Skip to content
Security

Email Security Is an Enablement Journey, Not a Maturity Ladder

tldr / infosec 20h ago 8

This article reframes email authentication as a phased enablement journey rather than a static maturity model. It exposes the brutal adoption gap: while 85% of domains have SPF and 57% publish DMARC, only 26% enforce it and just 1.1% deploy MTA-STS. Each phase unlocks new capabilities—from visibility with DMARC reports to mandatory TLS encryption and downgrade prevention—yet organizations stall due to checkbox mentality and fear of breaking mail flows. The piece argues that moving beyond 'security theater' to actual enforcement requires operational confidence but delivers dramatic reductions in phishing success.

Read full article →

More Security

Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations

tldr / ai 20h ago 9

Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.

GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines

theregister / security 6h ago 9

GitHub disabled 70+ Microsoft repos in under two minutes after the Miasma worm infected projects via compromised commits, breaking CI/CD pipelines and triggering RCE in developer tools.

Ubiquiti Patches Critical UniFi OS Flaws Enabling Unauthenticated Root RCE

tldr / infosec 20h ago 9

Ubiquiti patched three critical UniFi OS flaws that chain into unauthenticated root RCE with CVSS 10.0 scores, requiring immediate patching and full credential rotation.