Insights

Critical Path Security has announced the development of a new AI-driven OT Digital Twin Engine designed to combine graph-based attack-path analysis, deterministic simulation, and Large Language Model-assisted reasoning to evaluate industrial environments without actively interacting with production systems. The platform was developed in response to a growing problem across Operational Technology and critical infrastructure environments: traditional assessment methodologies were never designed for fragile industrial systems that cannot safely tolerate aggressive scanning, enumeration, or exploitation activity. In many OT environments, a malformed packet can disrupt operations. A vulnerability scan against an aging PLC or RTU can destabilize communications. A failed authentication attempt can interfere with emergency operational access. The consequence of intrusive testing inside industrial infrastructure is fundamentally different than in enterprise IT environments. The new Digital Twin Engine was architected around a different model. Rather than interrogating live systems directly, the platform ingests existing operational and security artifacts already maintained…

This week, news broke that cybercriminals targeted the popular education platform Canvas, impacting schools and universities across the country, including organizations here in metro Atlanta. According to reports, attackers may have accessed user data including names, email addresses, and private messages within the platform. I spoke with WSB-TV Channel 2 Atlanta about the incident and what it means for parents, schools, and students moving forward. The reality is simple: educational platforms have become high-value targets for cybercriminals. Schools hold enormous amounts of sensitive information, and unlike many enterprises, they often operate with limited security staffing and constrained budgets. What makes this incident particularly concerning is not just the exposure of names or email addresses. It's the potential misuse of private communications and student-related information. When attackers gain access to communication platforms used daily by students and teachers, the risks quickly move beyond technology and into personal safety, social engineering, harassment,…

Monthly Threat Brief: What Shaped Cyber Risk in April 2026 Cyber risk in April wasn't defined by a single event, it was shaped by patterns. Across environments, attackers are continuing to shift how they operate - leaning into trusted tools, valid access, and speed. This month's developments highlight a clear reality: the attack surface isn't just expanding, it's blending into normal business activity in ways that are harder to detect and easier to overlook. Here's what stood out. Social Engineering Is Moving Into Everyday Tools Phishing hasn't gone away, it's just changed form. Instead of relying solely on email, attackers are now initiating conversations through platforms employees already trust, like collaboration and messaging tools. By impersonating internal IT or helpdesk personnel, they're able to guide users into launching legitimate remote support tools and granting access themselves. Because these interactions happen in familiar environments and follow what looks like normal workflow,…

This advisory details steps organizations can take to defend against attacks originating from large, dynamic networks of compromised devices, based on guidance from the National Cyber Security Centre. The recommendations are tailored based on organizational size and risk level. All Organizations: The NCSC recommends mapping and understanding your network edge devices to gain a clear understanding of organizational assets and expected connections. General good cyber security practices should also be followed. Larger or More At-Risk Organizations: For organizations facing higher risk, consider these more comprehensive measures, either in-house or through a security provider: Apply IP address allow lists instead of deny lists for connections to corporate VPNs for remote workers. Use geographic allow lists or profile incoming connections based on operating system, time zones, and/or organization-specific system configuration settings. Implement zero trust policies for connections. Enforce machine certificates for Secure Sockets Layer (SSL) connections. Reduce the internet-facing presence of your IT…