Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread

On May 11, 2026, Mend Defender flagged more than 120 malicious packages newly published to RubyGems — the standard package manager for the Ruby ecosystem. Within 24 hours, that initial cluster expanded into something far larger: tens of thousands of packages pushed by thousands of attacker-controlled accounts, forcing RubyGems to suspend new account registration entirely while the cleanup got underway.

AI governance: a practical guide for enterprise leaders

It's 9:47 AM on a Tuesday. A Slack message from legal lands in the security channel: "Did anyone approve the marketing team's new AI vendor? They're feeding customer data into it." Nobody approved it. The vendor's terms say they can use input data for model training, and the contract was signed three weeks ago. That moment, some version of which plays out at most organizations now, is what makes AI governance an operational priority rather than a compliance exercise.

As compliance evolves, operational resilience becomes the real benchmark

The days when compliance was only a documentation exercise are long gone. Now, it’s a critical priority for a wide variety of organizations. But compliance is more of a result than a goal. The goal is achieving resilience. Cybersecurity and data protection regulations are rapidly evolving far beyond traditional compliance checklists. Global frameworks and regulations such as NIS 2, DORA, GDPR, HIPAA, SOX and NIST 2.0 are placing greater emphasis on operational resilience.

Why AMOS matters: The macOS malware stealing data at scale

Sophos X-Ops looks at the Atomic macOS Stealer and its capabilities Sophos Managed Detection and Response (MDR) teams recently responded to a customer incident involving an infostealer infection on a macOS host. When we investigated, we found that the infostealer appeared to be a variant of AMOS (Atomic macOS), a well-known malware family we’ve written about before. The attack began with a ClickFix-style ruse, where a user was tricked into running a terminal command.

How to Manage Risks Within Your Applications

The security landscape has fundamentally changed, and many organizations haven’t caught up. If you’re still relying on quarterly scans, annual penetration tests, or spreadsheet-based vulnerability tracking to manage risks within your applications, you’re not managing risk. You’re documenting it after the fact.

Now Live: The CrowdStrike 2026 Financial Services Threat Landscape Report

The financial services industry is the fourth most-targeted sector globally, accounting for 12% of all observed activity. eCrime and nation-state adversaries spanning all motivations target these organizations due to their unique convergence of valuable assets, strategic intelligence, and geopolitical significance.

Bleeding Ollama Out-of-Bounds Read Vulnerability (CVE-2026-7482)

A critical vulnerability (CVE-2026-7482), dubbed “Bleeding Llama”, has been disclosed in Ollama, a widely used open-source framework for running large language models (LLMs) locally. With a CVSS v3.1 score of 9.1, the issue is classified as Critical and affects versions prior to 0.17.1. The vulnerability exposes organisations using self-hosted AI infrastructure to significant information disclosure risks.

What Is SASE? And How Is It Different From A VPN?

Many companies are used to the idea of operating a virtual private network (VPN), but SASE is becoming much trendier lately. It's changing the way companies work and fundamentally rewriting their security architecture. So, what exactly is SASE, and how can it help your business?

PDPA Compliance for Digital Products: What Singapore Businesses Need to Know in 2026

Singapore's digital economy continues to grow rapidly in 2026. Businesses are launching SaaS platforms, eCommerce websites, fintech portals, customer dashboards, and mobile applications faster than ever. At the same time, consumers are becoming more aware of how their personal data is collected, stored, and used. This shift has made compliance with Singapore's Personal Data Protection Act (PDPA) a critical requirement for every digital product.

How to Choose the Right Drug Test Saliva Kit for Your Industry

Not every employer needs the same drug screening program, and not every drug test saliva kit suits every workplace. A logistics company running a federally regulated fleet faces different testing requirements than a retail chain hiring seasonal workers. A hospital carries different exposure risks than a construction firm. Yet most guidance on saliva testing treats the decision as a simple product choice - list the panels, note the price, and leave employers to figure out the rest.