A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affected packages used in SAP’s JavaScript and cloud application development ecosystem. The malicious versions added installation-time code that could steal developer credentials,…
Tag: scrutiny
AI, Global Security News, Risk Management
Geopolitical volatility has become a ‘technology leadership test’
Forrester has published a new report ‘Geopolitical Conflict Increases IT Budget Scrutiny And Security Risks’ which details how geopolitical instability in the Middle East is forcing technology leaders to heavily scrutinize their budgets.
AI, Data Breaches, Exploits, Global Security News, malware, Network Security
AWS Bedrock’s ‘isolated’ sandbox comes with a DNS escape hatch
AWS’ promise of “complete isolation” for agentic AI workflows on Bedrock is facing scrutiny after researchers found its sandbox mode isn’t as sealed as advertised. In a recent disclosure, BeyondTrust detailed how the “Sandbox” mode in AWS Bedrock AgentCore’s Code Interpreter can be abused to break isolation boundaries using DNS queries. While the sandbox blocks…