The Right to Be Forgotten gives EU residents a real and unevenly applied power to remove search-engine results about themselves. Here is what the law actually allows, what Google approves and rejects, and the practical steps for filing a delisting request.
Jesse William McGraw
Jesse William McGraw
Jesse William McGraw, also known as GhostExodus, is a former insider threat and threat actor. He became the first person in recent U.S. history to be convicted of corrupting industrial control systems. Today he focuses on threat intelligence, OSINT, and public speaking, using his knowledge to bring awareness to the security risks that organisations and individuals face.
The web tracks you in ways that have outgrown the simple cookie. Tracking pixels, postback URLs, server-side conversion APIs, identity graphs, and CNAME cloaking all live alongside browser fingerprinting and the dying third-party cookie. A field guide.
End-to-end encryption is the most important consumer-facing privacy technology of the past decade. It is also widely misunderstood: what it protects, what it does not, how the major messaging apps actually implement it, and where the metadata still leaks.
There are roughly 4,000 data brokers in the United States holding detailed dossiers on virtually every adult. They are largely unregulated, mostly invisible, and surprisingly hard to remove yourself from. Here is how the industry works and the realistic playbook for opting out.
The General Data Protection Regulation took effect in May 2018. Eight years and several billion euros in fines later, the regulation has reshaped the global privacy landscape — though not always in the ways its drafters intended.
Active Directory turns 26 this year, runs identity for nearly every enterprise on the planet, and is the single most-targeted system in modern intrusions. Here is how attackers exploit it and the controls that meaningfully change the equation.
CVSS scores tell you how bad a vulnerability could be in theory. EPSS scores tell you how likely it is to be exploited. KEV tells you it already is. Combining them is how mature security teams prioritise patching.
Software supply-chain attacks have moved from theoretical to commonplace. SolarWinds, Codecov, 3CX, the npm ecosystem incidents, and the XZ Utils backdoor each show a different way the chain breaks. Here is how the threat has evolved and what defenders can actually do.
The first sixty minutes of a confirmed security incident decide most of the next sixty days. Here is the operational playbook — what to do, what not to do, who to call, and what evidence to preserve.
Most cloud breaches are not zero-days. They are misconfigurations — the wrong S3 bucket policy, the over-permissive IAM role, the forgotten storage account. The Cloud Security Alliance’s 2024 Top Threats report and the CISA cloud advisories tell a consistent story.