Let's start with Hasbro.

Hasbro. The company that has been teaching children about money since 1935 with a board game called Monopoly. A game where you buy property, charge rent and occasionally go to jail… just got robbed.

Digitally. Completely.

And weeks later, the attackers may still be inside, wandering the halls of the company's systems like a house guest who won't leave and keeps helping themselves to whatever's in the fridge.

If that doesn't perfectly summarize the state of cybersecurity in 2026, nothing will.

Here is the reality that nobody in a boardroom wants to say out loud: we are losing. Not slowly. Not incrementally. We are losing the way you lose a Monopoly game when someone owns Boardwalk and Park Place and you've been mortgaging everything since the third lap around the board. The numbers are not ambiguous.

Cybercrime cost the world $10.5 trillion in 2025.

That's not a typo. That's not a rounding error. That is a number so large it has lapped the GDP of every country on earth except two. And we're on pace to make it worse.

But here's what makes 2026 different from every year before it. Here's the thing that should make you put down your coffee and stare at the wall for a moment.

The hackers stopped using malware.

Let that sink in. The most sophisticated criminal and state-sponsored attack operations on earth have looked at all the ransomware, all the zero-days, all the elaborate technical exploits available to them — and decided that the most effective weapon in their arsenal is a convincing text message. They're not hacking your systems anymore. They're hacking you. Your judgment. Your trust. Your very human need to believe that the WhatsApp message from your colleague asking you to open an attachment is exactly what it appears to be.

Meanwhile, North Korea… an entire nation-state, a government, a military apparatus… quietly slipped malware into an open source JavaScript library downloaded tens of millions of times every single week. Not into some obscure dark corner of the internet. Into the plumbing of the modern web. Into the tools your developers use every single day without thinking about it, the same way you don't think about whether the water coming out of your tap has been tampered with.

Until it has.

And while all of this is happening… while Hasbro is getting looted and North Korea is poisoning the water supply of the internet and hackers are sliding into your WhatsApp like a bad date… Google is quietly raising its hand in the back of the room to mention that quantum computers are closer to cracking encryption than anyone previously admitted. Your crypto. Your banking. The SSL certificate that puts that little padlock on your browser that you've been trusting with your financial life. All of it running on mathematical assumptions that are aging about as well as a dairy product left in a warm car.

We are, in other words, at a genuinely historic inflection point.

And most organizations are responding to it the way most organizations respond to genuinely historic inflection points… by scheduling a meeting about it.

The FCC just banned certain foreign-made routers, and somewhere in Washington a press secretary wrote a press release about it that used the word "robust" at least four times. And look, the security implications of foreign-made network hardware are real and worth taking seriously. But banning future router imports while millions of unpatched, unmonitored, effectively abandoned routers are already sitting in home offices and branch networks across America is like changing the locks on your front door while leaving the window wide open, the back door unlocked, and a spare key under the mat.

Security is not something you legislate into existence. It is not something you procure your way out of. It is not a product you buy or a policy you pass or a vendor you hire and then stop thinking about. It is a practice. A discipline. A posture. It is the unglamorous, continuous, operationally demanding work of people who understand that the threat is not waiting for your next budget cycle.

And here is the part that keeps the people who actually understand this stuff awake at night:

The humans are the problem. The humans are also the only solution.

Every single major breach in recent memory has a human somewhere in the chain. A click. A credential. A moment of misplaced trust. The most sophisticated zero-day exploit on earth still needs a human to open a door somewhere.

And yet, (and this is the part that borders on organizational malpractice), most companies still treat cybersecurity as an IT issue.

Something that lives in a basement department with a tight budget and a CISO who doesn't have a seat at the table where actual decisions get made.

The CISO Gap is real. It is expensive. And it is entirely self-inflicted.

You know what else is real?

The fact that a former CIA officer just published a paper arguing that the most secure way for an intelligence operative to communicate in 2026 is to leave a note under a park bench. That the entire magnificent, terrifying, world-altering edifice of digital communication that we have built over fifty years has become so compromised, so susceptible to AI-generated deception, that human eyeballs and a firm handshake are now a competitive intelligence advantage.

We built the future. It turns out the future is not as trustworthy as advertised.

So what do you do with all of this? What is the actual, practical, non-press-release answer to living and working in a world where everything digital is suspect, where the open source tools your developers trust are potential weapons, where your WhatsApp is an attack surface and your router is a liability and quantum computers are warming up in the bullpen?

You start by telling the truth. To your board. To your employees. To yourself.

The truth is that security is not a problem you solve. It is a condition you manage. It requires investment, attention, leadership and, critically, the organizational courage to treat it as the existential business risk that it actually is rather than the IT line item that it has traditionally been budgeted as.

The truth is that the attackers are more motivated, more creative and more patient than most defenders. They only have to be right once. You have to be right every single time.

And the truth, the one that the CIA analyst and the cybersecurity researchers and the quantum physicists are all arriving at from completely different directions, is that trust is now the most valuable and most endangered resource in the digital economy.

Not data. Not bandwidth. Not processing power.

Trust.

And right now, we are burning through it like there's an unlimited supply.

But… There isn't.

The editorial opinions expressed here are those of the author and represent the view from the cheap seats… which, it turns out, have an excellent view of the fire.

Microsoft warns: WhatsApp used to deliver malware to Windows PCs
Attackers are leveraging trusted messaging channels to distribute malware via attachments—turning everyday communication tools into delivery vectors for multi-stage attacks.
Source: TechRepublic | Wed, Apr 1

Massive Microsoft 365 phishing campaign bypasses MFA protections
Attackers are exploiting legitimate authentication flows to bypass MFA—reinforcing that identity security now depends on session control, not just login verification.
Source: TechRepublic | Thu, Mar 26

Open-source supply chain hit: Axios package hijacked
North Korea-linked actors are suspected of inserting malware into a widely used JavaScript library, potentially impacting millions of downstream applications.
Source: Nextgov / TechCrunch | Tue, Mar 31

Hasbro breach: recovery may take weeks
The company confirmed an ongoing cyber incident and continues remediation—suggesting attackers may still have persistence inside systems.
Source: TechCrunch | Wed, Apr 1

AI startup Mercor hit via open-source compromise (LiteLLM)
An extortion group claims it breached Mercor through a compromised open-source dependency—highlighting supply chain exposure in AI ecosystems.
Source: TechCrunch | Wed, Apr 1

Breach roundup: European Commission + U.S. school district incidents
This week includes a major EU data exposure (~350GB) and operational disruption in U.S. education systems.
Source: Kaseya | Wed, Apr 1

Google warns quantum could break crypto sooner than expected
The timeline for quantum threats is accelerating, increasing urgency for post-quantum migration strategies—especially against “harvest now, decrypt later” risks.
Source: TechRepublic | Wed, Apr 1

Cisco pushes full-stack post-quantum cryptography (IOS XE 26)
Cisco is embedding PQC across device layers—from boot integrity to network traffic—signaling a shift toward end-to-end cryptographic resilience.
Source: Cisco Networking Blog | Wed, Apr 1

Encryption: both shield and challenge in cybercrime fight
A broader look at how encryption simultaneously protects users and complicates law enforcement efforts in a $10T+ cybercrime economy.
Source: Cybercrime Magazine | Wed, Apr 1

AI may revive old-school spycraft
A CIA journal analysis suggests that as AI erodes trust in digital signals, human intelligence techniques (HUMINT) may regain prominence.
Source: Nextgov | Wed, Apr 1

Hackers shifting from malware to social engineering
Recent trends show attackers increasingly favoring human manipulation over technical exploits—because it works better.
Source: ExtremeTech | Tue, Mar 31

IBM + Arm explore dual-architecture systems for AI workloads
A new partnership aims to blend Arm’s efficiency with IBM mainframe reliability—hinting at more flexible, hybrid compute architectures for enterprise AI.
Source: Computer Weekly | Thu, Apr 2

Oracle doubles down on bare metal cloud strategy
High-performance workloads are increasingly favoring direct hardware access over virtualized environments—driven by performance and security concerns.
Source: Computer Weekly | (context continues this trend)

Routers remain a critical, overlooked attack surface
A commentary warns that banning vendors won’t fix existing exposure—millions of unpatched routers still sit inside enterprise and home networks.
Source: Computer Weekly | Tue, Mar 31

The “CISO gap” continues to widen
Cybersecurity leadership is now a business-critical function, yet many organizations still lack dedicated executive oversight.
Source: Cybercrime Magazine | Tue, Mar 31

Workforce pipelines becoming essential to close skill gaps
Organizations are shifting from hiring to building talent—focusing on certifications, structured development, and real-world application.
Source: CompTIA (Video) | Thu, Mar 26

Career spotlight: IT analyst balancing tech + creativity
A reminder that tech careers increasingly enable flexible, multidisciplinary paths beyond traditional roles.
Source: CompTIA (Video) | Wed, Apr 1

The most important technology story of 2026 isn't about what AI can build. It's about what AI has already broken. Trust.

…In our communications, our infrastructure, our digital institutions.

It is under assault from every direction simultaneously.

The attackers are organized. The tools are democratized. The stakes are existential. And the solution isn't a better firewall or a government ban list or a quantum-resistant algorithm, though all of those things matter. The solution is the oldest one in human history: pay attention, tell the truth, and show up in person when it really counts.

Apparently the CIA figured that out first.

See you next week. Try not to click anything suspicious in the meantime.