Orange-Book

Every year, Verizon publishes the Data Breach Investigations Report, and every year the security community either over-indexes on a single headline or buries the thing in a drawer. The 2026 edition — the 19th — deserves neither treatment. Based on 31,000+ incidents and 22,000+ confirmed breaches across 145 countries, this is the largest dataset the DBIR has ever analyzed, and the findings have real operational implications for defenders at every level. ...

If you haven’t read the threat intelligence breakdown of the ShinyHunters Salesforce campaign, start there. This article assumes you know what happened and focuses on what to do about it. ...

Paperclip.ai is a self-hosted AI project management platform. It gives you a Linear-style issue tracker where AI agents can actually pick up tasks, reason through them, and take action — all running on your own infrastructure. No cloud dependency, no data leaving your environment. For a homelab running a SOC stack, threat intelligence pipelines, and a growing collection of automation projects, having an AI agent that can work through a backlog is genuinely useful. ...

A SIEM — Security Information and Event Management system — is the nerve center of a security operations environment. It collects logs and telemetry from across your infrastructure, correlates events into alerts, and gives you a unified view of what’s happening on every machine you care about. For years, running your own SIEM meant either paying for enterprise licensing or wrestling with complex open-source deployments. Wazuh changed that calculus significantly. ...

Running a homelab Ubuntu server long enough and you’ll hit two milestones eventually: the drive fills up and you need to migrate to a larger one, and your stack needs a proper maintenance pass to stay current. Both operations are straightforward once you understand the order of operations — but get either one wrong and you’re looking at an unbootable system or a fleet of containers that won’t start. ...

The multi-agent security pipeline we built earlier produces useful reports — structured risk analysis, mitigations, recommendations. But it has a ceiling: every agent reasons from what the model learned during training. It doesn’t know about the domain that started hosting malware last week, the C2 infrastructure tied to a campaign your MISP instance just ingested, or the specific indicators your feeds have flagged today. ...

If you’ve followed the Self-Hosted AI Stack walkthrough, you’ve got Ollama running locally, OpenClaw as your agent UI, and the whole thing locked down behind Tailscale. That’s a solid foundation. But a chat interface, however useful, isn’t the ceiling of what this stack can do. ...

There’s a certain appeal to running your own language model. No API costs, no data leaving your network, no rate limits, no terms of service to worry about when you feed it sensitive context. For anyone who works in security — or just values privacy — the idea of keeping inference local is worth the setup cost. ...

If you run self-hosted services at home, you’ve probably hit the remote access problem at some point. You want to reach something — a dashboard, a tool, an API — from outside your home network. The path of least resistance is to open a port on your router and point it at the service. It works. It also quietly puts that service on the internet, discoverable by anyone running a scanner. ...