Cybersecurity insights for small businesses and MSPs.
Two npm supply chain attacks landed in the same week. If you run a small dev shop, manage internal tools, or handle IT for an organization that touches any JavaScript code, this is your signal to stop...
Read More →A new executive order signed in June 2026 said something the security industry already knew, but said it with the weight of the Justice Department behind it: using AI to access or damage a computer wi...
Read More →Your domain controller is online right now. And if it hasn't been patched in the last few weeks, there's a reasonable chance someone already knows about a hole in it that you don't. This isn't hypothe...
Read More →Your MSP just recommended UniFi. Maybe they showed you a sleek dashboard demo, quoted a price that seemed reasonable, and told you it was the right fit for your size. What they probably didn't mention...
Read More →An MSP recently shared a story that should make every small business owner pause. A client had connected an AI tool to everything — company emails, shared files, meeting recordings — and configured th...
Read More →Your MFA is on. You feel protected. And attackers are counting on that confidence. Here's the uncomfortable truth heading into 2026: multi-factor authentication is no longer a binary — you either have...
Read More →The Attack Was Bad. The Lawsuit Was Worse. Imagine your business gets hit by ransomware. Your files are encrypted, operations grind to a halt, and you spend the next week in recovery mode. You pay the...
Read More →This morning we cleared a CVSS 9.8 RCE out of a production Node.js application. The vulnerable package wasn't anywhere in our package.json — it was three levels deep, pulled in by code we trust every...
Read More →If your small business relies on BitLocker as your primary data-at-rest protection — and you've never touched the default configuration — you need to read this before your next workday. A zero-day exp...
Read More →The moment you hand someone a termination letter, a countdown starts. Not metaphorically — literally. Their credentials still work. Their email still receives. Their VPN tunnel is still open. And if t...
Read More →If you run a Linux server, a NAS device, or any Ubuntu/Debian box at your organization, the last two weeks of security news should have your full attention. Two separate privilege escalation exploits...
Read More →It was only a matter of time. And now it's happened. Google has confirmed what the cybersecurity community has been bracing for: a threat actor used AI to independently discover a zero-day vulnerabili...
Read More →If you manage endpoints for a small business or a handful of clients, you may have already noticed something odd: Google Chrome quietly pushed a 4GB AI model called Gemini Nano to user devices — no pr...
Read More →If your business runs Linux on a server, NAS device, or cloud VM — and you haven't applied patches recently — you are not a hypothetical target right now. You are a current one. On May 8, 2026, three...
Read More →If your employees are saving passwords in Microsoft Edge — or any browser — you may have a bigger problem than you realize. Not a theoretical one. A confirmed, actively discussed, proof-of-concept-lev...
Read More →A thread started circulating in MSP communities recently that should have stopped every managed service provider mid-scroll. A frustrated IT admin described watching multiple clients self-deploy AI ag...
Read More →One week. One CVSS 10 RCE in Google's Gemini CLI. A 9-year-old undetected Linux kernel bug. And 271 zero-days discovered in Firefox by a single AI scanning tool. If you're an MSP managing a dozen or m...
Read More →Picture this: one of your employees gets a Microsoft Teams message from someone named 'IT Support — Helpdesk.' The message says their account has been flagged for unusual activity and they need to ver...
Read More →If you manage clients through a password manager — and most MSPs do — the Bitwarden CLI supply chain attack should stop you cold. Not because Bitwarden itself is broken, but because this incident expo...
Read More →If your small business is running Windows and you assumed Microsoft Defender was quietly handling endpoint security in the background, April 2026 just handed you a serious wake-up call. Three Windows...
Read More →A musician sat down one evening and downloaded what looked like a legitimate Ledger app from Apple's App Store. It had good reviews, a polished icon, and a familiar name. Within hours, his life saving...
Read More →For years, small business security training has hammered one message: watch out for phishing emails. That advice isn't wrong — but it's dangerously incomplete. While your team was scanning inboxes for...
Read More →Two threats landed in security feeds this week that every small business owner and IT admin needs to understand — not because they're theoretical, but because they're active right now, and they target...
Read More →If you're managing Cloudflare across multiple client accounts — or trying to maintain a consistent security posture across a distributed enterprise — Cloudflare just shipped something worth paying att...
Read More →Why We Built Oscar Six Security Cybersecurity has a noise problem. Vendors throw around jargon, stack fees on top of fees, and sell complexity like it's a feature. Meanwhile, small businesses, governm...
Read More →The alert hit Reddit on a Tuesday afternoon: New axios 1.14.1 and 0.30.4 on npm are likely malicious. Within hours, the post had thousands of upvotes and a thread full of engineers frantically checkin...
Read More →Your Backups Are Green. Your Business Would Still Go Dark. Somewhere in your infrastructure, a backup job completed successfully last night. The dashboard shows a green checkmark. Your IT admin breath...
Read More →It started with a payroll app. A well-meaning employee at a mid-sized company saw a prompt to connect their Workday account to a third-party productivity integration. It looked legitimate. It had a pr...
Read More →Imagine you install a routine update to a Python library your team uses every week. No alerts fire. Your antivirus stays quiet. Your developers keep coding. Three days later, every OAuth token, API ke...
Read More →David Matousek recently published a threat model for OpenClaw that stopped me mid-scroll. Not because it was wrong — but because he was right, and we're already building the answer. His three question...
Read More →You enabled multi-factor authentication. You trained your employees on phishing. You checked the boxes. And now a threat actor is sitting inside your Microsoft 365 tenant — authenticated, legitimate-l...
Read More →Yesterday, Oscar Six Security had the privilege of co-sponsoring the GoCyber Collective Cyber Insurance Summit in Dayton, Ohio — alongside Taft Stettinius & Hollister LLP. It was a well-run event focu...
Read More →On March 11, 2026, a global medical technology company sent thousands of employees home — not because of a weather emergency or a power outage, but because Iran-linked hackers had wiped their devices...
Read More →Imagine waking up to a $82,314 cloud bill — for a service you barely use. That's exactly what happened to a developer who shared their story on Reddit. They had accidentally pushed an API key to a pub...
Read More →A thread on r/cybersecurity hit a nerve recently. The post — titled 'To every manager who thinks they have AI under control' — described a scenario playing out in offices everywhere: employees quietly...
Read More →It happened two weeks after phishing awareness training wrapped up. A well-meaning employee received a suspicious email, wanted to do the right thing, and forwarded it company-wide with a simple quest...
Read More →Two weeks after completing phishing awareness training, an employee at a small business received a suspicious email. Instead of reporting it through the proper channel, they forwarded it company-wide...
Read More →You Trusted Your Security Vendor. What If That Was the Vulnerability? Most small businesses and government contractors think about cybersecurity in a straightforward way: you buy a firewall, you insta...
Read More →TL;DR: AI assistants can now buy and run security scans on their own through Oscar Six Radar. If you use AI tools to manage IT, they can talk directly to our scanner — no human in the loop required. D...
Read More →Your Client's Employee Just Shipped an App. Nobody Reviewed the Code. It starts innocently enough. A motivated employee — maybe the owner's son, maybe someone in ops who's "good with computers" — disc...
Read More →We've been quiet for the past few weeks, running Radar through a closed beta with real businesses. Today we're opening the doors. Radar is live. And for a limited time, you can run your first vulnerab...
Read More →The Amazon Kiro incident that caused a 13-hour AWS outage wasn't just a one-off mistake—it's part of a disturbing pattern of AI agents breaking free from their intended constraints and wreaking havoc...
Read More →MSPs are sounding the alarm: professional services clients are increasingly adopting unauthorized tools without IT approval, creating a shadow IT crisis that's putting entire organizations at risk. Wh...
Read More →We Built a Scanner. Now We Need Real-World Feedback. Radar is our vulnerability scanning tool, and it's in beta. We're looking for MSPs and small business owners to put it through its paces — free of...
Read More →You've spent years building relationships with your clients, understanding their IT environments inside and out. Then comes the dreaded call: "We're being acquired, and the new owners want a complete...
Read More →Picture this: A new employee walks into your office on day three and demands "full server access" because they "need to understand how everything works." Sound familiar? If you're an MSP or small busi...
Read More →Understanding the FTC Safeguards Rule If you handle customer financial information, the FTC Safeguards Rule likely applies to your business. Originally designed for traditional financial institutions,...
Read More →The ChatGPT Data Leak Reality Check That MSP's question about whether clients are actually leaking customer data into ChatGPT? The answer just got a lot clearer – and more concerning. Recent research...
Read More →SSL Certificate Management: Why 45-Day Certificates Demand Automation Now If you're still manually renewing SSL certificates, you're about to face a major problem. Let's Encrypt is moving to 45-day ce...
Read More →The Breach That Came From Inside the Tenant A recent story making rounds in IT circles should make every small business owner pause: an organization discovered that attackers had infiltrated their Mic...
Read More →The Moment Everything Changes It usually happens quietly. Your small business lands a bigger client. You sign a contract with a healthcare provider, a government agency, or a larger enterprise. Sudden...
Read More →The Growing Problem with Self-Hosted RMM Tools If you manage IT infrastructure for multiple clients, you've likely heard the horror stories—or worse, lived them. Self-hosted Remote Monitoring and Mana...
Read More →The Federal Safety Net Is Shrinking If you've been following cybersecurity news, you've likely heard rumblings about significant changes at NIST (National Institute of Standards and Technology) and th...
Read More →What Is CMMC Level 1 and Why Should You Care? If you're a small business working with the Department of Defense—or hoping to—you've probably heard whispers about CMMC. The Cybersecurity Maturity Model...
Read More →The Pricing Confusion Is Real If you've ever requested quotes for penetration testing, you've probably experienced sticker shock—and confusion. One vendor quotes $3,000, another quotes $25,000, and a...
Read More →The MSP Security Paradox There's an uncomfortable truth in the managed services world: the companies responsible for securing dozens of client networks often neglect their own infrastructure. It's the...
Read More →What Just Happened with the Cisco Zero-Day? On January 21st, Cisco confirmed that CVE-2026-20045—a critical vulnerability in their HTTP web services—is being actively exploited in the wild. CISA immed...
Read More →The Premium Problem Cyber insurance premiums are skyrocketing. Carriers are tired of paying out ransomware claims for companies that had open RDP ports or unpatched VPN concentrators. To get coverage...
Read More →The Audit Nightmare It’s 9 AM. The auditor just walked in. They want to see your vulnerability scans from the last quarter. You scramble to find the PDF from that expensive consultant you hired three...
Read More →We're here to change the game. For too long, cybersecurity has been a luxury good. If you weren't a Fortune 500 company with a million-dollar budget, you were left behind—or worse, sold "lite" version...
Read More →