When a Single Phishing Click Becomes a Global Vulnerability – Meet the Supply Chain’s Weakest Link 1. Phishing-Driven Attack on npm Packages On 8 September 2025, maintainer Qix fell victim to a highly convincing phishing email from [email protected], which led to unauthorised password reset and takeover of his account. Attackers injected malicious code into at …
Opening Scene: The Unthinkable Inside Your Digital Fortress Imagine standing before a vault that holds every secret of your organisation. It is solid, silent and built to withstand brute force. Yet, one day you discover someone walked straight in. No alarms. No credentials. No trace of a break-in. That is what the security community woke …
I. Introduction: The Unseen Empire For years, Palantir has been the enigma of Silicon Valley. Once known for its secretive, high-stakes data work with intelligence agencies, it evolved into a cultural force, the nucleus of what many call the “Palantir Mafia.” As explored in previous pieces like Inside the Palantir Mafia: Secrets to Succeeding in …
Build Smarter, Ship Faster: Engineering Efficiency and Security with Pre-Commit In high-velocity engineering teams, the biggest bottlenecks aren’t always technical; they are organisational. Inconsistent code quality, wasted CI cycles, and preventable security leaks silently erode your delivery speed and reliability. This is where pre-commit transforms from a utility to a discipline. This guide unpacks how …
The Oracle Cloud breach didn’t just expose 140,000 tenants, it revealed the silent danger of transitive trust across SaaS ecosystems. This post analyses the breach, outlines what could’ve been done, and offers a practical response guide for engineering and security teams. Featuring tools, trust graphs, and lessons for the road ahead.
The AI-driven SaaS boom, powered by code generation, agentic workflows and rapid orchestration layers, is producing 5-person teams with £10M+ in ARR. This breakneck scale and productivity is impressive, but it’s also hiding a dangerous truth: many of these startups are operating without a secure software supply chain. In most cases, these teams either lack …
While Part 1 explored how the amendment reinforced a sanctions-led approach and repositioned AI policy within the broader cybersecurity doctrine, this second instalment shifts focus to its most understated move — the cryptographic recalibration. Executive Order 14144’s treatment of Post-Quantum Cryptography (PQC) may appear procedural at first glance, but in its omissions and realignments lies …
Trump’s latest Executive Order 14144 marks a strategic pivot in U.S. cybersecurity policy—narrowing sanctions, revoking digital ID initiatives, and mandating standards for AI and software security. In this first part of a two-part analysis, I unpack the deeper shifts beneath the headlines and highlight what practitioners, policymakers, and tech leaders need to watch.
IntroductionEurope’s compliance landscape is undergoing a seismic shift. With the proliferation of AI-driven products, tightening regulations such as ISO 27001, SOC 2, and PCI DSS, and the growing complexity of digital operations, businesses are under unprecedented pressure to stay compliant. Compliance automation and RegTech startups are rising to meet this challenge, infusing artificial intelligence and …
We built and launched a PCI-DSS aligned, co-branded credit card platform in under 100 days. Product velocity wasn’t our problem — compliance was. What slowed us wasn’t the tech stack. It was the context switch. Engineers losing hours stitching Jira tickets to Confluence tables to AWS configs. Screenshots instead of code. Slack threads instead of …
