Ideas, Observations & Stories in Cybersecurity
Introduction If you’ve been reading this series, you’ve heard both terms. They get used interchangeably in the press, in vendor marketing, and honestly, in a lot of engineering slack channels. But jailbreaking and prompt injection are not the same thing — and conflating them leads to defenses that protect against one while leaving you completely…
Introduction If you’ve followed this series from the beginning, you’ve seen the full attack landscape: direct prompt injection, indirect injection through RAG pipelines, and multi-agent cascades where a single poisoned document can ripple across an entire agent network. Each post ended with defenses specific to that attack. But defenses in isolation don’t make a security…
Every organization today claims to follow a Secure SDLC. And yet, vulnerabilities still reach production — not rarely, but routinely. Not exotic zero-days. Not nation-state exploits. But basic, structural flaws that should never have existed in the first place. So the uncomfortable question is not whether Secure SDLC exists.It’s whether it actually works the way…
After completing CSSLP, I wanted to take a step beyond technical depth and build leadership skills — GSLC was a natural choice, and here I am after successfully clearing the GIAC Security Leadership (GSLC) certification. GSLC is not just another cybersecurity certification. It is a leadership-focused credential designed to validate a security professional’s ability to…
When I saw the “Pass” result for the CSSLP exam, my first reaction wasn’t excitement. It was relief. And then — clarity. CSSLP wasn’t just another certification to add to my profile. It was a mirror held up to my career, forcing me to confront how often security is treated as an afterthought, a patch,…
Introduction We will move our discussion ahead from our last topic on Ransomware and will go through a ransomware Akira. In the crowded and ever-evolving ransomware landscape, Akira has quickly established itself as one of the most disruptive players. Emerging in March 2023, Akira targets organizations with a double extortion playbook — exfiltrating sensitive data…
Introduction Ransomware has evolved from being a nuisance for individual computer users to one of the most damaging threats to modern organizations.It’s not just about encrypting files anymore — the latest ransomware operations have become full-fledged criminal enterprises, combining data theft, extortion, and public shaming into a single high-pressure attack model. In this blog, we’ll…
Introduction We have discussed in the previous post regarding the introduction, basically Insecure deserialization is a critical vulnerability that often lurks in legacy systems and internal applications. Serialization and deserialization are foundational operations in modern software development, enabling communication between systems, data storage, and object persistence. However, improper use of deserialization—particularly with unsafe serializers like…
