Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What Auditors and Regulators Are Starting to Ask About AI Agents

The regulatory landscape for agentic AI is moving faster than most compliance programs are tracking. CISOs who wait for final guidance before building their compliance posture will find themselves in catch-up mode at exactly the wrong moment and, in some cases, already behind.

Autonomous Pentesting vs. Red Teaming: Do You Still Need Both?

Security teams are spending more money than ever on offensive security, and getting less clarity than ever on what it buys using them. For a long time, the central debate was pentesting vs red teaming. That argument settled itself once buyers understood that the two serve different objectives. Now it’s slipping again due to autonomous pentesting vs red teaming.

Incident Response Automation: A CISO's Guide for 2026

Your SOC probably looks busy on paper and brittle in practice. Alerts land from email, endpoints, cloud workloads, identity providers, firewalls, and ticketing systems. Analysts swivel between consoles, copy indicators into chat, open cases by hand, and race to decide which events deserve containment and which ones are just noise. That model doesn't break because people are careless. It breaks because the volume, speed, and interdependence of modern environments outgrew manual response a long time ago.

Global Third-Party Cyber Risk Regulatory Trends to Know: US and Europe

The landscape of third-party cyber risk is undergoing a profound transformation, driven by an escalating threat environment, an expanding attack surface, AI, and a tidal wave of new global regulations. As organizations grapple with complex digital supply chains, regulators across the US and EMEA are stepping up oversight, making 2026 a pivotal year for compliance and risk management. This analysis explores the essential threat intelligence and regulatory shifts that demand immediate attention.

Extending the value of network evidence: Introducing Performance and Asset Visibility

Every packet flowing through a Corelight sensor contains both security-relevant data and performance-relevant data. Until now, Corelight has focused exclusively on extracting security value from network traffic: connection logs, protocol analysis, and threat detections. But the same traffic that reveals lateral movement also reveals TCP latency. The same DNS queries that surface potential C2 channels also reveal resolution timing.

RBAC vs. ABAC: Core Differences, Use Cases, & The AI Agent Era

As organizations expand across cloud platforms, SaaS applications, remote teams, and AI-driven systems, managing access becomes more challenging. Security teams must ensure users, applications, and automated workflows can access the resources they need without exposing sensitive data or critical systems. This is where the RBAC vs ABAC discussion becomes important.

Mastra npm Scope Takeover: 140+ Packages Compromised via easy-day-js Dropper

An attacker republished more than 140 packages in the @mastra npm scope, each carrying a single malicious dependency, easy-day-js. The malicious versions were observed on 2026-06-17. easy-day-js is a typosquat of the dayjs date library: version 1.11.21 is the clean prior release with no install hook, while version 1.11.22 adds an obfuscated postinstall dropper.

The Deep Dive: Kroll's Analysis of the GARUDA C2 Malware

Kroll identified a cross-platform malware framework, dubbed GARUDA C2, that uses public code-hosting platforms like GitHub for staging, redundancy and command distribution across Windows, macOS and Linux. Analysis links the campaign to an India-based operator supported by Hindi-language development artifacts, build logs, infrastructure indicators and evidence suggesting use of a locally hosted large language model (LLM) to accelerate malware development.

VMware ESXi Networking Concepts

For connecting physical servers and computers to a network, you need physical network adapters, switches, and routers. With virtual machines, virtual network concepts are used for communication between the different components of an infrastructure. The proper configuration of ESXi networking on a host is critically important to the configuration of any ESXi environment. Generally, ESXi host networks include storage, vMotion, VM, and management networks.

Over 140 popular Mastra npm Packages Hit by Supply Chain Attack

On June 17th we detected a large-scale supply chain attack targeting the entire @mastra npm scope, a popular open-source AI agent framework. An attacker republished 141 packages in a burst between 01:15 and 02:00 UTC, silently injecting a malicious dependency into every one of them. The affected packages include @mastra/core, which has 918K weekly npm downloads, as well as mastra and create-mastra.