Geek-Guy.com

Category: Risk Management

Master cybersecurity risk management with expert analysis on threat mitigation, compliance, and governance. Geek-Guy tracks the evolving landscape of digital risk.

Major Cyber Attacks in May 2026: Fake Invitations, Agent Tesla, BlobPhish, and More

May 2026 showed how fast routine business activity can turn into real security exposure. ANY.RUN observed phishing campaigns, fileless malware delivery, credential theft, OTP interception, and remote access abuse targeting organizations across industries.  From fake invitations and banking portals to compromised B2B websites and Word Online lures, the month’s attacks had one thing in common: they were built…

Tamnoon introduces skill-based AI orchestration for autonomous cloud defense

Tamnoon has expanded its AI engine, Tami, into a skill-based orchestrator that generates customer-specific remediation skills tailored to each enterprise environment. Trained on more than 6 million real cloud fixes across 800+ accounts, Tami coordinates specialized AI skills to safely and autonomously address every class of cloud risk. Two new skills are available, Remediation Confidence…

Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

Attackers have poisoned four Laravel-Lang Composer packages by rewriting hundreds of Git tags, putting many Laravel apps at risk. Hackers compromised four popular Laravel-Lang Composer packages and injected malware by rewriting more than 700 Git tags tied to historical versions. Laravel-Lang is a community-driven project that provides translation and localization files for Laravel applications. The…

Stop treating AI governance as a review layer. Make it release infrastructure

I’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: They all follow the same pattern. Build the product, then prove it meets requirements. The compliance layer sits outside the engineering workflow. It reviews what already exists. That model worked when the product stayed static between…

Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise

Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in attack chains rises. Now cyber defenders have another cause for flaw alarm: Vulnerability exploitation has significantly pulled away from stolen credentials as the most common entry point in security breaches, according…

Security experts caution MFA alone can no longer stop threat actors

Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to bypass multifactor authentication login protection. Phishing kits aimed at capturing M365 tokens aren’t new; some reports say these kits have been around since 2021. One of the latest is EvilTokens, which researchers at…

Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic

Anthropic says it and upwards of 50 partners involved in Project Glasswing have uncovered an estimated 10,000 critical or high-severity vulnerabilities in their software offerings. The company launched the cybersecurity initiative, which is built around Claude Mythos Preview, in April, stating that its launch partners would use it as part of their defensive security work.…

Welcoming the Bhutanese Government to Have I Been Pwned

Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Response Team, BtCIRT, now has access to monitor Bhutanese government domains against the data in HIBP. As Bhutan’s national CIRT, BtCIRT is responsible for consuming threat intelligence and sharing relevant insights with its constituents, helping…

The Underground Malware-Signing-as-a-Service That Makes Ransomware Look “Verified” on Windows

The Core Technical Concept: Code Signing At the center of Microsoft’s disruption of the Fox Tempest cybercrime operation is a foundational trust mechanism that modern operating systems rely on heavily: code signing. Code signing is a cryptographic trust framework used by operating systems such as Windows to verify both the integrity and origin of executable…

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks

A hacker is selling a 340M-strong OnlyFans-linked dataset built by correlating old breaches and public data, not by hacking OnlyFans directly. A threat actor is adverertising a purported database containing data of 340 million OnlyFans users, but the available evidence points to something less dramatic than a direct breach. According to HackRead, which reported the…

Cisco refines its risk-based vulnerability disclosure for the AI era

Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review. The company said it is moving further toward a risk-based disclosure approach, placing greater attention on issues under…

AI security needs a shift from models to systems, researchers argue

Enterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this month argued, warning that traditional AI-security approaches are increasingly misaligned with how autonomous agents actually operate inside enterprise environments. The paper argues that enterprises should…

DeepSeek’s steep V4-Pro price cut escalates AI pricing war

Chinese AI startup DeepSeek has announced a steep price cut for its recently launched flagship AI model, V4-Pro. The company has reduced pricing for the model by 75%, just a month after unveiling the V4 generation, which includes V4 Pro and V4 Flash. Earlier, usage costs ranged from $0.0145 for one million tokens (cache hit)…

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

As AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI, a JavaScript and TypeScript dependency vulnerability scanner focused on local lockfile analysis, is positioning itself around a simple idea. Developers should see dependency risks while they are…

US states step up cyber defenses to protect local communities

U.S. state governments are taking on a larger role in cybersecurity to help protect local communities and essential services. Many states are building state-led cyber defense programs, including cybersecurity clinics, regional security operations centers (RSOCs), and state cyber corps programs to reduce costs, strengthen the local workforce, and improve cyber resilience. Cyber defense programs in…

Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is…

U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…

CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or…

Why pure extortion is replacing traditional ransomware

Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting systems and causing immediate disruption, many attackers are now focusing on pure extortion: stealing sensitive data and threatening to leak it publicly if victims refuse to…

Data Sanitization Challenges Are Increasing in the AI Era 

Data sanitization has long played an important role in protecting sensitive information, but growing data volumes and stricter compliance requirements are making secure end-of-life data management more critical than ever.   The 2026 State of Data Sanitization Report by Blancco highlights growing concerns among organizations regarding data privacy, regulatory pressure, and end-of-life device management.  The report…

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain…

LG Launches PRO Services to Simplify DVLED Rollouts for Partners

LG Electronics USA’s commercial display division has launched LG PRO Services, a new “manufacturer-backed” installation service for its Direct View LED (DVLED) portfolio. The service covers fixed-price All-in-One DVLED models as well as cabinet-based indoor DVLED solutions, expanding LG’s role beyond hardware to help partners plan, deploy, and scale display projects with greater confidence. Addressing…

Microsoft, EY to spend $1 billion on helping customers buy agentic AI

Microsoft and EY will spend $1 billion on helping their customers adopt AI over the next five years. The billion will support assisting clients with pioneering AI projects and capability building, said EY’s global Microsoft alliance leader, Paul Clark. Clients will be able to access those resources based on their specific needs, he said. “We’re…

AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026

Major Threats & Vulnerabilities AI-Powered Cyberattacks and Exploits The 2026 Verizon DBIR revealed that vulnerability exploitation has surpassed credential abuse as the leading breach vector, accounting for 31% of incidents. The report highlights how generative AI is accelerating attack automation and expanding third-party risk exposure, particularly among SMBs facing ransomware threats. Microsoft Defender vulnerabilities are…

CVE-2026-9082: Highly Critical Drupal Core SQL Injection Flaw Threatens PostgreSQL Sites

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that can be exploited by anonymous attackers against sites using PostgreSQL databases. Tracked as the CVE-2026-9082 vulnerability, the issue resides in Drupal’s database abstraction API, which is supposed to sanitize queries before they reach the backend database. Drupal rates the flaw…

CVE-2026-45585: YellowKey BitLocker Bypass Exposes Encrypted Data on Windows Devices

BitLocker is designed to protect data at rest even when a device is lost, stolen, or powered off, which is why a bypass against that trust model draws immediate attention. The CVE-2026-45585 vulnerability, publicly referred to as YellowKey, is a Windows security feature bypass flaw that Microsoft says can let an attacker with physical access…

Cork CEO Dan Candee on Evolution of Security Services & AI

Cork is pushing MSPs to rethink cybersecurity delivery as AI accelerates both business technology adoption and the sophistication of attackers. In an interview with Channel Insider, CEO Dan Candee said the company has moved beyond compliance reporting and intelligence into active security remediation tooling. As AI and other forces seem to push tighter deadlines for…

Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines

I spent two days at a substation connecting a major offshore wind farm to the grid. The control room featured three new AI-ready dashboards and a board mandate to “leverage machine learning for resilience.” It also had a maintenance laptop running Windows 7, literally taped to the inside of a cabinet because the Velcro had…

U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-34291 Langflow Origin Validation Error Vulnerability…

Identity as the primary attack surface: What modern breaches are really exploiting

The “retro” way “The thing about the old days is… they are the old days” – Slim Charles, The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Businesses made significant investments in firewalls, intrusion detection systems, endpoint security and segmentation controls, all of which were built…

The new economics of fraud: Cheaper, faster, more convincing

Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals redirect efforts toward trust and third parties Fraud involves behavioral manipulation, fragmented ecosystems, and faster attack cycles that use AI to pressure people into authorizing payments themselves.…

Unpatched ChromaDB flaw leaves servers open to remote code execution

Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access sensitive data on machines running the open-source vector database. The issue, tracked as CVE-2026-45829, is located in ChromaDB’s API server and was published by researchers at HiddenLayer after reportedly failing to get in contact…

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL…

AWS KY3P report now available for third-party supplier due diligence

We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the heightened expectations of cloud service providers. Customers can now use the AWS KY3P assessment to reduce their supplier due diligence burden. KY3P,…

CISA chief frets about open-source vulnerabilities, delayed security improvements

Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday. “The open-source community is one that I’m particularly worried about when we start to think…

EU moves forward on $5.8B scale-up fund to keep startups from leaving

The European Union has stepped up efforts to grow its homegrown tech sector and reduce dependence on US firms, advancing plans this week for a €5 billion ($5.8 billion) fund to help startups scale in Europe rather than seek capital or buyers abroad. Analysts welcomed the initiative, but said its success will depend on whether…

7 Best Attack Surface Management Software in 2026

This guide is for IT leaders and security teams looking to improve visibility into organizational risks and reduce their attack surface in 2026. It covers the best attack surface management (ASM) software and the key features businesses should evaluate when selecting the right solution for proactive threat detection and risk mitigation. Key Points on Attack…

6 Best Vulnerability Management Software & Systems for 2026

This guide is for IT leaders, security teams, and vulnerability management professionals looking to improve security visibility and remediation across their environments in 2026. It covers the best vulnerability management software and systems, along with the key features organizations should evaluate when selecting the right solution for their security operations. Key Takeaways about the Best…

2026 Verizon DBIR: The New Era of Cyber Threats 

The 2026 Verizon Data Breach Investigations Report (DBIR) paints a clearer picture of today’s cybersecurity landscape: attackers are moving faster, artificial intelligence is accelerating cybercrime, and organizations continue to struggle with foundational security practices.  Key Takeaways from the 2026 Verizon DBIR Report Vulnerability exploitation (31%) overtook credential abuse (13%) as the top initial access vector…

AI, Cybersecurity Education, and the Defense of America’s Digital Border

Artificial intelligence (AI) is reshaping cybersecurity at a pace that is forcing educators, businesses, and governments to rethink workforce development and national defense strategies.  During a recent discussion with cybersecurity entrepreneur and ConnectSecure Chairman, Arnie Bellini, key themes emerged around the evolution of cyber threats, the importance of protecting America’s “digital border,” and the urgent…

Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems from insufficient validation and authentication in REST API endpoints. According to Cisco, remote attackers could…

Your AI Agent Doesn’t Care About Your Controls

This is Part 1 of a 2-part series on AI agents and control assurance.  Read Part 2: Controlling AI Agents: Why Detection Is Too Late The cybersecurity industry has spent years investing in visibility. Dashboards have improved, detection tooling has matured, and the volume of telemetry available to security teams has increased significantly. Most organisations…

SharePoint On-Prem End of Life: 2026 Migration Guide

With Microsoft ending support for SharePoint Server 2016 and 2019 on July 14, 2026, organizations still running on-premises SharePoint face a shrinking window to modernize aging collaboration environments before security updates, bug fixes, and vendor support disappear. SharePoint 2019 On-Prem lives on, but without Microsoft support For over a decade, local SharePoint deployments have served…

The readiness paradox: Why a false sense of cyber confidence is becoming a liability

There’s this old proverb that’s stuck with me over the years: “Dig the well before you are thirsty.” It really means you should prepare for the crisis before it arrives. In cybersecurity, it’s a mentality that’s long underpinned investment, strategy and board-level conversations. And by many measures, organizations appear to have already ‘dug’ that well.…

Tenable Hexa AI automates remediation across attack surfaces

Tenable has announced the general availability of Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform. Tenable Hexa AI is an advanced agentic AI for cybersecurity solution, equipped with advanced multi-step reasoning and Model Context Protocol (MCP) support, enabling custom agent building and workflows that accelerate risk reduction at machine…

CTERA brings AI insights and automation for unstructured data

CTERA has announced the launch of CTERA InsightAI, an agentic AI intelligence layer for the CTERA Intelligent Data Platform. The new capability is designed to help enterprises understand, manage, secure, and optimize unstructured data environments. CTERA InsightAI adds AI-driven insights and automation to data operations, expanding traditional data observability capabilities. CTERA InsightAI continuously analyzes enterprise…

AI becoming an SOC imperative for curtailing emerging cyber threats

The cybersecurity profession is on the verge of a sea change, and security pros must begin to master AI tools to combat emerging threats by building more autonomous, real-time protections. Expert panelists at a recent DTX conference session in Manchester, titled “Bot vs Bot: Surviving the Era of Autonomous Cyber Warfare,” highlighted how bringing AI…

Why AI changed the threat model for travel technology

In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconnected ecosystem of identity, payments, loyalty programs, and third-party integrations creates compounding risk, and how…

Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix

Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available. The company issued an advisory Tuesday saying…

Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix

Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available. The company issued an advisory Tuesday saying…

Third-Party Risk Management Needs to Evolve 

Traditional point-in-time vendor risk assessments are becoming increasingly difficult to maintain in environments where vendors, technologies, and regulatory requirements continuously evolve.  During a recent discussion with eSecurity Planet, Auditive Founder and CEO Daniel Faddoul explained why many organizations are struggling to keep pace with modern third-party risk exposure and why continuous monitoring is becoming more…

Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows

Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its decisions can’t be predicted or guaranteed in advance. It can hallucinate harmful actions with complete confidence. It’s vulnerable to prompt injection…

Browser Threats Are Expanding the SMB Attack Surface 

Small and mid-sized businesses (SMBs) are facing a growing wave of cyberattacks, and according to Palo Alto Networks, many of those threats are now originating directly inside the browser.  During a recent discussion with eSecurityPlanet, Shivam Srivastava, VP of Product Management for Prisma Browser for Business at Palo Alto Networks, discussed the growing cybersecurity challenges…

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…

Meet Rampart and Clarity, Microsoft’s new red team combo AI agents

On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches. Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems…

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Microsoft says it disrupted a malware-signing service that abused Azure Artifact Signing to create fraudulent certificates used in ransomware and malware attacks.  The Fox Tempest operation allegedly helped cybercriminals distribute malware disguised as trusted software to evade Windows defenses and fool users.   “Fox Tempest doesn’t directly target victims but instead provides supporting services that enable…

AWS Security Hub Extended: Why enterprise security products should sell themselves

Our largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector, AWS WAF, and AWS Security Hub, experienced the benefits in real time, and evaluated with transparent pay-as-you-go pricing. No RFP. No six-month evaluation. No multi-year commitment up front. Our field teams played a…

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI…

ISC2 Report: AI Is ‘Double-Edged’ Sword of Cybersecurity

A new study from ISC2 has found that cybersecurity professionals now see AI as both their biggest opportunity and biggest threat.  The findings point to a field at an inflection point, with teams moving to adopt AI for defense while preparing for more scalable, convincing AI-enabled attacks. AI ranks as top security opportunity and threat…

GitHub says internal repositories were taken in poisoned VS Code extension attack

GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the…

Agentic AI Security Risks Increase Governance Demands for MSPs

BYOD was a headache. AI agents are an existential crisis. Advanced AI models pose a massive security and governance challenge for the channel, forcing managed service providers (MSPs) and tech partners to rethink how they protect corporate data. Agentic AI adoption exposes governance gaps The shift from passive, generative AI chatbots to fully autonomous agents…

Google talks ‘singularity’ while scaling up agentic AI for enterprises

Google is recasting its enterprise AI roadmap around autonomous systems and AGI, with DeepMind CEO Demis Hassabis telling I/O attendees the industry now sits at the “foothills of the singularity.” “When we look back at this time, I think we all realise that we were standing in the foothills of the singularity,” Hassabis said in his…

How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?

Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real-time intelligence that keeps detection systems current automatically, instant IOC investigation that cuts triage…

ArmorCode gives security teams AI workers for exposure and remediation

ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help security teams move beyond generic AI assistants by turning unified security and business context into purpose-built AI…

Novata uses AI to map risk across portfolios and supply chains

Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, customizable framework for comparing risk across entities, normalizing diverse risk signals into a comparable view across portfolios…

Trust3 AI focuses on AI agent risks with MCP Security layer

Trust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and governance teams with a unified trust layer to seamlessly and safely connect AI agents with vital business…

Why some security fixes never reach your vulnerability dashboard

On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm install. The attackers reached Bitwarden’s npm publishing path through a compromised GitHub…

Communicating cyber risk in dollars boards understand

In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and organizational dynamics. He unpacks the gap between security teams and boards, pointing to…

EnterpriseClaw wants to bring governance to the OpenClaw era

Autonomous agent orchestration tool OpenClaw hit the scene last November and immediately went viral, but its dramatic flaws were exposed just as quickly. Still, it marked a pivotal step in the agentic AI era, and enterprises have been exploring ways to deploy fleets of autonomous agents safely and securely ever since. Automation Anywhere Tuesday rolled…

CIRT insights: How to help prevent unauthorized account removals from AWS Organizations

The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that take advantage of specific customer configurations and designs. Understanding these tactics can help inform your architecture decisions, improve your…

News alert: Orchid Security study finds invisible identities now outnumber managed accounts

NEW YORK, May 19, 2026, CyberNewswire—Orchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of identity and access management systems. The report found that invisible identity (“identity dark matter”) now outweighs visible identity across enterprise…

Drupal is rolling out an emergency security update on May 20. You cannot miss it

Drupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough to get any site administrator’s attention. The Drupal Security Team has confirmed it will release…

CISA GitHub Leak Exposes AWS GovCloud Secrets 

A public GitHub repository tied to a CISA contractor reportedly exposed sensitive AWS GovCloud credentials, plaintext passwords, and internal deployment files.  Researchers said the exposure may have provided privileged access to multiple internal systems and cloud environments before the repository was removed.  “Passwords stored in plain text in a csv, backups in git, explicit commands…

Westcon-Comstor Launches White-Label OneSOC Service

Westcon-Comstor has launched OneSOC, a vendor-agnostic, white-label security operations service designed to help channel partners offer SOC capabilities under their own brand without upfront investment. The global technology distributor, which specializes in cybersecurity, networking, and hybrid cloud, announced the service on May 19.  OneSOC targets partner barriers to SOC delivery OneSOC is available across Europe,…

Splunk: Downtime Costs Hit $600B as Shadow AI Grows

The average cost of downtime has reached $600 billion across the Global 2000, a 50% increase in just two years, according to a newly published report from Splunk. Produced in partnership with Oxford Economics, Splunk’s “The Hidden Costs of Downtime” report highlights the rising financial impact of cyber incidents, outages, and breaches, including a growing…

Governing infrastructure as code using pattern-based policy as code

Organizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for that class of data. In another, a security group might allow broader access than intended. Required tags might be missing. Encryption might be assumed…

GitHub scales back bug bounties, reminds users security is their responsibility too

Faced with the growing volume of submission to its bug bounty program, GitHub is replacing cash bounties with swag rewards for reports with low security impact — and asking researchers to stop submitting reports that are low quality or about things that aren’t its fault. The cloud-based code repository platform has seen a sharp increase…

Cato Networks Adds Cyera DSPM Integration to XOps

Cato Networks has integrated Cyera’s Data Security Posture Management capabilities into Cato XOps, giving enterprise security teams more context around sensitive data when detecting, investigating, and responding to threats. The integration, announced May 19, embeds Cyera’s data intelligence into Cato XOps, Cato’s combined XDR and AIOps solution. The companies said the goal is to help…