<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Samit Hota — Security Research &amp; Advisory</title><description>Writing on offensive security, cloud security, threat intelligence, and building security programs that hold up under real attack.</description><link>https://samithota.com/</link><item><title>AWS Billing Console Glitch Triggers Inaccurate Cost Estimates</title><link>https://samithota.com/blog/aws-billing-console-glitch-triggers-inaccurate-cost-estimates/</link><guid isPermaLink="true">https://samithota.com/blog/aws-billing-console-glitch-triggers-inaccurate-cost-estimates/</guid><description>Learn what caused the AWS Billing Console glitch on July 16-17, 2026, why your cost estimates are inaccurate, and why you don&apos;t need to panic.</description><pubDate>Fri, 17 Jul 2026 00:00:00 GMT</pubDate><category>Industry Analysis</category><category>news</category><author>Samit Hota</author></item><item><title>The IAM Blind Spots That Keep Showing Up in Cloud Assessments</title><link>https://samithota.com/blog/cloud-iam-blind-spots/</link><guid isPermaLink="true">https://samithota.com/blog/cloud-iam-blind-spots/</guid><description>Over-permissioned roles and implicit trust chains are the single most common finding across cloud security assessments. Here&apos;s why they keep happening.</description><pubDate>Tue, 02 Jun 2026 00:00:00 GMT</pubDate><category>Cloud Security</category><category>aws</category><category>iam</category><category>cloud-security</category><author>Samit Hota</author></item><item><title>Compliant Doesn&apos;t Mean Secure — And Your Board Should Know the Difference</title><link>https://samithota.com/blog/beyond-compliance-checklist/</link><guid isPermaLink="true">https://samithota.com/blog/beyond-compliance-checklist/</guid><description>SOC 2 and ISO 27001 prove you have a process. They don&apos;t prove an attacker can&apos;t get in. Here&apos;s how to talk about the gap with leadership.</description><pubDate>Thu, 14 May 2026 00:00:00 GMT</pubDate><category>Career &amp; Advisory</category><category>compliance</category><category>risk-management</category><category>leadership</category><author>Samit Hota</author></item><item><title>Anatomy of a Modern Supply Chain Attack — And Where Defenses Actually Break</title><link>https://samithota.com/blog/anatomy-of-a-supply-chain-attack/</link><guid isPermaLink="true">https://samithota.com/blog/anatomy-of-a-supply-chain-attack/</guid><description>A walkthrough of how a single compromised dependency turns into full CI/CD compromise, and the specific control points that stop it in practice.</description><pubDate>Tue, 21 Apr 2026 00:00:00 GMT</pubDate><category>Offensive Security</category><category>supply-chain</category><category>ci-cd</category><category>red-team</category><author>Samit Hota</author></item><item><title>What Changed in Ransomware Tradecraft This Year</title><link>https://samithota.com/blog/state-of-ransomware-2026/</link><guid isPermaLink="true">https://samithota.com/blog/state-of-ransomware-2026/</guid><description>Ransomware operators have shifted from smash-and-encrypt to slow, quiet data theft. Here&apos;s what that means for detection and response strategy.</description><pubDate>Mon, 09 Mar 2026 00:00:00 GMT</pubDate><category>Threat Intelligence</category><category>ransomware</category><category>threat-intel</category><category>incident-response</category><author>Samit Hota</author></item></channel></rss>