Ascension Global Technology

06/17/2026

We can't respond the way we did just a few months ago.

For years, organizations have worked to remove friction from business.

Faster approvals.

Faster communication.

More automation.

More trust in the workflow.

And for the most part, that's worked.

The challenge is that many of those workflows were built around a simple assumption:

If something looks legitimate, it probably is.

That assumption is becoming harder to rely on.

One cybersecurity trend we expect to accelerate over the next 12 months is AI-powered identity attacks.

Not because organizations are doing anything wrong.

Because AI is making it easier than ever to imitate the people, communications, and interactions we've grown accustomed to trusting.

We're already seeing examples of this in the real world. In 2024, an employee at global engineering firm Arup was convinced to transfer approximately $25 million after participating in what appeared to be a legitimate video call with company executives—who were actually AI-generated deepfakes.

Read about something like this here:
https://www.weforum.org/stories/2025/02/deepfake-ai-cybercrime-arup/

The issue isn't technology.

It's that the signals we've relied on to establish trust are changing.

Organizations that navigate this shift successfully won't slow everything down.

They'll rethink where trust should be earned instead of assumed.

Are conversations around trust and verification changing in your organization?

Could you spot an AI deepfake of your boss? Arup chief Rob Greig reflects on his company’s brush with cybercrime – and what other organizations can learn.

06/16/2026

The cyberattack wasn't targeting technology.

It was targeting momentum.

When Marks & Spencer paused online orders following a cyber incident, the impact went far beyond IT. Customers couldn't place orders, operations were disrupted, and business came to a standstill.

Article:
https://www.theguardian.com/business/2025/apr/25/marks-and-spencer-pauses-online-orders-cyber-attack-fallout

One thing this story reminds us:

Cybersecurity isn't just about protecting systems.

It's about protecting the moments that matter most to your business.

Every organization has critical periods where disruption carries a much higher cost—whether that's a busy season, a major launch, quarter-end, or a period of high customer demand.

That's why effective cybersecurity starts with understanding the business, not just the technology.

The question isn't only, "How do we prevent an incident?"

It's also, "How do we keep serving our customers if something happens?"

What business moment would be hardest for your organization to have disrupted?

Contactless payments now restored in stores after week of problems as retailer apologises to shoppers

06/15/2026

One of the most interesting cybersecurity stories this month wasn't about a breach.

It was about speed.

Last week, CISA gave federal agencies just days to address an actively exploited VPN vulnerability after attackers began using it in real-world attacks.

That may sound like a government IT story.

But the lesson applies to every organization.

The gap between discovering a risk and feeling its impact is getting smaller.

Here are three takeaways business and technology leaders can apply today:

✅ Focus on response speed, not just prevention. No organization can eliminate every vulnerability. What matters is how quickly teams can identify, prioritize, and act.

✅ Make cybersecurity a team sport. The fastest responses happen when IT, security, operations, and leadership are aligned before an issue occurs.

✅ Keep plans simple. During a critical moment, people need clear steps—not a 100-page playbook.

At AGT, we believe cyber resilience is built long before an incident happens. Strong communication, trusted processes, and prepared teams often make the biggest difference.

Technology matters.

But people matter just as much.

Read the article that inspired this post:
https://techcrunch.com/2026/06/09/cisa-gives-us-federal-agencies-three-days-to-fix-a-vpn-bug-under-attack-by-a-ransomware-gang/

Question for our community:

If your organization received an urgent security advisory today, would everyone know exactly what to do next?

Check Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government.

06/12/2026

"We're too small to be a target."

It's one of the most common things we hear from business owners.

And honestly, it makes sense.

When you're focused on running the business, cybersecurity can feel like something larger organizations need to worry about.

But that's not what we're seeing.

At AGT, we're watching cybercriminals look for opportunity, not company size.

Most incidents don't begin with sophisticated attacks. They start with everyday moments—a rushed decision, a reused password, or a simple oversight.

An Associated Press article recently highlighted the growing cyber risks facing small businesses and the reality that no organization is too small to attract unwanted attention:

https://apnews.com/article/a542e2c9c7dd73fa4cca5be7c9a7a5b3

The good news?

Cybersecurity doesn't have to be overwhelming.

Building awareness, encouraging employees to speak up when something seems off, and creating simple security habits can go a long way toward reducing risk.

Because cybersecurity is ultimately about people, trust, and resilience.

Have you ever heard someone say, "We're too small to be a target"?

Cyberattacks on businesses are rising, including small businesses. It’s a troubling trend because a breach can be very costly and time consuming if owners don’t have a plan to deal with one.

06/11/2026

During a recent conversation with an insurance company leader, we found ourselves talking less about technology and more about people.

Specifically, the challenge employees face when they're asked to move faster, innovate more, and deliver exceptional customer experiences—all while adapting to an ever-growing list of cybersecurity requirements.

One comment stood out:

"It's not that our teams don't understand the importance of security. It's that every new safeguard can feel like one more obstacle standing between them and serving our customers."

That perspective highlights a challenge many organizations face today. As cyber threats and regulatory expectations continue to evolve, businesses must modernize and stay secure without overwhelming the people responsible for making it all work.

The most successful organizations aren't necessarily moving the fastest. They're finding ways to align innovation, security, and operational realities while keeping people at the center of the conversation.

One lesson remains clear: Security and innovation succeed or fail based on the people expected to carry them forward.

How is your organization balancing innovation with the realities of cybersecurity and day-to-day operations?

06/10/2026

One of the most overlooked cybersecurity trends today is that attackers increasingly don't need your password to gain access.

The recent Microsoft developer login hijacking incident highlights a broader shift in cyber threats. Instead of breaking through security controls, attackers are finding ways to exploit the trust built into modern identity systems and authentication workflows.

This should prompt organizations to rethink how they approach identity security.

For years, security strategies focused on protecting the login itself. Today, leaders also need visibility into what happens after authentication. A successful login is no longer the finish line—it's the starting point for ongoing security monitoring.

As businesses continue to adopt cloud platforms, AI, and connected digital ecosystems, trust has become one of the most valuable assets to protect.

A question worth asking:

**How much visibility does your organization have into activity occurring after a user successfully authenticates?**

Read the article:
https://cybernews.com/security/hackers-hijack-microsoft-developer-login/

What changes are you seeing in your organization's cybersecurity strategy?

Hackers use Microsoft software packages to steal developer passwords and API keys

06/09/2026

I wasn't expecting to learn something new about my smart TV this week.

But a cybersecurity article left me asking a question I'd never considered before:

What if my smart TV isn't just consuming internet traffic...

What if it's helping generate it?

Like many people, I've always thought of my TV as a device that streams movies, shows, and sports.

But after reading about residential proxy networks, I found myself wondering:

🤔 What am I actually agreeing to when I click "Accept"?

🤔 How many apps on my devices have permissions I've never reviewed?

🤔 If a service is free, do I really understand how it's making money?

The article explored how some free apps may allow users to opt into bandwidth-sharing programs, potentially turning everyday devices into part of larger networks used for web data collection.

Not because the device was hacked.

Not because malware was installed.

Because permission was granted.

My biggest takeaway?

Cybersecurity isn't always about stopping bad actors. Sometimes it's simply about understanding the digital relationships we've already agreed to.

A few good reminders:
✅ Review apps on smart TVs and connected devices
✅ Remove apps you no longer use
✅ Pay attention to permissions
✅ Be curious about how "free" services generate revenue

Interesting read:
https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html

Have you ever checked an app's permissions and been surprised by what it was asking for?

Bright Data SDK relays scraping via 150M+ consent-sourced IPs, bypassing VPNs and using up to 200GB/month bandwidth.

06/08/2026

You're moving through your day.

A meeting just ended.
Your inbox is filling up.
A teammate sends you a link.

You click it without a second thought.

Not because you weren't paying attention.

Because everything about it felt normal.

That's what makes a recently discovered GitHub vulnerability so interesting.

Researchers found that a single click inside a trusted platform could potentially expose a developer's credentials and access to private repositories.

The bigger lesson isn't about GitHub.

It's about trust.

Most cybersecurity incidents don't happen because people are careless. They happen because people are busy, collaborating, and trying to get work done.

That's why effective cybersecurity isn't just about technology—it's about building safeguards around everyday human behavior.

A few simple reminders:

✔️ Limit access to only what's needed
✔️ Review browser extensions and plugins regularly
✔️ Enable strong authentication whenever possible
✔️ Stay curious about unexpected requests—even in trusted environments

The strongest security programs help good people make safe decisions in busy moments.

Read more about the GitHub vulnerability here:
https://thehackernews.com/2026/06/one-click-github-dev-attack-lets.html

Have you ever encountered a security issue inside a platform you completely trusted?

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

06/05/2026

A business leader recently asked me:

"We've invested in security. Why does it still feel like a moving target?"

It's a question many organizations are asking right now.

The reality is that cybersecurity isn't just about having the right tools. It's about how trust is managed across your business every day.

That's why the NSA recently launched new guidance on Zero Trust implementation. Despite the name, Zero Trust isn't about distrusting employees or creating barriers. It's about continuously verifying access and reducing risk in a way that supports people and the business.

A few simple ways organizations can strengthen their security posture:

✅ Enable multi-factor authentication wherever possible

✅ Regularly review user access and permissions

✅ Verify devices before granting access to sensitive systems

✅ Make cybersecurity part of everyday business conversations

The strongest security programs combine technology, processes, and people working together.

The NSA's new guidance is worth a look:
https://www.linkedin.com/pulse/nsa-launches-new-webpage-zero-trust-implementation-hucte/

Has your organization started implementing Zero Trust principles, or is it still part of the future roadmap?

The National Security Agency (NSA) has announced the launch of its new Zero Trust Implementation Guidelines (ZIG) Webpage, designed to support organizations planning or currently implementing Zero Trust (ZT) architecture. The initiative is aimed particularly at National Security Systems (NSS), Defen

06/04/2026

A developer installed a trusted software package.

Nothing looked suspicious.

That was the problem.

Recently, malicious code was discovered inside trusted npm packages associated with a well-known vendor. The attackers weren't trying to cause obvious disruption.

They were quietly collecting developer credentials and access tokens.

It's a reminder that cybersecurity isn't always about spotting the obvious threat. Sometimes it's about verifying the tools, software, and dependencies we trust every day.

A few simple best practices can help reduce risk:

✔ Review third-party dependencies regularly

✔ Limit access privileges whenever possible

✔ Rotate credentials and tokens consistently

✔ Make software supply chain security part of your ongoing process

Technology plays an important role, but strong security often starts with good habits and informed decisions.

Read more:
https://www.csoonline.com/article/4179866/infected-red-hat-npm-packages-expose-developer-credentials.html

Have you ever discovered a security risk hiding inside something your organization trusted?

Researchers have uncovered a new Shai-Hulud malware variant hiding in Red Hat npm packages that now also gathers Google Cloud and Azure identities, an addition to its previous credential-snatching behavior.