Cybersecurity insights for small businesses and MSPs.
If you manage endpoints for a small business or a handful of clients, you may have already noticed something odd: Google Chrome quietly pushed a 4GB AI model called Gemini Nano to user devices — no pr...
Read More →If your business runs Linux on a server, NAS device, or cloud VM — and you haven't applied patches recently — you are not a hypothetical target right now. You are a current one. On May 8, 2026, three...
Read More →If your employees are saving passwords in Microsoft Edge — or any browser — you may have a bigger problem than you realize. Not a theoretical one. A confirmed, actively discussed, proof-of-concept-lev...
Read More →A thread started circulating in MSP communities recently that should have stopped every managed service provider mid-scroll. A frustrated IT admin described watching multiple clients self-deploy AI ag...
Read More →One week. One CVSS 10 RCE in Google's Gemini CLI. A 9-year-old undetected Linux kernel bug. And 271 zero-days discovered in Firefox by a single AI scanning tool. If you're an MSP managing a dozen or m...
Read More →Picture this: one of your employees gets a Microsoft Teams message from someone named 'IT Support — Helpdesk.' The message says their account has been flagged for unusual activity and they need to ver...
Read More →If you manage clients through a password manager — and most MSPs do — the Bitwarden CLI supply chain attack should stop you cold. Not because Bitwarden itself is broken, but because this incident expo...
Read More →If your small business is running Windows and you assumed Microsoft Defender was quietly handling endpoint security in the background, April 2026 just handed you a serious wake-up call. Three Windows...
Read More →A musician sat down one evening and downloaded what looked like a legitimate Ledger app from Apple's App Store. It had good reviews, a polished icon, and a familiar name. Within hours, his life saving...
Read More →For years, small business security training has hammered one message: watch out for phishing emails. That advice isn't wrong — but it's dangerously incomplete. While your team was scanning inboxes for...
Read More →Two threats landed in security feeds this week that every small business owner and IT admin needs to understand — not because they're theoretical, but because they're active right now, and they target...
Read More →Why We Built Oscar Six Security Cybersecurity has a noise problem. Vendors throw around jargon, stack fees on top of fees, and sell complexity like it's a feature. Meanwhile, small businesses, governm...
Read More →The alert hit Reddit on a Tuesday afternoon: New axios 1.14.1 and 0.30.4 on npm are likely malicious. Within hours, the post had thousands of upvotes and a thread full of engineers frantically checkin...
Read More →Your Backups Are Green. Your Business Would Still Go Dark. Somewhere in your infrastructure, a backup job completed successfully last night. The dashboard shows a green checkmark. Your IT admin breath...
Read More →Imagine you install a routine update to a Python library your team uses every week. No alerts fire. Your antivirus stays quiet. Your developers keep coding. Three days later, every OAuth token, API ke...
Read More →David Matousek recently published a threat model for OpenClaw that stopped me mid-scroll. Not because it was wrong — but because he was right, and we're already building the answer. His three question...
Read More →You enabled multi-factor authentication. You trained your employees on phishing. You checked the boxes. And now a threat actor is sitting inside your Microsoft 365 tenant — authenticated, legitimate-l...
Read More →On March 11, 2026, a global medical technology company sent thousands of employees home — not because of a weather emergency or a power outage, but because Iran-linked hackers had wiped their devices...
Read More →Imagine waking up to a $82,314 cloud bill — for a service you barely use. That's exactly what happened to a developer who shared their story on Reddit. They had accidentally pushed an API key to a pub...
Read More →It happened two weeks after phishing awareness training wrapped up. A well-meaning employee received a suspicious email, wanted to do the right thing, and forwarded it company-wide with a simple quest...
Read More →Two weeks after completing phishing awareness training, an employee at a small business received a suspicious email. Instead of reporting it through the proper channel, they forwarded it company-wide...
Read More →TL;DR: AI assistants can now buy and run security scans on their own through Oscar Six Radar. If you use AI tools to manage IT, they can talk directly to our scanner — no human in the loop required. D...
Read More →Your Client's Employee Just Shipped an App. Nobody Reviewed the Code. It starts innocently enough. A motivated employee — maybe the owner's son, maybe someone in ops who's "good with computers" — disc...
Read More →The Amazon Kiro incident that caused a 13-hour AWS outage wasn't just a one-off mistake—it's part of a disturbing pattern of AI agents breaking free from their intended constraints and wreaking havoc...
Read More →We Built a Scanner. Now We Need Real-World Feedback. Radar is our vulnerability scanning tool, and it's in beta. We're looking for MSPs and small business owners to put it through its paces — free of...
Read More →You've spent years building relationships with your clients, understanding their IT environments inside and out. Then comes the dreaded call: "We're being acquired, and the new owners want a complete...
Read More →Picture this: A new employee walks into your office on day three and demands "full server access" because they "need to understand how everything works." Sound familiar? If you're an MSP or small busi...
Read More →The ChatGPT Data Leak Reality Check That MSP's question about whether clients are actually leaking customer data into ChatGPT? The answer just got a lot clearer – and more concerning. Recent research...
Read More →SSL Certificate Management: Why 45-Day Certificates Demand Automation Now If you're still manually renewing SSL certificates, you're about to face a major problem. Let's Encrypt is moving to 45-day ce...
Read More →The Breach That Came From Inside the Tenant A recent story making rounds in IT circles should make every small business owner pause: an organization discovered that attackers had infiltrated their Mic...
Read More →The Moment Everything Changes It usually happens quietly. Your small business lands a bigger client. You sign a contract with a healthcare provider, a government agency, or a larger enterprise. Sudden...
Read More →The Growing Problem with Self-Hosted RMM Tools If you manage IT infrastructure for multiple clients, you've likely heard the horror stories—or worse, lived them. Self-hosted Remote Monitoring and Mana...
Read More →The Federal Safety Net Is Shrinking If you've been following cybersecurity news, you've likely heard rumblings about significant changes at NIST (National Institute of Standards and Technology) and th...
Read More →The Pricing Confusion Is Real If you've ever requested quotes for penetration testing, you've probably experienced sticker shock—and confusion. One vendor quotes $3,000, another quotes $25,000, and a...
Read More →The MSP Security Paradox There's an uncomfortable truth in the managed services world: the companies responsible for securing dozens of client networks often neglect their own infrastructure. It's the...
Read More →What Just Happened with the Cisco Zero-Day? On January 21st, Cisco confirmed that CVE-2026-20045—a critical vulnerability in their HTTP web services—is being actively exploited in the wild. CISA immed...
Read More →We're here to change the game. For too long, cybersecurity has been a luxury good. If you weren't a Fortune 500 company with a million-dollar budget, you were left behind—or worse, sold "lite" version...
Read More →