 |
The Gate 15 Podcast ChannelAuthor: Gate 15
The Gate 15 Company is a leader in helping organizations by providing threat-informed, risk-based approaches to analysis, preparedness and operations. Language: en Genres: Government Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
Weekly Security Sprint EP 154. Applying the fundamentals and resilence reporting
Tuesday, 21 April, 2026
On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• TribalHub Regional Tribal Technology Forums• WaterISAC H2OSecCon 2026. Virtual Event: 02 Jun, 11am-5pm ET Overview, Registration, Agenda, Speakers• Offensive AI: What Red Teams and Attackers are Doing Now - Gate 15Main Topics:Vercel April 2026 security incident Vercel 20 Apr 2026. Vercel said it identified unauthorized access to certain internal systems and initially found a limited subset of customers whose credentials were compromised. The company said the incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee, which then enabled takeover of that employee’s Google Workspace account and access to some Vercel environments and non-sensitive-marked environment variables. Vercel said services remain operational, law enforcement has been notified, and customers who were not contacted are not currently believed to have had credentials or personal data compromised. Vercel is a cloud platform used for frontend hosting, serverless functions, and deploying websites, particularly those built with React or Next.js. It enables developers to easily build high-performance, edge-optimized applications. Key features include automatic Git integrations (CI/CD) for instant deployments, preview environments, and edge storage. • Vercel confirms breach as hackers claim to be selling stolen data • Breaking: Vercel Breach Linked to Infostealer Infection at Context.ai • Vercel’s security breach started with malware disguised as Roblox cheatsWiz: 80% of cloud breaches are caused by basic mistakes - IT Pro - 13 Apr 2026 IT Pro reports that Wiz Threat Research found most cloud breaches in 2025 were driven by familiar security mistakes rather than entirely new vulnerability classes, with AI expanding the places where known risks can appear. The article frames the problem around scale, shared trust, and increasingly complex cloud and AI environments rather than exotic attack novelty. Target is cloud security teams, platform engineers, and enterprise risk leaders with Dig highlighting that basic exposure management, identity control, and configuration discipline remain the decisive factors in many modern cloud compromises. Fire As An Act Of Sabotage Guidance UK National Protective Security Authority 25 Sep 2024. The NPSA guidance outlines how to mitigate the risk of deliberate fire-setting used as sabotage against premises and infrastructure that may be attractive targets. Although not new, it remains operationally useful because it provides protective security and risk management guidance for owners and operators responsible for physical sites and critical functions. The relevance is heightened in an environment where sabotage, arson, and hybrid disruption are increasingly discussed alongside state and extremist threat models. From tabletop reality 10 gaps executive cyber exercises consistently reveal - SANS Institute - 2026 This analysis identifies recurring gaps observed during executive cyber exercises, including communication breakdowns and decision-making delays. It highlights the importance of realistic training scenarios to improve organizational readiness. The findings provide actionable insights for strengthening incident response at the leadership level. • Critical infrastructure resilience escalated threat navigation initiative - Canadian Centre for Cyber Security • Preparing for severe cyber threat why leaders must act now - NCSC UK • CISO Survey 2026: The State of Incident Response Readiness Quick Hits:• The State of Ransomware in Q1 2026 - Emsisoft • Safeguarding Our Data, Intellectual Property, and Technology from Non-traditional Collectors
