telemetry against the published indicators now, not waiting for a downstream compromise to surface the exposure.

   “Glassworm did not operate in isolation. It ran alongside multiple supply chain campaigns targeting the same developer ecosystems over the same timeframe, including the Shai-Hulud worm and the Megalodon GitHub poisoning disclosed days ago. The volume and persistence of these operations make the case that developer environments and build pipelines require the same zero trust posture organizations have spent a decade applying to users and networks. Any organization that treats its build infrastructure as implicitly trusted is operating on assumptions that adversaries have already invalidated.”

Noelle Murata, Chief Operating Officer at Xcape, Inc.

   “The coordinated takedown of the Glassworm botnet by CrowdStrike, Google, and Shadowserver highlights a massive paradigm shift: threat actors are aggressively targeting the software developer’s workstation as the ultimate enterprise entry point. By targeting IDE marketplaces, package registries, and GitHub repositories rather than traditional corporate networks, the operators behind Glassworm turned infected developer environments into automated launchpads for broader downstream supply chain contamination.

   “What makes this campaign uniquely menacing is the extreme, multi-layered resilience of its command-and-control (C2) architecture. By hiding C2 infrastructure across the Solana blockchain, the BitTorrent peer-to-peer network, and public Google Calendar entries, the attackers built a decentralized dead-drop engine that could not be dismantled by traditional domain sinkholing or legal hosting takedowns. The fact that defenders had to execute a flawless, simultaneous strike across all four independent technical vectors proves that legacy, siloed perimeter defense is structurally obsolete when fighting a decentralized adversary.

   “For enterprise risk leaders, the Glassworm disruption is a severe warning that developer environments must be treated as highly privileged, zero-trust zones. To defend against this evolving threat landscape, security executives must immediately enforce strict application control policies on developer IDE extensions, audit code pipelines for unauthorized package installs executing via post-install hooks, and continuously monitor for suspicious, outbound programmatic access to public infrastructure.

   “Critical Takeaways

  •    “Targeting the pipeline creators: Adversaries are bypassing heavily defended enterprise production environments to compromise developers directly, leveraging their local code-signing access and platform credentials to seamlessly poison entire downstream software lifecycles.
  •    “The resilience of decentralized C2: Utilizing immutable blockchain ledger memo fields and decentralized peer-to-peer hash tables means attackers can permanently maintain connectivity to infected assets without relying on central, tear-down-vulnerable web domains.
  •    “Takedowns are a temporary shield: While disabling the current infrastructure disrupts immediate payload delivery, it does not erase the thousands of malicious, typosquatted npm/PyPI packages and poisoned source files that remain dormant across the broader public code ecosystem.

   “When a botnet embeds its command architecture into public blockchains and peer-to-peer networks, traditional security boundaries cease to exist. You aren’t just fighting a group of hackers anymore; you are fighting a permanent, decentralized exploit of the internet’s own infrastructure.”

Leave a comment »

« Older Entries