YETI.SECURITY / JOURNAL
The Yeti Journal
Field notes, threat briefs, and the occasional opinionated essay. No pop-ups, no email-gates.
2026.05.07
// THREAT BRIEF
Crampon-7: credential-stuffing wave targeting fleet-management SaaS
A coordinated campaign is replaying credentials from a 2025 breach against fleet-management SaaS login endpoints. Eleven known victims. Indicators inside.
2026.04.10
// FIELD NOTES
The first six findings we see, every time
Across 38 engagements the same six issues appear in roughly the same order. Treat the list as a pre-emptive remediation roadmap.
2026.03.22
// CASE STUDY
Northstar Robotics: fixing twelve findings before the report shipped
How Northstar's platform team closed 71% of issues during a four-week pen-test — and why that matters for how we run engagements.