%term

Mini Shai-Hulud: The Most Sophisticated NPM Supply Chain Attack of 2026

May 18, 2026 By Snyk In Snyk

On May 11, 2026, the TanStack namespace was hit by a "Mini Shai-Hulud" supply chain attack. Unlike typical attacks, this did not involve stolen credentials; instead, the threat group TeamPCP hijacked the legitimate GitHub Actions release pipeline. This video covers the technical details of the OIDC token extraction, the "Dead Man's Switch" that triggers a rm -rf / upon credential revocation, and the mandatory remediation order you must follow to save your data. We also discuss how to harden your workflow using release-age cooldowns and OIDC pinning.

View Video

Snyk

Read more about Mini Shai-Hulud: The Most Sophisticated NPM Supply Chain Attack of 2026

What We Can Learn From the MoD Data Breach Attack

May 18, 2026 By SecuritySenses In SecuritySenses

The recent Ministry of Defence (MoD) data breach has raised serious concerns about cyber security, data protection and public trust. The attack exposed the personal details of thousands of serving and former armed forces personnel, including names, bank details, addresses and National Insurance numbers. Reports suggest that hackers gained access through a third-party payroll contractor linked to the MoD.

Read Post

SecuritySenses

Read more about What We Can Learn From the MoD Data Breach Attack

Prompt Analysis for AI Attack Detection: Four Signal Categories, Three Blind Spots, One Correlation Layer

May 17, 2026 By Yossi Ben Naim In ARMO

At 2:47 PM on a Tuesday, a customer support agent receives a routine ticket asking about return policy edge cases. The agent retrieves a section from your internal policy wiki through RAG to formulate the response. Three weeks earlier, an attacker had planted a hidden instruction in that wiki page. Bedrock Guardrails scored the retrieved context at 0.04 — well within benign range.

Read Post

ARMO

Read more about Prompt Analysis for AI Attack Detection: Four Signal Categories, Three Blind Spots, One Correlation Layer

DDoS Protection for Healthcare: Uptime, Compliance, and Patient Safety

May 15, 2026 By Vinugayathri Chinnasamy In Indusface

Healthcare absorbed ~24 million attacks in 2025, a 115% increase year over year, according to the Indusface State of Application Security 2026 report. DDoS alone grew 39% across the sector. But disruption here is not just about lost revenue or downtime. When systems go dark, emergency rooms divert patients, doctors lose access to electronic health records, and appointments are cancelled.

Read Post

Indusface

Read more about DDoS Protection for Healthcare: Uptime, Compliance, and Patient Safety

AI Agent Attack Detection: The Complete Framework for Security Teams

May 15, 2026 By Shauli Rozen In ARMO

It usually starts the same way. The CISO comes back from a board meeting having signed off on agentic AI for production. The SOC lead is told, in roughly that many words, to build detection for the agents. And the security stack she has — CNAPP for posture, EDR on the nodes, container runtime sensors, a SIEM ingesting everything — was architected before AI agents existed as a workload class.

Read Post

ARMO

Read more about AI Agent Attack Detection: The Complete Framework for Security Teams

Phishing Attacks Begin Targeting the 2026 FIFA World Cup

May 14, 2026 By KnowBe4 Team In KnowBe4

A major phishing operation is targeting soccer/football fans ahead of the 2026 FIFA World Cup, which begins in June, according to researchers at Flare. The attackers have set up at least 79 phishing sites impersonating the official FIFA website.

Read Post

KnowBe4

Read more about Phishing Attacks Begin Targeting the 2026 FIFA World Cup

Detecting Identity Attacks at Scale with Herd Immunity

May 14, 2026 By Trevor Daher and Joshua Riccio In Arctic Wolf

Modern identity‑based attacks often rely on shared infrastructure and reusable attack frameworks, rather than bespoke tooling built for a single target. Phishing kits and phishing‑as‑a‑service (PhaaS) platforms are the clearest example of this model — and today they are the most prevalent sources of account compromise across organizations of all sizes. Device code phishing illustrates how quickly this model evolves.

Read Post

Arctic Wolf

Read more about Detecting Identity Attacks at Scale with Herd Immunity

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread

May 14, 2026 By Maciej Mensfeld In Mend

On May 11, 2026, Mend Defender flagged more than 120 malicious packages newly published to RubyGems — the standard package manager for the Ruby ecosystem. Within 24 hours, that initial cluster expanded into something far larger: tens of thousands of packages pushed by thousands of attacker-controlled accounts, forcing RubyGems to suspend new account registration entirely while the cleanup got underway.

Read Post

Mend

Read more about Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread

DDoS Protection for SaaS: Keeping Multi-Tenant Platforms Online

May 14, 2026 By Vinugayathri Chinnasamy In Indusface

SaaS companies face a 20% yearly likelihood of a significant DDoS attack, according to the Indusface State of Application Security H1 2025, underlining the risks to uninterrupted operations. Even brief downtime can have severe consequences. On average, a DDoS attack costs businesses$6,130 per minute in downtime losses. For SaaS platforms, one attack hits every tenant at once, multiplying the SLA breaches, churn risk, and reputational damage across the entire customer base simultaneously.

Read Post

Indusface

Read more about DDoS Protection for SaaS: Keeping Multi-Tenant Platforms Online

13 Best DDoS Protection Software in the Market 2026

May 13, 2026 By Vivek Gopalan In Indusface

A DDoS attack costs businesses an average of $6,130 per minute. Beyond service disruption, these attacks often create operational pressure that exposes login systems, APIs, and payment workflows to additional threats such as credential stuffing and account takeover attempts while security teams work to restore availability.

Read Post