Apne Aasman Se Meri Zameen Dekhlo.....
Tum Khwab Aaaj Koi Haseen Dekhlo.....
Agar Aazmana Hai Aitbar Ko Mere To......
Ek Jhoot Tum Bolo Or Mera Yaqeeen Dekh Lo..
🧙♂️Tenant MCP Server Connectivity Risk Assessment
Fellow defenders — do you have clear visibility of the local agents running across your tenant endpoints, and more importantly, the external MCP servers these agents are communicating with?
In a potential supply chain compromise scenario, identifying affected MCP servers is only half the battle. The real challenge lies in quickly determining the blast radius — specifically, how many local agents are actively connecting to those compromised servers.
The KQL query below helps you answer exactly that.
It provides:
• Visibility into external MCP server connections
• Identification of potentially impacted endpoints
• A quick way to quantify exposure across your tenant
With this insight, you can:
• Prioritise containment actions
• Isolate or restrict affected agents
• Prevent further lateral movement and persistence
Keep this query in your hunting toolkit — it’s a practical way to continuously understand and assess your tenant’s MCP connectivity risk posture.🫡
#Cybesecurity #Agent365 #MCPServers #DefenderXDR
The real reason most MFA migrations fail isn’t technical; it’s change management.
After sharing the authentication hierarchy and why phishing-resistant MFA matters, I’ve had many conversations with security leaders who say the same thing:
"We know we should move to passkeys and FIDO2, but users will hate it/we��ll get too many helpdesk calls/leadership isn’t bought in."
Here’s the truth I’ve seen in successful deployments:
Phishing-resistant authentication is often more user-friendly once users get past the first login.
1) No more typing OTPs or approving random push notifications while juggling coffee.
2) Windows Hello for Business or platform passkeys = just a quick face scan, fingerprint, or PIN.
3) Security keys for road warriors are simple and reliable (and you can issue them like company badges).
Lessons from organisations that nailed the transition:
1) Start small and communicate relentlessly. Begin with privileged users and a pilot group. Show a 30-second video: "Here’s how you register a passkey; it takes 20 seconds, and you’ll never deal with MFA fatigue again."
2) Make registration painless. Use Conditional Access to gently nudge users to register strong methods during normal sign-ins. Provide self-service options and clear instructions.
3) Plan for the exceptions. Not every device or user can go fully passwordless on day one. Use authentication strengths, so high-risk access requires phishing-resistant methods, while allowing number matching as a temporary fallback for legacy scenarios.
4) Measure what matters. Track MFA fatigue incidents, helpdesk tickets related to authentication, and successful phishing simulations before vs. after. The numbers usually speak for themselves.
5) Give users a win. Frame it as "We’re removing annoying security theatre and replacing it with fast, secure login."
Common pitfalls to avoid:
1) Requiring the strongest method for everyone on day one → user frustration and shadow IT.
2) Forgetting break-glass accounts or emergency access.
2) Under-communicating the "why" people resist change when they think it’s just more security hassle.
Modern authentication isn’t about making life harder for users. It’s about removing the weakest links that attackers love to exploit while making daily work smoother.
The organisations pulling ahead aren’t the ones with the biggest budgets; they’re the ones treating this as a usability + security combined project, not just a security project.
If you’re in the middle of (or planning) a move to passkeys/FIDO2/WHfB, what’s your biggest concern right now?
AI Integrity: Defending Against Backdoors and Secret Loyalties - https://t.co/TUWCDe4qYY
The rapid integration of AI systems across government operations increases exposure to AI integrity threats. As adversaries develop both the capability and motivation to compromise frontier AI systems, establishing robust defenses becomes increasingly important.
The four recommendations outlined in this report provide a strategy that leverages the government's unique strengths without imposing regulatory burdens on industry. By organizing government-led red team exercises, developing voluntary NIST security frameworks, creating formal threat intelligence sharing partnerships, and launching new ARPA research programs, the government can significantly strengthen AI integrity across both public and private sectors.
The path forward requires partnership between government and industry, combining the government's counterintelligence expertise with industry's technical innovation. By implementing these recommendations, the United States can maintain its leadership in AI while ensuring that the systems underpinning critical national functions remain trustworthy and aligned with American interests. Many open questions remain about how best to tackle the problem of AI integrity, and we therefore encourage the research community to contribute to this nascent field.
Applying for IT Audit, Information Security, or GRC Roles? Don’t Limit Your Job Search to Just One Title. Updated!
One mistake I see many candidates make is searching only for job titles like IT Auditor or GRC Analyst. In reality, many organizations use different titles for roles that require the same core skills —risk assessment, controls testing, compliance, and security governance.
If you’re trying to break into or grow within IT Audit, Information Security, or GRC, expand your search to include related titles such as:
Related Job Titles to Look Out For
>> IT Risk Analyst
>> Information Security Analyst
>> Cybersecurity Governance Analyst
>> Compliance Analyst (IT / Technology Risk)
>> Internal Control Analyst
>> Technology Risk Consultant
>> SOC Analyst (especially Governance or Compliance-focused roles)
>> Third-Party Risk Analyst / Vendor Risk Analyst
>> Data Privacy Analyst
>> IT Control Analyst
>> Audit & Assurance Associate (Technology)
Many of these roles cover ITGC, risk management, control reviews, policy implementation, and regulatory compliance —the same foundation used in IT Audit and GRC.
Industries You Should Also Target (Beyond Consulting & Banks)
>> FinTech & Digital Banks
>> Telecommunications
>> Aviation & Logistics
>> Energy (Oil & Gas, Power)
>> HealthTech & Healthcare
>> E-commerce & Digital Platforms
>> Insurance
>> Manufacturing Industry
>> Government & Public Sector
>€ SaaS / Cloud Companies
Different industries often have stronger compliance requirements, which increases demand for IT Audit and GRC professionals.
Pro Tip:
When searching on job platforms, don’t search only by job title—search by skills such as:
ITGC
ISO 27001
Risk Assessment
Internal Controls
SOC 2
Data Privacy
Cloud Security Governance
Sometimes the right opportunity is hidden behind a different job title.
A password like G7$kL9#mQ2&xP4!w looks strong.
Every password checker rates it "excellent."
But researchers at Irregular just published something worth knowing: that exact string appeared 18 out of 50 times when Claude was asked to generate a password.
The reason: LLMs are prediction engines. They're optimized for plausibility, not randomness. Claude's passwords had ~27 bits of entropy. A truly random password has ~98.
Password checkers can't detect this. They see character variety. They can't see statistical distribution.
It gets worse for developers: Irregular also found AI coding agents hardcoding these patterns directly into Docker configs and .env files — without the developer knowing.
They found the patterns on GitHub.
Are you auditing AI-generated codebases for hardcoded credentials?
#CyberSecurity #PasswordSecurity #DevSecOps #AppSec
Author: T.O. Mercer
Microsoft Defender was able to confirm a small but noticeable uptick in installations of OpenClaw initiated by Cline CLI installation script during the supply chain compromise of their NPM package that lasted approximately eight hours on February 17, 2026 between 11:26 and 19:30 UTC. Organizations using Cline CLI should urgently check environments for unexpected OpenClaw installations.
Cline is an open-source AI coding agent. On February 17, 2026, Cline published an advisory that an unauthorized party had used a compromised npm publish token to publish an update to Cline CLI on the npm registry: https://t.co/1WcoXCIWIf.
The altered npm package ([email protected]) was modified to perform the installation of OpenClaw as post-install script, as initially discovered and demonstrated by a security researcher: https://t.co/9dIGuju7dj. A corrected version has since been released.
For more information on the risk arising from self-hosted agent runtimes like OpenClaw, including monitoring and hunting guidance, read this blog: https://t.co/P4JpYK25Za
Cybersecurity is growing fast.
$PANW
Platform consolidator. Converging network, cloud, SOC into one integrated stack. Forcing vendor rationalization across large enterprises.
$CRWD
Endpoint + identity fabric. Single lightweight agent feeds telemetry across endpoint, cloud, identity. Data scale drives expansion.
$ZS
Zero Trust Exchange. Removes users from corporate network entirely. Cloud proxy replaces VPN-era architecture.
$NET
Connectivity Cloud at the edge. Secures apps, users, APIs in front of the internet. Network scale is the moat.
$MSFT
Embedded security baseline. Protection bundled across Azure, M365, Windows. Distribution advantage few can match.
$FTNT
ASIC-driven performance edge. High-throughput firewalls + SASE at strong price-performance. Hardware roots, platform evolution.
$CHKP
Prevention-first focus. Infinity architecture spans network, cloud, workspace. Stability and margin discipline define strategy.
$NTSK
Data-centric SASE. Deep DLP visibility controls how data moves across SaaS and AI apps, not just who accesses it.
$S
Autonomous defense model. AI-driven Singularity platform automates detection and response across domains.
$OKTA
Neutral identity layer. Connects any user to any stack across multi-cloud environments. Governance expanding beyond SSO.
$SAIL
Identity governance depth. Defines who gets access and why. Focused on compliance-heavy enterprise environments.
$CYBR
Privileged access vault. Secures admin credentials attackers target first. Now core identity layer inside PANW.
$WIZ
Agentless cloud visibility. Snapshot-based risk detection across AWS, Azure, GCP. Now embedded into Google Cloud.
$DDOG
Observability meets security. Uses logs, metrics, traces to detect threats inside live applications.
$RBRK
Cyber resilience layer. Immutable backups + clean recovery. Designed for breach assumption, not breach prevention.
Ramadan mubarak y'all! 🌙
and as per tradition, i have released v6 of my ramadan-cli, which also comes with agent skills and --json mode.
$ npx ramadan-cli
RAMADAN CLI
🌙 Focus: Sehar + Iftar
📍 Setup: auto city/country/timezone
🧭 Fiqh: method + school recommendations
🗓 Modes: today, month (-a), specific roza (-n)
🤖 Mode: JSON for scripts/agents
if installed globally, use ramadan-cli or roza instead of npx ramadan-cli.
→ today view
ramadan-cli
→ full ramadan month
ramadan-cli -a
→ specific roza 10
ramadan-cli -n 10
→ one-off city lookup
ramadan-cli vancouver
→ save defaults (non-interactive)
ramadan-cli config --city "San Francisco" --country "United States" --method 2 --school 0 --timezone "America/Los_Angeles"
→ show or clear saved config
ramadan-cli config --show
ramadan-cli config --clear
→ reset everything
ramadan-cli reset
zero-config:
- first-run guided setup (TTY)
- auto location + timezone detection fallback
- works with npx (no install)
- clean terminal output + JSON output
works with AI agents via skills
$ npx skills add ahmadawais/ramadan-cli
then ask your agent for city timings, full-month tables, or automation-friendly JSON.
happy ramadan!