Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-20929, a vulnerability with a CVSS of 7.5 that was patched in the January 2026 Patch Tuesday update, enables attackers to exploit Kerberos authentication relay through DNS CNAME record abuse. This blog focuses on detecting one particularly impactful attack vector: relaying authentication to Active Directory Certificate Services (AD CS) to enroll certificates for user accounts, as detailed in recent research.

Source code for Claude Code, Anthropic’s developer facing CLI tool, was exposed through source maps included in a published npm package under Anthropic’s npm namespace. The exposure revealed approximately 500,000 lines of application code across roughly 1,900 files.

Phorpiex, also known as Trik, is a resilient and long-running botnet with a history dating back to 2011. While it has grabbed some headlines, its sustained presence and adaptability make it a subject of ongoing concern for the cybersecurity community. Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform.

Open source made software development faster. It also made software delivery more fragile. Most teams already understand that dependencies can contain vulnerabilities. Fewer teams fully internalize the other half of the problem: dependencies can also change underneath them. When versions are not pinned, code from outside your organization can enter your build, CI pipeline, or runtime environment without a deliberate engineering decision. Your repo may be unchanged. Your app may be unchanged.

A CISO’s job never ends, and, according to a recent LevelBlue survey, the issues they are dealing with on a daily basis are piling up, causing some disconnect in priorities and a misunderstanding of how to accomplish specific cybersecurity goals. To help answer some of the more pressing questions CISOs face and to gain a different perspective on the survey’s results, we sat down with LevelBlue’s Chief Security & Trust Officer, Kory Daniels.

In the third installment of SafeBreach’s AI-First development series, VP of Development Yossi Attas explores the resurgence of the Product Requirements Document (PRD) as the foundational “control surface” for AI-assisted engineering.

The widely used Axios npm package, a JavaScript library that enables applications to make HTTP/S requests and is included as a dependency in millions of applications, was compromised in a supply chain attack on March 31, 2026 (UTC).

On March 28, 2026, F5 updated its security advisory for a vulnerability impacting BIG-IP APM that was originally disclosed in October 2025 (CVE-2025-53521). The vulnerability was initially classified as a medium-severity denial-of-service (DoS) issue but has been reclassified as a critical remote code execution (RCE) vulnerability. F5 has stated CVE-2025-53521 is being exploited by unauthenticated remote threat actors to deploy web shells.

By: Simon Hunt, Chief Product Officer, Securonix Being named to CRN’s 2026 Security 100 list for the fourth consecutive year is something we’re proud of. It reflects the strength of our partners and the work our teams are doing every day. But recognition doesn’t stop a breach. It doesn’t reduce investigation time. It doesn’t help an analyst close a case faster at 2:00 a.m.

‍A DLP solution is only as strong as what it can detect. Gaps in detector coverage aren't just a technical inconvenience; they're exposure windows. Every format that goes unrecognized is a policy that can't fire, a remediation that can't happen, and a breach waiting to occur. Three new detectors are now available in Nightfall: personal photos (selfies and headshots), Malaysian Driver's License numbers, and South African National ID numbers.