Here's something nobody in a boardroom wants to hear but every single person reading this needs to understand right now:

The hackers are not the problem.

The humans are.

I know. Stay with me.

This week alone — this single, solitary week — we watched fake Windows updates raid browsers like a smash-and-grab on Fifth Avenue. We watched 108 malicious Chrome extensions sit inside Google's own storefront like wolves in a sheep costume, quietly robbing 20,000 people blind. We watched Russia attempt to digitally freeze an entire Swedish city. Not for money. Not for data. Just to prove they could.

And we celebrated the one year anniversary of the moment a teenager with a phone call brought the greatest retail empire in British history to its knees.

One. Phone. Call.

No zero-days. No nation-state budget. No supercomputer humming in a Moscow basement. Just a kid, a script, and the quiet, devastating confidence that somewhere on the other end of that line someone hadn't been trained to say no.

He was right…

Here's what's really keeping security professionals up at night, and it's not the sophistication of the attacks. It's the simplicity. Because you can buy the best firewall money can build. You can encrypt everything from your servers to your CEO's standing desk. You can pass every compliance audit with flying colors and hang the certificates on the wall like trophies.

And a bored 17-year-old in his bedroom can still walk straight through your front door.

Because the front door isn't made of code.

It's made of people.

This is the gap that Scattered Spider exploited at M&S. It's the gap that Russia is probing in European infrastructure. It's the gap that 108 fake Chrome extensions quietly lived inside for God knows how long before anyone noticed.

It's not a technology gap.

It's a human gap.

And here's where it gets truly, uncomfortably interesting.

While Washington is busy cancelling the CyberCorps internship program (i.e. actively dismantling the pipeline that trains the next generation of defenders) AI is out here finding software bugs faster than human developers can patch them. Anthropic just dropped an agent that has the entire cybersecurity market in a cold sweat. The attack surface isn't just growing. It's evolving in real time.

We are simultaneously defunding our defenders and supercharging our adversaries.

Let that sentence live in your chest for a moment.

The people who want to get in are getting smarter, faster and more automated by the week. And the institutions responsible for stopping them are cutting internship programs, debating warrant requirements for surveillance tools that already exist, and apparently hoping that vibes and legacy infrastructure will hold the line.

They won't.

So what does this mean for you?

It means the question is no longer "could we get attacked?"

That ship has sailed, hit an iceberg, and is currently being picked apart by teenagers with Discord accounts and too much free time.

The question is "when it happens — and it will happen — are we ready?"

Because:

And every single one of them had IT departments, security budgets and compliance frameworks that looked great on paper.

What they didn't have was a professional, dedicated, always-on team whose entire existence is built around the assumption that the attack is already coming.

The castle doesn't fall because the enemy is brilliant.

The castle falls because the people inside it thought the walls were enough.

They never were.

Next week the attacks will be different. The tools will be sharper. The targets will be bigger. The only thing that won't change is the gap between the organizations that take this seriously… and the ones that find out too late that they should have.

Which side of that line are you on?

NOTE: The editorial opinions expressed here are those of the author and represent the view from the cheap seats — which, it turns out, have an excellent view of the dumpster fire.

Fake Windows 11 update used to steal credentials and session data
Attackers are disguising malware as a legitimate Windows 11 24H2 update, exfiltrating browser passwords, cookies, and active sessions—turning routine update behavior into a high-risk action.
Source: ExtremeTech | Wed, Apr 15

108 malicious Chrome extensions expose 20,000 users
A coordinated campaign embedded backdoors, data theft mechanisms, and ad injection into browser extensions—highlighting how easily trusted tools can become attack vectors.
Source: TechRepublic | Wed, Apr 15

Breach roundup: FBI flags “major incident” as attacks spread globally
This week includes critical infrastructure threats, phishing campaigns, and zero-day exploitation activity—showing continued escalation across sectors.
Source: Kaseya | Thu, Apr 16

LAPD breach leaks sensitive legal system data
Hackers accessed a city attorney system and exposed internal documents—underscoring ongoing risk to municipal and public-sector systems.
Source: TechCrunch | Wed, Apr 8

One year later: the M&S cyberattack still reshapes security thinking
A retrospective reveals the breach began with a simple helpdesk impersonation call—not a zero-day—reinforcing that social engineering remains the most dangerous entry point.
Source: Computer Weekly | Thu, Apr 16

Sweden blames Russian hackers for attempted destructive attack on thermal plant
Officials warn that cyber operations are moving beyond espionage into destructive targeting of infrastructure across Europe.
Source: TechCrunch | Thu, Apr 16

Iranian hackers escalate targeting of U.S. critical infrastructure
U.S. agencies report increasingly aggressive tactics tied to geopolitical tensions, raising risk for energy and essential services.
Source: TechCrunch | Tue, Apr 7

Attackers exploit major programming ecosystems (npm, PyPI, Go, more)
North Korea-linked actors are inserting malware into widely used repositories, bypassing enterprise defenses by targeting developer dependencies directly.
Source: Developer Tech News | Wed, Apr 8

Chrome extensions and fake updates show trust layer collapse
From browser plugins to OS updates, attackers are increasingly targeting trusted distribution channels rather than breaking technical defenses.

AI is discovering vulnerabilities faster than teams can fix them
New AI systems can scan massive codebases and surface bugs at unprecedented speed—creating a widening gap between discovery and remediation.
Source: Developer Tech News | Thu, Apr 16

Agentic AI enters the SOC: automation vs. control
New platforms promise reduced alert fatigue and faster investigations, but introduce new governance and oversight challenges.
Source: Cybercrime Magazine | Thu, Apr 16

Anthropic’s new AI capabilities stir cybersecurity markets
Advances in AI agents are expected to reshape both attack and defense dynamics—fueling investment and concern across the industry.
Source: Cybercrime Magazine | Thu, Apr 16

FISA Section 702 renewal heads to vote without warrant amendment
Congress is preparing to vote on extending surveillance authority, reigniting debate over privacy and intelligence powers.
Source: Nextgov | Thu, Apr 16

White House signals more cybersecurity executive orders ahead
Officials indicate additional policy actions are coming, particularly around AI and critical infrastructure security.
Source: Nextgov | Thu, Apr 16

CISA cancels CyberCorps internships amid DHS disruption
A setback for cybersecurity workforce development highlights broader instability in federal talent pipelines.
Source: Nextgov | Thu, Apr 16

Retail IT faces scaling challenges with AI-driven demand
Organizations must support more devices and locations without increasing headcount—driving adoption of cloud-managed and automated networking.
Source: Cisco Networking Blog | Thu, Apr 16

Scaling networks for AI without major hardware upgrades
Software-defined, autonomous networking models are emerging as a way to meet AI demands without costly infrastructure overhauls.
Source: Cisco Networking Blog | Thu, Apr 16

IT support engineer spotlight: real-world path into tech
A career story highlights how certifications like CompTIA A+ translate directly into hands-on IT roles and rapid career entry.
Source: CompTIA YouTube

This week wasn't about sophisticated code or nation-state supercomputers. It was about trust. Fake updates exploited it. Malicious extensions abused it. A teenager weaponized it with nothing but a phone call and a convincing story.

The pattern is clear and it's not going away.

Attackers aren't just breaking down your walls anymore — they're walking through your front door wearing a visitor's badge.

And AI is strapping a rocket to both sides of that equation.

The organizations that survive what's coming won't just patch faster.

They'll fundamentally rethink who and what they trust…

And they’ll be smart enough to put professional people in place to make sure that trust is never weaponized against them again.

DISCLAIMER: The content in this newsletter is curated and editorialized for informational purposes only. We are not responsible for any decisions made based on the information presented here. All opinions expressed are exactly that — opinions. Cybersecurity threats, vulnerabilities and incidents referenced are based on publicly available reporting at the time of publication and may have evolved since. Links to third party sources are provided for reference only and do not constitute endorsement of those publications, organizations or their positions.

Nothing in this newsletter constitutes professional legal, technical or cybersecurity advice. Every organization's security posture is unique. If something you read here scared you — good. But please consult qualified cybersecurity professionals before making any decisions about your infrastructure, security stack or IT strategy.

Which, coincidentally, is exactly what we've been saying this whole time.

© 2026. All rights reserved. Don't steal our stuff — we have people who handle that. 🤘