July 17, 2026 · 5 min read
By Michael Narehood · Security
Hugging Face disclosed an AI-driven intrusion through its dataset pipeline. Lessons on hosted model guardrails, local forensics, and treating data processing as attack surface.
July 17, 2026 · 2 min read
By Michael Narehood · Security
A realistic endpoint baseline for small businesses: patching, MFA, EDR, backups, and least privilege, without pretending you need a Fortune 500 stack.
July 15, 2026 · 5 min read
By Michael Narehood · Security
Microsoft's record July 2026 release reflects AI-assisted vulnerability discovery. What MSPs and SMBs should change in triage without freezing from volume anxiety.
July 8, 2026 · 1 min read
By Michael Narehood · Security
Why phishing-resistant MFA belongs on privileged accounts first, and how to start small.
July 3, 2026 · 1 min read
By Michael Narehood · Security
A look at Qutzl’s patch priority process when a core product vulnerability hits the news.
July 1, 2026 · 1 min read
By Michael Narehood · Security
Out-of-office season is when delayed patching and standing admin rights get expensive. A pre-travel checklist.
June 26, 2026 · 1 min read
By Michael Narehood · Security
BYOD mail and Teams are convenient. Containerization and remote wipe need to be real.
June 22, 2026 · 1 min read
By Michael Narehood · Security
Separate admin identities and turn off unused seats before attackers find them.
June 19, 2026 · 1 min read · Tutorial
By Michael Narehood · Security
What to do in the first sixty minutes of a suspected breach.
June 1, 2026 · 1 min read
By Michael Narehood · Security
Temporary staff need tools on day one, not permanent Global Admin on day ninety.
May 22, 2026 · 1 min read
By Michael Narehood · Security
Block-all vs allow-with-logging: picking a control that matches your risk.
May 6, 2026 · 1 min read
By Michael Narehood · Security
How remote assistance should work when you care about consent, audit trails, and least privilege.
April 27, 2026 · 1 min read
By Michael Narehood · Security
Service accounts with never-expiring passwords become permanent backdoors.
April 24, 2026 · 1 min read
By Michael Narehood · Security
Helpful toolbars are supply-chain risk. How to set a sane policy.
April 22, 2026 · 5 min read
By Michael Narehood · Security
Anthropic's April 2026 Project Glasswing put Claude Mythos Preview to work finding critical flaws with major vendors. What that means for downstream patching at ordinary SMBs.
April 10, 2026 · 1 min read · Tutorial
By Michael Narehood · Security
Contractors and MSPs change. Make sure their VPN, admin, and SaaS access changes with them.
March 25, 2026 · 1 min read
By Michael Narehood · Security
Block macros from the internet. Your 2014 workflow may need a redesign.
March 23, 2026 · 1 min read
By Michael Narehood · Security
Why delayed disablement is a predictable incident.
March 16, 2026 · 1 min read · Tutorial
By Michael Narehood · Security
A two-hour quarterly ritual that catches privilege creep before an audit or an attacker does.
March 13, 2026 · 1 min read
By Michael Narehood · Security
Move past email attachments for sensitive files without making clients jump through hoops.
March 4, 2026 · 1 min read
By Michael Narehood · Security
The phrases and patterns that should trigger a pause before anyone moves money.
March 2, 2026 · 1 min read
By Michael Narehood · Security
CPAs and bookkeepers become high-value targets each spring. Harden the paths to returns and source docs.
February 25, 2026 · 1 min read
By Michael Narehood · Security
Disk full and certificate expiry beat vanity dashboards.
February 23, 2026 · 1 min read · Tutorial
By Michael Narehood · Security
Day-one access without day-one admin rights.
February 18, 2026 · 1 min read
By Michael Narehood · Security
Credit-card SaaS purchases create data and identity debt. How to see it without becoming the department of no.
February 13, 2026 · 1 min read
By Michael Narehood · Security
SIM swaps and SS7 abuse make text-message codes weaker than app-based or FIDO MFA.
February 6, 2026 · 1 min read
By Michael Narehood · Security
How to run awareness tests that improve reporting rates instead of breeding resentment.
January 23, 2026 · 1 min read
By Michael Narehood · Security
Attackers spam approve prompts until someone taps Yes. How number matching and better MFA choices help.
January 21, 2026 · 1 min read
By Michael Narehood · Security
Skip the resolutions theater. Five security habits SMBs can keep through February and beyond.
August 20, 2025 · 5 min read
By Michael Narehood · Security
Emergency browser updates do not wait for Patch Tuesday. How SMBs should force Chrome updates, control extensions, and close the relaunch gap before attackers do.
July 22, 2024 · 4 min read
By Michael Narehood · Security
A bad Falcon content update crashed millions of Windows systems. Here is what small IT teams should change without turning it into blame theater.
April 1, 2024 · 4 min read
By Michael Narehood · Security
CVE-2024-3094 hit rolling Linux distros hard. Here is what happened, who was exposed, and the checks SMB teams should run.