LMG Security is a top cybersecurity firm providing penetration testing, advisory services, training, & more. Our experts speak at conferences like Black Hat and RSA, and have been featured in The Wall Street Journal, The New York Times, & many other pubs.https://bsky.app/profile/lmgsecurity.bsky.socialhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3mbc6nm4t3r2bA #penetrationtest doesn’t reduce risk if the findings never get fixed. In #breach investigations, we routinely see the same vulnerabilities attackers exploited sitting in old #pentest reports that were marked “accepted” or forgotten. Watch for more: https://www.youtube.com/watch?v=8Iscx--Spjk 31 Dec 2025 15:30 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3mbc6nm4t3r2bhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3mb7l3xxt5k2uFake employees and contractors are forcing orgs to rethink #vendorvetting, hiring security, & identity controls. In today's #CybersideChats episode, we unpack Amazon’s recent incident in which a North Korean IT worker was detected through behavioral anomalies & what to do now. youtu.be/WE8p9I3uUuA30 Dec 2025 14:35 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3mb7l3xxt5k2uhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3mb57oed2fa22Most organizations treat #cloud outages as a rare inconvenience, but #hyperscalers have become #criticalinfrastructure. Watch our video for why cloud monoculture is dangerous and what a realistic diversification and failover strategy should look like. https://www.youtube.com/watch?v=PoK8MWGhzWA 29 Dec 2025 16:05 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3mb57oed2fa22https://bsky.app/profile/lmgsecurity.bsky.social/post/3mb536pumtk2eRussian state-sponsored hackers linked to the #GRU have been targeting Western critical infrastructure for years, not with flashy zero-days, but by abusing misconfigured network edge devices to harvest credentials and persist inside victim systems. https://aws.amazon.com/blogs/security/amazon-threat-intelligence-identifies-russian-cyber-threat-group-targeting-western-critical-infrastructure/ #Cybersecurity29 Dec 2025 14:44 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3mb536pumtk2ehttps://bsky.app/profile/lmgsecurity.bsky.social/post/3maqkbhd7gi2aIn 2026, audit where trust triggers action, not just where users log in. Our blog shares a practical look at why #identity must become a shared, continuous process — not a one-time check. Read it here: https://www.lmgsecurity.com/ai-broke-trust-why-identity-has-to-step-up-in-2026/ #cybersecurity24 Dec 2025 15:10 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3maqkbhd7gi2ahttps://bsky.app/profile/lmgsecurity.bsky.social/post/3manw2zdljs2sMany orgs still check identity once at login. Today on #CybersideChats, learn how #AI driven impersonation has made that model unsafe, and why #authentication has to extend into calls, chats, approvals, & support workflows Video: youtu.be/J0UJSV6wYlI Podcast: https://www.chatcyberside.com/e/when-ai-steals-trust-deepfakes-phishing-and-the-new-identity-crisis/23 Dec 2025 14:03 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3manw2zdljs2shttps://bsky.app/profile/lmgsecurity.bsky.social/post/3malkc5tudc2cThe #holidays are in full swing, and the attackers (and #evilAI tools) have been busy. In this 2-minute video, we show what happened when our team asked #WormGPT, a dark-web #AI with no guardrails, to generate a #holiday scam. https://www.youtube.com/watch?v=YCS75iScU-E #Cybersecurity #Infosec #Phishing22 Dec 2025 15:27 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3malkc5tudc2chttps://bsky.app/profile/lmgsecurity.bsky.social/post/3mae4tjku422gCollaboration tools like Teams, Slack, and Zoom have become prime targets for attackers—and Microsoft’s latest roadmap reflects that shift. If your #security strategy hasn’t caught up with how people actually communicate, this #CybersideChats is worth a listen: https://www.chatcyberside.com/e/collaboration-under-siege-microsoft-s-teams-security-overhaul/19 Dec 2025 16:37 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3mae4tjku422ghttps://bsky.app/profile/lmgsecurity.bsky.social/post/3mabfjeac3r2rMicrosoft’s 2026 #security features highlight a shift many organizations are already experiencing: #collaboration platforms and #identity workflows are now prime attack paths. MOre on our blog: https://www.lmgsecurity.com/5-new-ish-microsoft-security-features-what-they-reveal-about-todays-threats/ 18 Dec 2025 14:35 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3mabfjeac3r2rhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3ma6zepplsc2rA single #cloud outage can disrupt every core system you depend on, which is why #digitalresilience has to extend beyond traditional #businesscontinuity planning. In this quick video, we outline 5 steps every #CISO should prioritize: https://www.youtube.com/watch?v=-fgyWb1dq_g #CloudSecurity #RiskManagement17 Dec 2025 15:52 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3ma6zepplsc2rhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3ma4boi566c2hWhat do Microsoft’s 2026 #security features tell us about how attackers are breaching #collaboration platforms? On this week’s #CybersideChats, Sherri & Matt break down the updates & why they matter. Video: https://www.youtube.com/watch?v=60bYlgCI7zw Podcast: https://www.chatcyberside.com/e/collaboration-under-siege-microsoft-s-teams-security-overhaul/16 Dec 2025 13:43 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3ma4boi566c2hhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m7zw3j43xp2dStart 2026 with one upgrade that pays off immediately: tighten #identityverification. Join Sherri & Matt live on 12/17 as they break down how #AI driven impersonation is changing the rules: https://www.lmgsecurity.com/event/cyberside-chats-live-ai-broke-trust-identity-has-to-step-up-in-2026/ 15 Dec 2025 15:10 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m7zw3j43xp2dhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m7psat6xs72tThink #browserextensions are harmless? Think again. A multi-year campaign turned popular, trusted browser add-ons into #spyware featuring #remotecodeexecution, session hijacking, and more. Read the blog here: https://www.lmgsecurity.com/4-3-million-reasons-to-rethink-browser-extension-security/11 Dec 2025 14:35 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m7psat6xs72thttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m7no3dxh6q2g#AI can spoof your people, processes, and communications. In the next #CybersideChats: Live, Sherri & Matt break down the #identity upgrades every org needs for 2026. Register to join us on 12/17: https://www.lmgsecurity.com/event/cyberside-chats-live-ai-broke-trust-identity-has-to-step-up-in-2026/10 Dec 2025 18:15 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m7no3dxh6q2ghttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m7kwqqlkxk2gMore than 4.3 million users were affected before anyone realized ShadyPanda’s extensions had turned into surveillance tools. Listen to today's #CybersideChats for more: https://www.chatcyberside.com/e/shady-panda-s-browser-backdoor-%E2%80%94-43m-chrome-edge-users-compromised/ Or watch the video: youtu.be/x9AaE94KanM #Security #SessionHijacking #Cybersecurity09 Dec 2025 16:12 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m7kwqqlkxk2ghttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m7id5qvsp22tSpot the #scam! In Sherri Davidoff’s recent NBC Montana and Clearwater Credit Union interview, she & Kyle Rholl explain how #AI driven #voicecloning is being used to impersonate friends and family—and why reacting under pressure is what scammers count on. Full story: https://nbcmontana.com/news/spot-the-scam/spot-the-scam-with-clearwater-credit-union-cyber-security-scams08 Dec 2025 15:16 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m7id5qvsp22thttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m7asxexhos2uWhen #insider incidents can hit even the most #security focused companies, it forces every organization to reconsider how much “trust” is built into their workflows. More on our blog: https://www.lmgsecurity.com/betrayed-from-within-the-modern-insider-attack/ or podcast: https://www.chatcyberside.com/e/when-security-fails-crowdstrike-insider-leaks-and-the-threat-within/ #insiderthreat #cybersecurity05 Dec 2025 15:37 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m7asxexhos2uhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m76ahk3aqe2fInsider threats are rising fast. LMG analyzes the latest cases — CrowdStrike, DigitalMint, Tesla & more — and what organizations can do now to reduce #risk. Read: https://www.lmgsecurity.com/betrayed-from-within-the-modern-insider-attack/ #InsiderThreat #DataProtection #CompanyCulture04 Dec 2025 15:01 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m76ahk3aqe2fhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m73saclmpk2jRecovery times are improving, and the rise of truly immutable #backups is a major reason why. Watch as we break down what “immutable” actually means, why it matters for #ransomware resilience, and how proactive planning accelerates recovery. https://www.youtube.com/watch?v=XgdPWZ5OKB0 #DataRecovery #BCDR03 Dec 2025 15:41 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m73saclmpk2jhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m6zai77vkk2qInsider threats aren’t theoretical anymore—they’re happening inside orgs just like yours. This week on #CybersideChats, we break down insider cases from #CrowdStrike, #DigitalMint, & others, and share strategies to reduce your org's risk. youtu.be/s7QW_BkkAvM #InsiderThreats #Cybersecurity02 Dec 2025 15:18 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m6zai77vkk2qhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m6pizzmylk2n75% percent of #manufacturers are carrying critical OT #vulnerabilities, often buried inside proprietary equipment and aging software that keeps production moving but limits security options. Sherri Davidoff and Matt Durrin share more in this quick video: https://www.youtube.com/watch?v=cETaSkOb5kw 28 Nov 2025 18:25 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m6pizzmylk2nhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m6myc7eyow25This Thanksgiving, we’re feeling grateful for the clients, partners, and colleagues who make our work meaningful all year long. Thank you for the conversations, the collaboration, and the chance to tackle big challenges together. Wishing everyone a happy and restful holiday. 27 Nov 2025 18:20 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m6myc7eyow25https://bsky.app/profile/lmgsecurity.bsky.social/post/3m6kac2kumk2pChinese-made #IoT devices are turning up with hidden radios, undocumented modems, and opaque update channels—and organizations need faster ways to assess the risk. More on our blog: https://www.lmgsecurity.com/made-in-china-hacked-everywhere-what-organizations-need-to-know-now/ #SupplyChainSecurity26 Nov 2025 16:05 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m6kac2kumk2phttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m6homlzwys2kA single “smart” device can quietly tunnel out of your network. Today on #CybersideChats: real-world scenarios where hidden radios, #cloud paths, and offshore update servers slipped in through routine #hardware purchases. Listen: https://www.chatcyberside.com/e/chinas-hidden-backdoors-buses-cranes-and-critical-infrastructure/ Watch: youtu.be/WYq6YTqanA425 Nov 2025 15:43 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m6homlzwys2khttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m6f5oeejek2y#MFA alone isn’t enough if attackers can exploit fatigue prompts or weak fallback options. In this 1-minute video, we break down the most common gaps. https://www.youtube.com/watch?v=x290l-EAo8Q #Cybersecurity #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices24 Nov 2025 15:35 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m6f5oeejek2yhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m65snbgzas2c#Holiday season scams now hit businesses as hard as consumers. This checklist highlights practical steps #security teams can take now—from enforcing strong #MFA to tuning #botdetection rules & more: https://www.lmgsecurity.com/resources/holiday-fraud-defense-checklist/ #Cybersecurity #FraudPrevention #DNSFiltering #BYOD #Phishing21 Nov 2025 17:29 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m65snbgzas2chttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m5ysbncrqj2dAttackers are now using #maliciousAI to launch #holidayscams at scale. We just published a breakdown of this year’s AI-driven holiday #fraud surge—plus an actionable checklist: https://www.lmgsecurity.com/holiday-hackers-how-ai-is-supercharging-seasonal-fraud-and-what-your-organization-must-do-now/ 19 Nov 2025 17:39 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m5ysbncrqj2dhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m5vtk62nv22b#AI driven #fraud is hitting holiday shoppers at machine speed. Today on #CybersideChats, Sherri & Matt discuss how #phishing kits, prebuilt configs, and bot-driven takeovers enable #CredentialAbuse. Podcast: https://www.chatcyberside.com/e/holiday-hack-alert-ai-bots-phishing-and-the-gift-card-scam-surge/ Video: youtu.be/TpMD5v5JUNc #Cybersecurity18 Nov 2025 13:23 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m5vtk62nv22bhttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m5tljpoqgk2wWhen #security assessments leak, the fallout can eclipse the incident. In our latest #CybersideChats on the #Louvre heist, we dig into how exposed #audit findings fueled scrutiny. Listen to hear how a seven-minute #robbery turned into a reputational firestorm: https://www.chatcyberside.com/e/louvre-heist-exposed-how-weak-tech-old-passwords-invited-the-theft/17 Nov 2025 15:55 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m5tljpoqgk2whttps://bsky.app/profile/lmgsecurity.bsky.social/post/3m5lubbkjif2pYour #network may be locked down—but what about the circuitry inside your devices? Join us on November 19th for Cyberside Chats: Live! on how #hardware choices and opaque sourcing can introduce #risk + steps to spot red flags. https://www.lmgsecurity.com/event/cyberside-chats-live-november-2025/14 Nov 2025 14:10 +0000at://did:plc:f2x7d52vxa3juswdsefsa3bc/app.bsky.feed.post/3m5lubbkjif2p