How to move from triage to validated actions in security

⚠️ NATIONAL SECURITY BRIEFING RELEASE When a single vendor’s source code breach can jeopardize federal networks, the problem isn’t code — it’s doctrine. Last week’s F5 breach didn’t just expose software. It exposed a systemic flaw in how the U.S. treats trust itself. Every defense system, every command enclave, every data pipeline still assumes vendor integrity — even as adversaries compromise the very companies securing our infrastructure. That’s why I released the National Security Briefing: F5 Breach — Vendor Compromise as a Sovereign Threat Vector. This isn’t another “patch now” bulletin. It’s a doctrinal deconstruction — showing how the Zero Doctrine™ replaces vendor trust with sovereign digital control through air-gapped enclaves, AI assurance, and immutable data authority. 📘 Download the briefing here: 👉 https://lnkd.in/eXapabdH The takeaway is simple: We no longer defend networks. We enforce sovereignty. #ZeroDoctrine #NationalSecurity #CriticalInfrastructure #CyberSovereignty #ZeroTrustIsNotEnough #InterOpsis #AIWarfare #DigitalDominance

F5 Breach: Nation-State Hack Exposes Source Code & Global Infrastructure Risks A suspected state-sponsored attack has breached F5 Networks, compromising source code, customer data, and production systems. With F5 handling 85% of global load balancing, this could expose countless organizations to new zero-day vulnerabilities. Louis Schmidt and I break down how it happened, what’s at risk, and what you should do right now if your infrastructure depends on F5 BIG-IP or related systems. ✅ Learn how to prepare for cascading exploits ✅ Why this breach could redefine patch management and Zero Trust ✅ What AI means for future vulnerability discovery Like, subscribe, and share to stay ahead of the next major exploit. Youtube Episode 10 - https://lnkd.in/eY386-FZ

What separates Managed EDR from just “having EDR”? Telemetry alone doesn’t tell the full story.👇 Certutil fires off. A rogue RMM pops up. A sketchy process tree shows up. Looks bad on paper, but without context, you don’t know if it’s a harmless click… or a scam in progress. That’s where Managed EDR earns its keep. Machines catch the signals. Humans connect the dots: - How did they get in? - How far did it spread? - Who else is at risk? Sometimes that means digging through browser history. Sometimes it’s ripping through event logs to find the first bad login. And sometimes it’s wrecking an attacker mid-play before they steal the goods. Our latest blog breaks down how Managed EDR works, what investigations really look like, and why the “managed” part is the difference between chasing alerts and wrecking hackers: https://okt.to/AYI8Fq

AI is great for flagging, but it stops where the script ends. Our team spotted an active compromise—and an automated system would have just sent an alert email and moved on. But our human SOC team didn't stop. They were relentless, calling every available contact until they got a hold of the person being scammed, because they genuinely have your back. That's the Huntress difference. Sometimes, the best tool is the true human connection and the deep commitment people have to keeping each other safe.

https://lnkd.in/e9Gm9w8q We seem to be in a war where both attack and defence are constantly escalating their use of technology. The risk for organisations is that this may continue to entrench their reliance on technology. It's likely tempting to also centralise and standardise their applications and data so that a consistent security posture can be adopted across the whole enterprise. It's a little like circling the wagons when under attack but risks everything being exposed if an attacker breaks through. In some cases it may make sense to isolate key functions and build a function specific architecture that allows deployment of a much more stringent set of security controls. This may mean going more 'old school' and avoiding certain technologies that, whilst being very convenient to use, also increase the attack surface. Rather than going completely back to pen and paper, there may be some merit in having a core function that is maintained on-prem and isn't externally networked. There'd potentially be an element of swivel chair support where users have a standard networked device and a secure device and they maintain the core system as needed. This isolated system will ideally contain enough information to switch to a manual process providing skeleton support for core functions whilst the main system is brought back online. Ultimately, a tech battle is likely to be an unwinnable war of attrition and we might have to get more creative in the ways that we preserve core functions in the event that we succumb to an attack, rather than simply relying on enterprise level defence and recovery.

Bold warning: Federal networks risk full takeover. “We see remote code execution that sticks after reboot,” said an insider. Holy sh-t moment: Cisco ASA zero-days let attackers control networks invisibly. Lessons to learn: - Emergency Directive 25-03 orders immediate patching. - F5 flaws let attackers steal creds and move laterally. - GeoServer and Windows SMB vulnerabilities exploited widely. - Sophisticated nation-states target U.S. tech supply chains. - New laws force contractors to disclose vulnerabilities. This isn’t normal patching. It’s about stopping your network from becoming a puppet. Want the step-by-step? Comment “SYSTEMS.” ⚡

F5 Breach: Nation-State Hack Exposes Source Code & Global Infrastructure Risks A suspected state-sponsored attack has breached F5 Networks, compromising source code, customer data, and production systems. With F5 handling 85% of global load balancing, this could expose countless organizations to new zero-day vulnerabilities. Louis Schmidt and I break down how it happened, what’s at risk, and what you should do right now if your infrastructure depends on F5 BIG-IP or related systems. ✅ Learn how to prepare for cascading exploits ✅ Why this breach could redefine patch management and Zero Trust ✅ What AI means for future vulnerability discovery Like, subscribe, and share to stay ahead of the next major exploit. Youtube Episode 10 - https://lnkd.in/eY386-FZ Follow us: IT SPARC Cast — @ITSPARCCast on X | https://lnkd.in/eAb-MqQH John Barger — @john_Video on X | https://lnkd.in/eBMSmYNr Lou Schmidt — @loudoggeek on X | https://lnkd.in/eEsfnJGf

Patching shouldn’t be painful or pointless. With Falcon for IT, we’re turning patching into a smart, safe, and streamlined operation. Risk-based Patching prioritizes the vulnerabilities adversaries are actually exploiting, powered by ExPRT•AI and live threat intel from CrowdStrike. 💡 Pre-deployment Safety Scores help you patch with confidence. No more breaking business-critical systems. ⚡ Adaptive scheduling + ring-based rollouts mean updates happen when they should without disrupting users. 🛡️ Security and IT now operate from the same console, closing the “find-to-fix” gap in real time. https://lnkd.in/eJf7FRNN

Patching shouldn’t be painful or pointless. With Falcon for IT, we’re turning patching into a smart, safe, and streamlined operation. Risk-based Patching prioritizes the vulnerabilities adversaries are actually exploiting, powered by ExPRT•AI and live threat intel from CrowdStrike. 💡 Pre-deployment Safety Scores help you patch with confidence. No more breaking business-critical systems. ⚡ Adaptive scheduling + ring-based rollouts mean updates happen when they should without disrupting users. 🛡️ Security and IT now operate from the same console, closing the “find-to-fix” gap in real time. https://lnkd.in/gCGSbypD