Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As software systems grow more complex, managing the development process becomes mandatory. The Software Development Life Cycle provides a structured standard that helps teams build, test, and maintain reliable applications.

In 2026, software development speed is an AI-solved problem. Yet, as AI-generated code volumes surge, organizations face a new kind of risk visibility gap. Developers are increasingly copying third-party snippets into their codebases—from both AI prompts and open-source software components—creating large security and compliance blind spots that lead to significant risks.

When SOAR emerged around 2015, it was trying to solve a real problem: SOC analysts were drowning in manual, repetitive tasks across disconnected tools. SOAR promised to connect those tools, automate the workflows between them, and give analysts their time back. For a while, it mostly delivered. That era is long dead.

The KhangNghiem/fast-draft extension, listed on open-vsx.org/extension/KhangNghiem/fast-draft and now sitting above 26,000 downloads, had multiple malicious releases that execute a GitHub-hosted downloader and pull a second-stage RAT and infostealer from the BlokTrooper/extension repository. The confirmed malicious releases in the version line we inspected are 0.10.89, 0.10.105, 0.10.106, and 0.10.112.

Attending Mobile World Congress (MWC) 2026 in Barcelona was once again an incredible experience. Each year the event seems to evolve, and 2026 showcased just how quickly the telecom and cloud infrastructure landscape is changing. The show floor was packed, the conversations were engaging, and the innovations on display reinforced the pace at which our industry is moving.

Many IT professionals struggle to integrate artificial intelligence (AI) into their existing environments. You often find expensive hardware trapped in isolated clusters or dedicated hosts. Your infrastructure team manages access through manual ticket queues, which leads to low utilization and frustrating bottlenecks for developers. When you don’t have a standardized way to share and monitor accelerator resources, every hardware change risks downtime for your critical applications.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo Security teams are being asked to move faster and handle more complexity, while the threats they defend against are increasingly AI-assisted. When I wrote about VoidLink in January, my point was simple: you cannot fight machine-speed threats with human-speed defense. Attackers are using AI to code, adapt, and scale attacks while humans are still grinding away doing the heavy lifting in the SOC.

A surge in shipping-related phishing scams is targeting the Middle East and Africa (MEA) region, according to researchers at Group-IB. “To deliver the scam, the attacker sends a phishing link to victims via SMS using various spoofing or bulk-message techniques,” the researchers write. “These links are typically optimized for mobile devices, since most victims open SMS messages on their phones.

Cato CTRL has discovered a q-based delivery technique used against an Italy-based consumer services company associated with PhantomBackdoor, a multi-stage WebSocket-based backdoor previously reported in a Ukraine-focused spear phishing operation by SentinelOne. In SentinelOne’s earlier reporting, initial access relied on phishing lures and a ClickFix-style flow that triggered a staged PowerShell and ended with a WebSocket backdoor.

Artificial intelligence has moved from pilot project to core enterprise infrastructure faster than most security programs can adapt. AI is automating workflows, surfacing insights from complex datasets, and changing how work gets done across every function. But with that acceleration comes a new and expanding attack surface that most organizations are only beginning to understand.