Misconfig by Default: How Trust Gets Exploited Quietly

In partnership with

A free newsletter with the marketing ideas you need

The best marketing ideas come from marketers who live it.

That’s what this newsletter delivers.

The Marketing Millennials is a look inside what’s working right now for other marketers. No theory. No fluff. Just real insights and ideas you can actually use—from marketers who’ve been there, done that, and are sharing the playbook.

Every newsletter is written by Daniel Murray, a marketer obsessed with what goes into great marketing. Expect fresh takes, hot topics, and the kind of stuff you’ll want to steal for your next campaign.

Because marketing shouldn’t feel like guesswork. And you shouldn’t have to dig for the good stuff.

Sign Up Free

Internal Tools Are Being Indexed by Search Engines

Misconfigured dev tools, analytics dashboards, and internal wikis are being indexed due to open robots.txt rules or public DNS misclassification—exposing sensitive data and infrastructure blueprints.

Audit domain exposure regularly. Use authenticated gateways for all internal tools, and block indexing via server-side headers—not just robots.txt.

Insider Threats Are Using Company Swag for Social Engineering

Bad actors are ordering branded T-shirts, badges, and gear from public vendor stores—then using them in physical infiltration or social media spoofing campaigns.

Restrict merch orders to verified domains, watermark employee badges, and alert on third-party accounts claiming internal affiliation.

Expired SSL Certs Are Breaking Security Automation

Expired or unmonitored SSL certificates are interrupting logging, telemetry, and detection tools—silently degrading your security posture without direct alerts.

Deploy cert monitoring across all domains and endpoints. Tie cert expiration into CI/CD and incident playbooks.

Used by Execs at Google and OpenAI

Join 400,000+ professionals who rely on The AI Report to work smarter with AI.

Delivered daily, it breaks down tools, prompts, and real use cases—so you can implement AI without wasting time.

If they’re reading it, why aren’t you?

Join 400K+ pros

AI-Scripted Chatbots Are Being Used for Credential Harvesting

Phishing pages now include AI chatbots that imitate IT support agents—offering to “help” reset passwords, validate accounts, or troubleshoot app issues.

Train users on non-traditional phishing patterns. Add browser-level indicators for trusted domains and block script-based support interactions outside official platforms.

Overly Broad IAM Roles Are Still Default in Dev Environments

Developers often grant "admin:all" roles for quick testing—then forget to downgrade them post-launch. These roles are frequently left open in staging and QA environments.

Enforce IAM role decay and alert on non-production environments with elevated access. Use role-based templates that expire with code branches.

SaaS Platform Logs Are Not Being Retained Long Enough

Many SaaS platforms (like Figma, Linear, Notion, Monday) only retain audit logs for 7–30 days—leaving you blind when investigating long-tail threats or insider events.

Negotiate log retention with vendors, export logs into your SIEM, and schedule regular downloads to preserve historical context

Fact-based news without bias awaits. Make 1440 your choice today.

Overwhelmed by biased news? Cut through the clutter and get straight facts with your daily 1440 digest. From politics to sports, join millions who start their day informed.

Sign up now!