Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
DPDP Act 2023: What Indian Businesses Need to Know and Do Now
India’s Digital Personal Data Protection Act (DPDP Act) 2023 is now law. If your business collects, stores, or processes personal data of…
Security Guides5 Critical Security Mistakes Startups Make (And How to Fix Them)
Most startup breaches do not happen because attackers are sophisticated. They happen because the basics were skipped. After working in enterprise security…
News3CX Supply Chain Attack 2023 — How North Korea Compromised a VoIP Vendor to Compromise 600,000 Customers: First Confirmed Double Supply-Chain Attack
A backdoored installer of 3CX VoIP software — itself compromised because 3CX engineers ran a backdoored Trading Technologies financial-trading app on company…
NewsLastPass Breach Chain 2022 — How a Compromised Engineer’s Plex Server Cost Customers Their Encrypted Vaults: Anatomy & Lessons
Two breaches separated by months. The second compromised a senior engineer's home Plex server, then his keylogger-captured master password — exfiltrating LastPass's…
NewsMicrosoft Storm-0558 Attack 2023 — How a Stolen MSA Signing Key Gave China Read-Access to US State Department Email: Anatomy & Lessons
Chinese state-aligned threat actor Storm-0558 obtained a Microsoft consumer signing key, used a flaw in Microsoft's token validation to forge enterprise tokens,…
NewsOkta Support System Breach 2023 — How Cookies Stolen from Customer-Service Sessions Led to BeyondTrust, Cloudflare, 1Password Compromises
A stolen Okta employee credential gave attackers access to Okta's customer support system. From there they harvested HAR files containing valid session…
News23andMe Genetic Data Breach 2023 — How Credential Stuffing Plus DNA Relatives Feature Exposed 6.9 Million Profiles: Anatomy & Privacy Implications
Credential stuffing succeeded on 14,000 23andMe accounts — but the DNA Relatives feature meant attackers harvested the genetic data of approximately 6.9…
NewsMediBank Australia Ransomware 2022 — How a Refusal to Pay Set the Australian Precedent: 9.7M Records Leaked, $1.7B Cost, BlogXX Sanctions
Australian health insurer MediBank refused to pay attackers' ransom demand for 9.7M customer records; attackers progressively leaked the data including extracted medical…
NewsMicrosoft Midnight Blizzard 2024 — How APT29 Used Password Spraying to Read Microsoft Senior Executive Email: Anatomy of the Russian SVR Intrusion
Russian SVR-aligned APT29 used password spraying on a legacy non-MFA Microsoft test tenant, then OAuth-abused a malicious application to read months of…
NewsHeartbleed (CVE-2014-0160) — How a 64KB Memory Leak in OpenSSL Compromised 17% of the Internet: The Vulnerability That Changed TLS Forever
A simple bounds-check error in OpenSSL's heartbeat extension allowed unauthenticated attackers to read 64KB of server memory at a time — exposing…