Kyanite Blue Blog
Threat intelligence, compliance guidance, and practical security insights from the team that manages your security stack.
Featured
This Week in Cybersecurity: The Supply Chain Is the Attack Surface (30 March – 5 April 2026)
This week confirmed what threat teams have been warning about for years: the supply chain is not a secondary concern — it is the primary attack surface. From North Korean social engineering on npm to 29 million hardcoded secrets leaking on GitHub, attackers are not breaking through your perimeter. They are walking in through your dependencies.
Ransomware Attack: What to Do in the First 24 Hours (UK Guide)
The first 24 hours after a ransomware attack determine whether the incident costs you thousands or millions. This UK-specific guide covers exactly what to do, who to notify, and what mistakes to avoid.
Hadrian Review 2026: Attack Surface Management That Thinks Like an Attacker
We have deployed Hadrian across our managed security client base. This is our honest, partner-perspective review of the platform — what it does exceptionally well, where it fits, and who should use it.
All Posts
AI Security Budgets Are Growing — But Not Fast Enough
Security budgets edged upward in 2025, yet AI has become a standard part of security operations before most organisations have the tools or headcount to match it. The 2026 RH-ISAC CISO Benchmark reveals a widening gap between expectation and resource. Here is what that means for security leaders managing real risk on constrained budgets.
Kyanite Blue Labs · 6 Apr 2026Enterprise Wireless Security Is Failing — Here's Why
Enterprise wireless networks are expanding fast, but security investment isn't keeping pace with the threats. The 2026 Cisco State of Wireless report reveals rising incident rates, spiralling costs, and a talent gap that attackers are already exploiting. Here's what that means in practice.
Kyanite Blue Labs · 6 Apr 2026Why Your 2FA App Choice Is a Security Decision
Two-factor authentication is now table stakes for account security, but the app you use to generate those codes matters more than most organisations realise. From cloud sync risks to closed-source opacity, here's what to look for — and what to avoid.
Kyanite Blue Labs · 6 Apr 2026Residential Proxies Are Breaking IP Reputation Defences
GreyNoise recorded 4 billion malicious sessions in 90 days, all routed through ordinary residential and mobile IP addresses. When attack traffic looks identical to legitimate user traffic at the network layer, IP reputation tools stop being useful. Here is what that means for your defences.
Kyanite Blue Labs · 6 Apr 2026AI in Cybersecurity: Separating the Hype from What Actually Works
Every cybersecurity vendor in 2026 claims to be "AI-powered." Most are bolting a large language model onto an existing product and calling it innovation. Here is what AI actually does well in security — and what is just marketing.
Max · 6 Apr 2026Device Code Phishing Is Up 37x: What UK and NZ Businesses Need to Know
Device code phishing attacks have increased more than 37 times in 2025, exploiting a legitimate OAuth 2.0 authentication flow to hijack accounts without ever needing a password. MFA does not stop it. Email filters do not catch it. Here is what your business needs to understand.
Kyanite Blue Labs · 5 Apr 2026This Week in Cybersecurity: The Supply Chain Is the Attack Surface (30 March – 5 April 2026)
This week confirmed what threat teams have been warning about for years: the supply chain is not a secondary concern — it is the primary attack surface. From North Korean social engineering on npm to 29 million hardcoded secrets leaking on GitHub, attackers are not breaking through your perimeter. They are walking in through your dependencies.
Kyanite Blue Labs · 5 Apr 2026Axios npm Hack: How North Korea Hijacked an Open-Source Maintainer
North Korean threat actors compromised the Axios npm package by socially engineering one of its maintainers with a fake Microsoft Teams error message. The incident exposes a systemic weakness in how organisations manage open-source dependencies and third-party developer access — one that affects every business running JavaScript at scale.
Kyanite Blue Labs · 5 Apr 2026CVE-2026-35616: Why FortiClient EMS Is Being Patched Under Fire
Fortinet has issued an emergency out-of-band patch for a critical pre-authentication vulnerability in FortiClient EMS — and attackers were already exploiting it before the fix arrived. Here's what the flaw does, who's at risk, and what your security stack should be doing about exposed attack surfaces like this one.
Kyanite Blue Labs · 5 Apr 202636 Fake npm Packages Hijacked Strapi to Plant Persistent Backdoors
Attackers hid 36 malicious packages inside the npm registry, disguised as legitimate Strapi CMS plugins. Each package quietly exploited Redis and PostgreSQL, harvested credentials, and dropped a persistent implant — all triggered the moment a developer ran npm install.
Kyanite Blue Labs · 5 Apr 2026Supply Chain Attacks in 2026: What Changed After MOVEit, SolarWinds, and xz-utils
SolarWinds compromised 18,000 organisations through a single update. MOVEit breached 2,600 companies through one vulnerability. The xz-utils backdoor was almost baked into every Linux system on earth. Supply chain attacks are the defining threat of this decade.
Max · 5 Apr 2026Robocall Fraud: When Telecoms Become Threat Infrastructure
The FCC has proposed a $4.5 million fine against US voice provider Voxbeam for routing suspicious foreign call traffic that enabled financial impersonation robocalls. The case reveals a pattern that extends far beyond American telecoms — dormant accounts, weak verification, and third-party infrastructure are a liability for any organisation that relies on external providers.
Kyanite Blue Labs · 4 Apr 2026LinkedIn's Browser Fingerprinting: What BrowserGate Means for Your Business
Researchers have revealed that LinkedIn runs hidden JavaScript on its website to scan visitors' browsers for over 6,000 installed Chrome extensions and harvest device data — a practice now dubbed 'BrowserGate'. This isn't just a privacy story. It's a warning about how much any website can learn about your employees' browsers, and what that data could mean in the wrong hands.
Kyanite Blue Labs · 4 Apr 2026App Privacy Labels Are Broken — Here's What That Means for Your Business
Privacy nutrition labels on mobile apps were supposed to give users clear, honest information about how their data is collected and shared. Research shows they frequently do neither. Here is what the gap between promise and reality means for organisations that deploy or rely on mobile applications.
Kyanite Blue Labs · 4 Apr 2026Cloud Storage Performance: What the Numbers Actually Mean for Security
Backblaze has published independent performance benchmarks comparing AWS S3, Cloudflare R2, Wasabi, and its own B2 storage across two regions. The data is unusually candid. But performance figures alone miss the question that matters most to security teams: what happens to your data when it leaves your control?
Kyanite Blue Labs · 4 Apr 2026Multi-Agent AI Systems: The Attack Surface Nobody's Talking About
AI agents are being deployed faster than security teams can assess them. Research from Palo Alto Networks' Unit 42 reveals that multi-agent systems on Amazon Bedrock carry attack surfaces that traditional security controls simply don't cover. Here's what that means for businesses building or buying AI-powered tools.
Kyanite Blue Labs · 4 Apr 2026Managed Security vs DIY: The True Cost Comparison
The sticker price of security tools tells you almost nothing about the true cost of managing them. When you factor in staff time, training, alert fatigue, and incident response, DIY security is rarely the bargain it appears.
David · 4 Apr 2026Cybersecurity Product Trends: What March 2026 Reveals
A wave of new cybersecurity products launched in March 2026 points to three converging pressures: unmanaged attack surfaces, third-party exposure, and the persistent gap between detection and response. Here's what the market is actually telling us — and what it means for your security posture.
Kyanite Blue Labs · 3 Apr 2026Digital Trust Is Dying by a Thousand Login Screens
Every clunky sign-up form and repeated MFA prompt chips away at user confidence. The 2026 Thales Digital Trust Index confirms what security teams already suspect: digital trust is eroding through friction, not just breaches. Here's what businesses need to understand before that trust disappears entirely.
Kyanite Blue Labs · 3 Apr 2026Android Messaging App Permissions: What Your Staff Are Really Granting
Not all messaging apps behave the same way on Android. A comparative analysis of Signal, Telegram, and Messenger reveals significant differences in permissions, background activity, and data exposure — and those differences carry real implications for businesses that allow personal devices in the workplace.
Kyanite Blue Labs · 3 Apr 2026AI Agents Are Running Loose. Governance Is Catching Up.
Autonomous AI agents can execute financial transactions, manage infrastructure, and write code — all without a human signing off at each step. Microsoft's new Agent Governance Toolkit is the first serious attempt to build the guardrails that should have existed from day one. Here's why that matters for your security posture.
Kyanite Blue Labs · 3 Apr 2026The Full English Breakfast Approach to Cybersecurity
Most businesses buy cybersecurity like supermarket shoppers — grabbing individual tins off the shelf without a recipe. We think about it like a full English breakfast: every component matters, nothing competes with anything else on the plate, and someone needs to cook it properly.
David · 3 Apr 2026DarkSword: What Apple's Emergency iOS Patch Tells Us
Apple has issued emergency security updates to block the DarkSword exploit kit, extending patches to a wider range of iPhones still running iOS 18. The move confirms active exploitation in the wild — and raises a harder question: what happens to the devices your staff are using that never get patched at all?
Kyanite Blue Labs · 2 Apr 2026CrystalRAT: The £30 Malware Selling Full System Access on Telegram
A new malware-as-a-service called CrystalRAT is being openly sold on Telegram, giving attackers remote access, keylogging, clipboard hijacking, and data theft capabilities for a minimal outlay. The barrier to entry for sophisticated cyberattacks just dropped further — and UK and NZ businesses need to understand what that means.
Kyanite Blue Labs · 2 Apr 2026Stay informed
Threat intelligence and compliance updates — direct from the Kyanite Blue team.
Book a discovery call