Citizen Lab reported that Hungarian law enforcement used ad data to track hundreds of millions of devices globally. Not backdoor. Just ad data that was already being collected and sold. Personally, I use DuckDuckGo Search & Tracker Protection to battle exactly this.

At the same time, Google rolled out Device Bound Session Credentials (DBSC) in Chrome. In simple terms, Google is trying to make stolen session cookies useless. If companies like Google make a change like this, session theft is no longer theoretical.

And then there's the GlassWorm campaign. A new variant uses a Zig-based dropper to directly infect developer IDEs, such as VS Code.

Different techniques, same direction. Attackers abusing identity and trust.

Curious how others see this.

Are you still focused on infrastructure… or shifted focus towards identity and zero trust?

Oh, wait, have you updated your Chrome? 👀

;

Join my LinkedIn and Telegram blogs for deeper insights.