%term

Turning Attackers into Signals: How Deception is Redefining Threat Detection | Fidelis Security

Apr 30, 2026 By Fidelis Security In Fidelis Security

Traditional detection methods are struggling to keep up with modern threats. What if you could turn attackers into your strongest signal? In this session, our Sales Engineer Jim breaks down how deception technology is transforming cybersecurity by: Delivering high-fidelity alerts with minimal noise Adapting dynamically to attacker behavior Extending protection to IoT and non-standard devices Scaling seamlessly across enterprise environments.

View Video

Fidelis Security

Read more about Turning Attackers into Signals: How Deception is Redefining Threat Detection | Fidelis Security

CyberPhysical Security: Protecting the Modern EV Charging Perimeter

Apr 30, 2026 By SecuritySenses In SecuritySenses

Electric vehicles have crossed from niche technology into mainstream infrastructure. Charging networks now form a critical layer of both the energy grid and the transportation system, and attackers have noticed. EV charging sits at a three-way intersection of cloud software, operational technology, and automotive systems. Each domain has its own threat model, its own tooling, and its own team assuming someone else owns the risk. That gap is where adversaries operate.

Read Post

SecuritySenses

Read more about CyberPhysical Security: Protecting the Modern EV Charging Perimeter

Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer

Apr 29, 2026 By Raphael Silva In Aikido

A new npm supply-chain compromise is targeting the SAP developer ecosystem. The affected packages we are tracking so far are: The pattern is familiar but also a bit different: a trusted package receives a new preinstall hook, the hook runs a new setup.mjs file, and that loader downloads the Bun JavaScript runtime to execute a large obfuscated payload named execution.js. The payload is an 11.7 MB credential stealer and propagation framework.

Read Post

Aikido

Read more about Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer

Stryker Hack: What We Know So Far

Apr 29, 2026 By Outpost24 Threat Intelligence Team In Outpost 24

On March 11, 2026, the Iranian hacktivist group Handala Hack Team claimed responsibility for compromising the American healthcare technology company Stryker. Public reporting suggests more than 200,000 systems were impacted and up to 50TB of data exfiltrated. While these figures remain unverified, the scale of operational disruption alone places this incident among the most significant enterprise cyber events of the year so far.

Read Post

Outpost 24

Read more about Stryker Hack: What We Know So Far

Inside the Hidden VM: How Attackers Stay Undetected

Apr 29, 2026 By Sophos In Sophos

Threat actors are getting better at hiding in plain sight through using virtual environments to evade detection and deliver ransomware. New research from Sophos X-Ops reveals an increase in the abuse of QEMU, an open-source emulator, to conceal malicious activity inside virtual machines. While this technique isn’t new, its use for defense evasion is accelerating, making visibility and detection even more challenging for defenders.

View Video

Sophos

Read more about Inside the Hidden VM: How Attackers Stay Undetected

A Mini Shai-Hulud Targeting the SAP Ecosystem

Apr 29, 2026 By Guillaume Valadon In GitGuardian

7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP's Node.js packages — and it's still active. Here's what GitGuardian found.

Read Post

GitGuardian

Read more about A Mini Shai-Hulud Targeting the SAP Ecosystem

'Mini Shai-Hulud' supply chain attack targets SAP npm packages

Apr 29, 2026 By Sophos Counter Threat Unit Research Team In Sophos

On April 29, 2026, security researchers detailed a campaign known as ‘mini Shai-Hulud’ that involves compromised versions of npm packages used in SAP’s Cloud Application Programming Model (CAP). The malicious packages reportedly contain functionality to steal sensitive data such as credentials. The stolen data is encrypted and exfiltrated via public GitHub repositories. The maintainers of known-compromised packages have released updated versions.

Read Post

Sophos

Read more about 'Mini Shai-Hulud' supply chain attack targets SAP npm packages

Persistent Online Worlds, Persistent Risks: The Security Challenges of MMORTS Games

Apr 28, 2026 By SecuritySenses In SecuritySenses

Massively multiplayer online real-time strategy games occupy a specific and underexamined position in the gaming security landscape. Unlike session-based games where a match ends and the state resets, MMORTS titles run continuous worlds where player-built empires, alliances, and resource stockpiles exist around the clock, whether or not the player is logged in. That persistence creates a threat model significantly closer to financial services platforms than most people in either the security or gaming industries tend to acknowledge.

Read Post

SecuritySenses

Read more about Persistent Online Worlds, Persistent Risks: The Security Challenges of MMORTS Games

Continuous Threat Exposure Management (CTEM): The Complete Guide to Proactive Cybersecurity

Apr 28, 2026 By SecuritySenses In SecuritySenses

The cybersecurity landscape has fundamentally changed. Organizations today manage sprawling digital environments - cloud workloads, remote endpoints, SaaS applications, third-party APIs, and hybrid infrastructure - all of which expand the attack surface at a pace that traditional security programs simply cannot match.

Read Post

SecuritySenses

Read more about Continuous Threat Exposure Management (CTEM): The Complete Guide to Proactive Cybersecurity

BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

Apr 27, 2026 By Arctic Wolf Labs In Arctic Wolf

Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK’s Lazarus Group.

Read Post