Highlights from CYBR.HAK.CON. 2026
Among the topics: Cognitive warfare and medical device mayhem.
Latest Articles
CYBR.HAK.CON. 2026: The Ghosts Still Haunt the Machine - Lessons From The Therac-25 Affair
Sean Satterlee’s CYBR.HAK.CON. presentation used the deadly Therac-25 radiation overdoses to expose how modern connected medical devices still repeat many of the same dangerous cybersecurity and safety failures.
CYBR.HAK.CON. 2026: A Brief Introduction to Cognitive Warfare
Stephen Cravey’s “A Brief Introduction to Cognitive Warfare” explores how modern influence operations exploit human psychology, identity, emotion, and social dynamics much like attackers exploit vulnerabilities in technical systems.
Manufacturing: NIST Wants to Upgrade the Incident Response Playbook
NIST releases its first concrete OT recovery playbook and it looks nothing like an IT runbook. The document is formally aimed at manufacturing, but the problem it addresses is structural across every operational technology environment where stopping production has physical consequences.
Shall We Play a Game? WOPR a Special Guest at CYBR.HAK.CON.
A replica of WOPR, built for HouSecCon 2015's WarGames theme, has become a fan favorite at CYBR.SEC.Community events -- a fixture that taps into the hacker nostalgia and cautionary spirit of the 1983 film.
Inside CYBR.HAK.CON.: A New Grassroots Cybersecurity Conference for Ethical Hackers
Built by the team behind HOU.SEC.CON. (now CYBR.SEC.CON.) and partnered with renowned penetration tester Phil Wylie, CYBR.HAK.CON. aims to reconnect cybersecurity conferences with their grassroots hacker culture through hands-on training, community collaboration, and practitioner-first experiences.
AI Scanning's Hidden Tax: $128K in Triage Before a Fix
AI security scanners promise to reduce AppSec workload, but Contrast Labs' testing shows they systematically multiply it, turning a $315 API fee into an estimated $128,000 triage burden, before fixing a single vulnerability.
NGINX Rift: Eighteen Years in Plain Sight
An 18-year-old heap overflow in NGINX's rewrite engine is now under active exploitation. Patches exist, but attackers moved faster than most organizations can respond.
Cognitive Warfare Has Entered the SOC. What it is, How to Respond
Information overload, cognitive warfare, and nonstop digital noise are turning human attention into a vulnerable attack surface.
Pentesting Theater: When the Pentest Report Lands, and the Vulnerabilities Remain
Organizations spend real money on penetration testing and too often walk away afterwards with the same vulnerabilities they started with. The test happened. The report landed. The checkbox got checked. Nothing significant has changed.
From Threat Intel to ‘VulnOps’: Why Level 1 SOC as We Know It Is Heading to Extinction
Traditional security operations: CTI feeds piped into a SIEM, alerts routing into a ticket queue, and analysts triaging the resulting flood is running out of road. A new operational model is emerging in its place, and it doesn’t look much like what most security teams currently have in place.
Hack the Defenders: Tim Medin on Why Blue Teams Need an Offensive Mindset
Medin covers the evolution of penetration testing and why defenders need to stop relying solely on compliance checklists and start thinking like attackers.
Agentic AI Security Risks Are Growing Faster Than State and Local Defenses
Federal agencies and tech providers are accelerating AI security programs but organizations responsible for water systems, emergency services, and local government operations are struggling to keep pace. (Article includes an infographic to help security teams understand the operational challenges.)
Medical Device Cybersecurity in 2026: More Investment, More Attacks, More Harm
New survey results show that medical device procurement standards are tightening and budgets are growing, yet organizations are not keeping pace with threat actors as their attacks become more frequent. And the security gap between legacy and newly deployed devices isn’t closing.
How to Build a Vulnerability Intelligence Pipeline That Doesn't Rely on NIST's NVD
With NIST's National Vulnerability Database now triaging only a fraction of incoming CVEs, security teams must diversify beyond NVD while rethinking patch SLAs and risk scoring.
Have We Already Had a Cognitive Pearl Harbor?
Winn Schwartau warned of a “Digital Pearl Harbor” decades ago and is now raising a more unsettling possibility: the real attack may already be underway, targeting human perception itself.