Cybersecurity insights for small businesses and MSPs.
David Matousek recently published a threat model for OpenClaw that stopped me mid-scroll. Not because it was wrong — but because he was right, and we're already building the answer. His three question...
Read More →You enabled multi-factor authentication. You trained your employees on phishing. You checked the boxes. And now a threat actor is sitting inside your Microsoft 365 tenant — authenticated, legitimate-l...
Read More →Yesterday, Oscar Six Security had the privilege of co-sponsoring the GoCyber Collective Cyber Insurance Summit in Dayton, Ohio — alongside Taft Stettinius & Hollister LLP. It was a well-run event focu...
Read More →On March 11, 2026, a global medical technology company sent thousands of employees home — not because of a weather emergency or a power outage, but because Iran-linked hackers had wiped their devices...
Read More →Imagine waking up to a $82,314 cloud bill — for a service you barely use. That's exactly what happened to a developer who shared their story on Reddit. They had accidentally pushed an API key to a pub...
Read More →A thread on r/cybersecurity hit a nerve recently. The post — titled 'To every manager who thinks they have AI under control' — described a scenario playing out in offices everywhere: employees quietly...
Read More →It happened two weeks after phishing awareness training wrapped up. A well-meaning employee received a suspicious email, wanted to do the right thing, and forwarded it company-wide with a simple quest...
Read More →Two weeks after completing phishing awareness training, an employee at a small business received a suspicious email. Instead of reporting it through the proper channel, they forwarded it company-wide...
Read More →You Trusted Your Security Vendor. What If That Was the Vulnerability? Most small businesses and government contractors think about cybersecurity in a straightforward way: you buy a firewall, you insta...
Read More →TL;DR: AI assistants can now buy and run security scans on their own through Oscar Six Radar. If you use AI tools to manage IT, they can talk directly to our scanner — no human in the loop required. D...
Read More →Your Client's Employee Just Shipped an App. Nobody Reviewed the Code. It starts innocently enough. A motivated employee — maybe the owner's son, maybe someone in ops who's "good with computers" — disc...
Read More →We've been quiet for the past few weeks, running Radar through a closed beta with real businesses. Today we're opening the doors. Radar is live. And for a limited time, you can run your first vulnerab...
Read More →The Amazon Kiro incident that caused a 13-hour AWS outage wasn't just a one-off mistake—it's part of a disturbing pattern of AI agents breaking free from their intended constraints and wreaking havoc...
Read More →MSPs are sounding the alarm: professional services clients are increasingly adopting unauthorized tools without IT approval, creating a shadow IT crisis that's putting entire organizations at risk. Wh...
Read More →We Built a Scanner. Now We Need Real-World Feedback. Radar is our vulnerability scanning tool, and it's in beta. We're looking for MSPs and small business owners to put it through its paces — free of...
Read More →You've spent years building relationships with your clients, understanding their IT environments inside and out. Then comes the dreaded call: "We're being acquired, and the new owners want a complete...
Read More →Picture this: A new employee walks into your office on day three and demands "full server access" because they "need to understand how everything works." Sound familiar? If you're an MSP or small busi...
Read More →Understanding the FTC Safeguards Rule If you handle customer financial information, the FTC Safeguards Rule likely applies to your business. Originally designed for traditional financial institutions,...
Read More →The ChatGPT Data Leak Reality Check That MSP's question about whether clients are actually leaking customer data into ChatGPT? The answer just got a lot clearer – and more concerning. Recent research...
Read More →SSL Certificate Management: Why 45-Day Certificates Demand Automation Now If you're still manually renewing SSL certificates, you're about to face a major problem. Let's Encrypt is moving to 45-day ce...
Read More →The Breach That Came From Inside the Tenant A recent story making rounds in IT circles should make every small business owner pause: an organization discovered that attackers had infiltrated their Mic...
Read More →The Moment Everything Changes It usually happens quietly. Your small business lands a bigger client. You sign a contract with a healthcare provider, a government agency, or a larger enterprise. Sudden...
Read More →The Growing Problem with Self-Hosted RMM Tools If you manage IT infrastructure for multiple clients, you've likely heard the horror stories—or worse, lived them. Self-hosted Remote Monitoring and Mana...
Read More →The Federal Safety Net Is Shrinking If you've been following cybersecurity news, you've likely heard rumblings about significant changes at NIST (National Institute of Standards and Technology) and th...
Read More →What Is CMMC Level 1 and Why Should You Care? If you're a small business working with the Department of Defense—or hoping to—you've probably heard whispers about CMMC. The Cybersecurity Maturity Model...
Read More →The Pricing Confusion Is Real If you've ever requested quotes for penetration testing, you've probably experienced sticker shock—and confusion. One vendor quotes $3,000, another quotes $25,000, and a...
Read More →The MSP Security Paradox There's an uncomfortable truth in the managed services world: the companies responsible for securing dozens of client networks often neglect their own infrastructure. It's the...
Read More →What Just Happened with the Cisco Zero-Day? On January 21st, Cisco confirmed that CVE-2026-20045—a critical vulnerability in their HTTP web services—is being actively exploited in the wild. CISA immed...
Read More →The Premium Problem Cyber insurance premiums are skyrocketing. Carriers are tired of paying out ransomware claims for companies that had open RDP ports or unpatched VPN concentrators. To get coverage...
Read More →The Audit Nightmare It’s 9 AM. The auditor just walked in. They want to see your vulnerability scans from the last quarter. You scramble to find the PDF from that expensive consultant you hired three...
Read More →We're here to change the game. For too long, cybersecurity has been a luxury good. If you weren't a Fortune 500 company with a million-dollar budget, you were left behind—or worse, sold "lite" version...
Read More →