Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

Mini Shai-Hulud Is Back: 172 npm and PyPI Packages Compromised in Latest Wave

May 12, 2026 By Tom Abai In Mend
The Mini Shai-Hulud supply chain campaign has resurfaced with its largest wave yet. Over a 48-hour window on May 11-12, 2026, attackers compromised 172 unique packages across 403 malicious versions on npm and PyPI, including high-profile scopes like @tanstack, @uipath, @mistralai, and @opensearch-project.
Read Post

The Teleport Agentic Identity Framework in 3 minutes

May 12, 2026 By Teleport In Teleport
AI agents are rapidly moving into production, but most organizations are still deploying them on top of legacy identity systems built around passwords, secrets, and fragmented access models. In this video, we introduce the Teleport Agentic Identity Framework, a standards-driven approach for deploying AI agents securely across infrastructure using cryptographic identity, governed access, and continuous visibility.
View Video

Hacking LLMs using LinkedIn #aisecurity #ai #llm

May 12, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
Best VPS Under $2 Per Month in 2026: What's Real, What's Worth It

Best VPS Under $2 Per Month in 2026: What's Real, What's Worth It

May 12, 2026 By SecuritySenses In SecuritySenses
The sub-$2 VPS market exists, and some of it is genuinely useful. Budget hosting at this price tier has a real use case: lightweight bots, personal projects, VPN endpoints, learning Linux, or running a single low-traffic service without paying Hetzner prices for a production-grade machine. This guide covers what's actually available in 2026, what to watch out for, and one option that gives you access to enterprise-grade infrastructure for less than a cup of coffee per month.
Read Post
teleport

Multi-Site Data Center Audit and Compliance Best Practices

May 11, 2026 By Mayur Pipaliya In Teleport
Most multi-site infrastructure teams manage access and audit logging site by site, using stacks that have been built up over time through different tools, different owners, and thousands of static credentials or standing admin privileges. This makes org-wide auditability nearly impossible to produce on demand, and adds complexity to regional compliance requirements.
Read Post
CloudCasa

OpenShift Virtualization Backup: How to Protect VMs After Migrating from vSphere

May 7, 2026 By CloudCasa In CloudCasa
Most OpenShift Virtualization projects start with a simple goal: move virtual machines off a traditional hypervisor and onto a Kubernetes-based platform without forcing every workload to be rewritten. That is a practical goal. Many organizations have VM estates that will not become containers any time soon, and OpenShift Virtualization gives infrastructure teams a way to run those VMs next to containerized applications on the same operational platform.
Read Post
armo

Privacy and Data Residency for AI Agents: What GDPR Requires That Static Controls Can't Show

May 7, 2026 By Yossi Ben Naim In ARMO
The residency evidence GDPR and the EU AI Act now expect lives in the runtime trajectory of every AI agent execution, not in the deployment configuration. Your residency compliance dashboard — every workload in eu-west-3, sovereign cloud configured, SCCs signed — cannot produce it. Your AI agent’s last thousand inferences crossed an external border, on average, eight times each. The translation API routed through us-east-1 when the EU endpoint hit capacity.
Read Post
armo

Why Editing IAM Policies Won't Fix Your AI Agent Identity Problem

May 7, 2026 By Ben Hirschberg In ARMO
Editing IAM policies cannot fix the most common architectural mistake in shipping AI agents on Kubernetes. It happens in thirty seconds: a platform engineer reuses an existing ServiceAccount with an IRSA annotation for Bedrock access because creating a new one takes thirty minutes plus a Terraform pull request. The new agent ships under the existing identity.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.