so I saw the thread about self-defense tools and it got me thinking about something adjacent that I've actually wondered about from an enterprise security angle. the question of whether physical security hardware can integrate with things like Active Directory, PAM solutions, or even something like Entra ID for conditional access. not stun guns talking to LDAP obviously, but like. door controllers, badge readers, physical access systems. because right now in most orgs I've worked with, physical and logical identity are completely siloed and it creates some genuinely weird gaps. the closest thing I've seen in practice is PACS (physical access control systems) that can pull from AD groups to determine who gets badge access to server rooms. this is actually a solved problem at the vendor level now - things like HID SAFE, Genetec ClearID, Verkada, with JumpCloud or Duo integration, and Alert Enterprise all have connectors that go well beyond a basic one-way sync. some of them do full lifecycle automation, so joiner/mover/leaver flows cover physical access alongside logical accounts. but in practice, most orgs I've touched still aren't using any of that. the sync is janky, one-directional, and nobody owns it properly, so you end up with terminated, employees who still have building access because the offboarding runbook only covers AD and maybe the VPN. I've also seen setups where a PAM solution triggers a physical alert when privileged sessions hit certain thresholds, but that's more SIEM-adjacent than true integration. what I'm genuinely curious about is whether anyone here has actually built out a setup where physical access events feed back into identity risk scoring. like, a user badging into a restricted area outside business hours bumping their risk level in something like Microsoft Entra ID Protection or an ITDR platform. the data exists on both sides. the PIAM vendors are starting to talk about this kind of cyber-physical convergence and some are claiming real-time behavioral analysis, feeding into access decisions, but I haven't seen it cleanly wired into an actual identity risk pipeline in the wild. has anyone actually pulled that off or is it still a PowerShell duct-tape situation on the integration side?

What is a Secure Web Gateway (SWG)?

A Secure Web Gateway (SWG) sits between users and the internet, protecting web access in real time. Unlike older web filters that simply blocked known bad sites, modern SWGs evaluate every web request in context, who the user is, what device they’re using, and what they’re trying to do.

Best Secure Web Gateway Solutions (Quick Overview)

1. Scalefusion Veltar Endpoint-first SWG that integrates with UEM for device-aware policy enforcement. Best for: Unified endpoint + web security with simple management
2. Check Point Harmony Connect Deep threat inspection with sandboxing and Zero Trust controls. Best for: Security-first enterprises
3. Cisco Umbrella DNS-layer protection with strong threat intelligence. Best for: Early threat blocking and reliability
4. Cloudflare One Cloud-native SWG with global edge performance and Zero Trust access. Best for: Distributed teams needing speed and simplicity
5. Netskope SWG Data-centric security with deep SaaS and cloud visibility. Best for: Cloud-heavy organizations
6. Zscaler Scalable, cloud-native SWG with full SASE capabilities. Best for: Large global enterprises
7. Forcepoint ONE Strong focus on DLP and compliance with advanced data protection. Best for: Regulated industries
8. Fortra WebTitan Lightweight, cloud-based SWG with easy deployment. Best for: SMBs

Every solution listed offers value, but the key difference lies in how well it fits your workflows.

Been thinking about this a lot lately, mostly because my team's been pushing to tighten, up our CI/CD posture beyond just the identity and AD stuff I usually focus on. We've got Dependabot running and SBOMs generating in CycloneDX format, and version pinning with hash validation has honestly saved us a few times. The dependency confusion angle is what keeps me up at night though - we had a close call with a scoped, package name collision a while back and it made me way more paranoid about trusted feed configuration than I used to be. One thing I'm still not fully sold on is how people are balancing auto-updates against reproducibility. Auto-PRs from Dependabot are great until one drops on a Friday and breaks something in prod because nobody reviewed it properly. SLSA Level 3 looks interesting for tamper-proof builds but I haven't seen many teams actually get there in practice. Curious what others are doing around policy-as-code for package allowlisting - is anyone using something like a package, firewall in their pipelines, and has the false positive rate from SCA tools been manageable or a constant headache?

if we break this down, traditional vpns shift trust from isp to provider, which means the visibility still exists, just in a different place. if the goal is privacy, then the real requirement is removing visibility entirely, not relocating it. so the next step would be architectures where traffic processing happens in a way that cannot be accessed, which would change the model from trust-based to constraint-based are there real implementations of this yet

ShinyHunters recently posted that they have breached Cisco AWS accounts and internal source code data. Attackers used compromised CI/CD credentials linked to a third-party supply chain attack (Trivy) to access its internal development environment, clone hundreds of repositories, and steal sensitive data including source code and AWS accounts.

I really don’t like the idea of guns or seriously hurting someone, but I’ve been thinking more about personal security lately and looking into less harmful self defense options.

I’m mostly interested in something that can help stop a threat long enough to get away, not something meant to cause major harm.

For people here with security experience, are less harmful self defense tools actually worth relying on? Or is it usually better to focus on awareness, prevention, and escape instead?

Genuinely curious about this — if you delete your Telegram account, does that completely de-link your IP address and phone number from it?

And what about after 12 months? I've heard Telegram only retains metadata for up to a year, so does that mean even law enforcement can't trace you after that point?

I’ve seen events where everything looks fine… and then the crowd starts building up and it goes downhill fast.

No clear entry or exit, people getting confused, everyone just kind of gets stuck

From what I’ve seen, crowd flow is where things usually start going wrong.

What’s the worst crowd control mistake you’ve seen?

A threat actor going by the name of "Mr. Raccoon" has claimed to have breached a 3rd party Indian BPO which adobe contracted for customer support. He reportedly has access to over 13M customer tickets, 15,000 employee data and Adobe's HackerOne account. Adobe is yet to respond to these claims.

I’m locked out of my main account!!

I received an email this evening at about 5:16CT saying I’d successfully enabled 2FA. I hadn’t attempted to set up any such thing, so I knew then that somebody else had access to my account. Immediately, I changed the password for that account. I was able to successfully change it. When I tried to log back in with my new password, however, Reddit was requesting I enter the 2FA code or a backup code, both of which I had no access to because I am not the one who set up 2FA on my account. At that point, I decided I’d submit a help request, and I was able to do that successfully.

All of this happened today within the past 30 minutes, so I figure it’s typical that I don’t have any response yet.

However, in the meantime, I decided to just look up my username from my burner account (the one I’m currently typing this post from), and when I looked up my old username, it said my account had been bannd??????? As far as my conduct goes, that truly, no exaggeration could not be possible. I used Reddit on my (hacked, now maybe also bannd?) account this morning, engaging in very normal, pedestrian commenting. I had stopped using it for a while until I saw and read the “2FA enabled email”, upon which I then changed my password. So there was no rule breaking conduct on my part.

Does anyone have any idea about what more I can do here? I did submit a help request, but… I guess I’m asking has anyone ever seen anything like this happening? Has anyone who’s dealt with it have a good outcome in the end? I am so sad about this, I was nearing a 700 day streak on my account😭 I want access to all the conversations and comments and posts I’ve saved, I didn’t realize I was so attached to this account and now it seems to be just disappeared through no doing of my own.

The account is u/kweenofdelusion. Can anyone see anything related to my content? I cannot, but I’m just asking if anyone else can.

As stated above, I can't contact the host of the site to remove the photo but I want to have a photo taken down when I google my name. I've had people dox before because they were able to find my photos and address through searching my name. How can I get these photos removed?

ShinyHunters is claiming that Rockstar Games was impacted in the ongoing wave of Snowflake-related incidents, but the interesting part is the alleged attack path. Instead of exploiting Snowflake directly, ShinyHunters says they obtained authentication tokens from a third-party SaaS provider (Anodot), which had access to Rockstar’s Snowflake environment. With valid tokens in hand, they were able to access data without needing to break in the traditional sense.

A report dubbed BrowserGate alleges that LinkedIn is enumerating installed browser extensions (potentially 6,000+ IDs) on page load. The concern isn’t just fingerprinting as extension detection can expose sensitive signals (e.g., dev tools, security plugins, job search tools), and in LinkedIn’s case, this data is directly tied to real identities.

On March 24, 2026, Mercor AI was reportedly breached by the hacking group Lapsus$. The incident is believed to have originated from a supply chain attack involving a compromised LiteLLM package, which may have been pulled by one of Mercor’s AI agents.

Lapsus$ claims to have allegedly gained access to internal systems, including Tailscale VPN credentials (by which they gained access to internal data), and exfiltrated approximately 4TB of data. The leaked data reportedly includes 211GB of candidate records, 939GB of source code, and around 3TB of video interviews and identity documents.

In a public statement on X, Mercor said that it had identified itself as one of many companies impacted by the LiteLLM supply chain attack. The company added that its security team acted quickly to contain the breach and begin remediation efforts though it remains to be seen.

I just got the written test invitation today!

The EU just hit Apple and Meta with massive DMA fines, Apple €500 million and Meta €200 million, handed down, April 23, 2025, for breaching DMA obligations, and most of the coverage is framing it as a competition or antitrust story. From a security and compliance standpoint, though, what stands out to me is the underlying data inventory problem these cases keep circling back to.

The specific violations here were anti-steering for Apple and a pay-or-consent ad model for Meta, but the broader compliance documentation challenge isn't unique to big tech. I've seen the same gap in mid-sized enterprises during audit prep. The org knows it has GDPR-scoped data somewhere in its M365 environment or on a, legacy file share, but the actual inventory is a mix of spreadsheets, tribal knowledge, and assumptions.

The enforcement trajectory here matters. DMA is a different instrument than GDPR, but the evidentiary expectations regulators are developing through these cases will bleed into how GDPR audits get conducted too. Demonstrating data minimization or legitimate processing basis is much harder when you can't even produce a current, accurate map of where regulated data sits. I've been evaluating a few classification tools for this kind of problem, including Netwrix Data Discovery & Classification, partly, because the access-context layer matters as much as the raw discovery output when you're trying to answer a regulator's question.

The part I keep thinking about: fines at this scale are still recoverable for Apple or Meta. For a smaller company, a significant fine as a proportion of revenue can be genuinely existential, DMA allows up to 10% of global turnover, which hits very differently depending on your size. And the documentation gap that left those companies exposed to enforcement is exactly the same, gap that exists in most enterprises, just with fewer lawyers in the room when it surfaces.

Well-argued piece, especially in its focus on process maturity rather than the need to buy more tooling.

One aspect I would add is the pragmatic approach to tool selection under budget constraints. Open-source and community editions should not be overlooked, as many enterprise needs can be covered with free or low cost solutions.

From what I’ve observed, higher-priced enterprise tools do not inherently reduce risk if controls and use cases are not well specified. In some cases, they introduce operational overhead through excessive alerts or prolonged tuning cycles. Conversely, more modest tools aligned to clearly articulated risk and compliance objectives can be effective from a risk-reduction standpoint.

Hi everyone,

I recently cleared the first round at Stripe for a new grad Security Engineer role and have my upcoming onsite which includes the Integration and Threat Modeling rounds.

I wanted to understand from people who have gone through these:

• What level of difficulty should I expect for the Integration round?
• Is it more like working with APIs/libraries or more system design heavy?
• For the Threat Modeling round, how deep into security concepts do they expect you to go?
• Do they expect knowledge of frameworks like STRIDE/OWASP, or is it more about general reasoning?
• Any specific preparation tips that helped you?

I do not have a strong security background, so any guidance on how to approach the threat modeling interview would be really helpful.

Thanks in advance, really appreciate any insights!