Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer

On May 22, 2026, we detected an active supply chain attack against Laravel-Lang. We filed a report with the maintainers immediately. The attacker published malicious version tags across three widely used repositories, injecting credential-stealing code that loads automatically via composer’s autoloader feature. What makes this particularly sneaky is that the malicious code was never committed to the official repos at all.

Laravel-Lang Composer tag-rewrite Supply Chain Attack

On 2026-05-22, an attacker rewrote every repository tag across four Composer packages in the Laravel-Lang ecosystem to point at malicious commits. The affected packages are laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses, and laravel-lang/actions. The rewrite took place on 2026-05-22 into the early hours of 2026-05-23. Every malicious commit makes the same two-file change: one entry added to composer.json, and one new file at src/helpersphp.

Deploying AI Agents to Production Kubernetes: A Security Checklist for Platform Teams

Your platform team already runs a production-readiness review on every workload that ships to Kubernetes. When the workload is an AI agent, the PRR doesn’t get thrown out — it gets a delta. Most of the items still apply; specific ones need extension when the workload is non-deterministic, calls tools dynamically, and exercises identity at runtime in ways the manifest didn’t predict.

How to Threat Model AI Agents in Kubernetes: A Practical Framework

Most threat modeling assumes the attacker has to break something. AI agents change that assumption. An attacker who controls a prompt can make the agent misbehave without breaking anything at all. The prompt can be a customer support ticket the agent reads, a document it retrieves, or a tool response it processes — any input the agent treats as context is an attack surface. On Kubernetes, that attack surface has physical form.

The Top 5 File Activity Monitoring Tools in 2026

In 2026, protecting sensitive data requires more than a firewall; it requires total visibility. As insider threats and AI-driven breaches grow more sophisticated, file activity monitoring tools have become essential for tracking how data is accessed, moved, and modified. Maintaining a secure environment now depends on turning every file interaction into actionable intelligence to ensure compliance and prevent data leaks.

More Than The Sum of its Parts: Combining EASM and Pentesting

In late April 2025, SAP released an emergency patch for a critical vulnerability in SAP NetWeaver, sending security teams across Europe scrambling to assess their exposure. The flaw, CVE-2025-31324, was rated critically severe, and the details that followed made clear why. Media reports quickly revealed the full scope. SAP NetWeaver Visual Composer allowed unauthenticated malicious file uploads through a specific HTTP API endpoint (/developmentserver/metadatauploader).

A Guide on How to Find Old Emails in Microsoft 365 (Office 365)

Microsoft Exchange and Outlook email services are among the most popular email applications in business environments. Sometimes, new users cannot find old emails in the Outlook client or Outlook web application after three or twelve months. One of the possible reasons may be improper synchronization settings in Outlook. Read this blog post to discover how you can find old emails and get Outlook emails back.

Back to the Fundamentals: Reflections from the IACIS BCFE Event in Orlando

In today’s cybersecurity landscape, speed is often treated as the ultimate objective. Organizations are racing to adopt AI-driven technologies, automate workflows, reduce response times, and deliver faster outcomes. Digital forensics is no exception. Forensic examiners increasingly rely on tools that automate large parts of the analysis process, helping reduce the time required for complex investigations. But this raises an important question: at what cost?

AI Alone Won't Stop the Breach: Why Email Security Needs Humans-on-the-Loop

2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds. The reality by the numbers: To close this window, your defense strategy must evolve into a two-step strategy of accuracy and automation.