Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On May 22, 2026, we detected an active supply chain attack against Laravel-Lang. We filed a report with the maintainers immediately. The attacker published malicious version tags across three widely used repositories, injecting credential-stealing code that loads automatically via composer’s autoloader feature. What makes this particularly sneaky is that the malicious code was never committed to the official repos at all.

When teams start building AI agents, especially with managed systems like Amazon Bedrock, they often wonder whether simply enabling guardrails is enough to secure their agents. A framework like Amazon Bedrock Guardrails provides a solid foundation for content filtering and policy enforcement, but having guardrails in place is only part of the equation.

Many organizations have hundreds or thousands of API endpoints across their services, each of which handles authentication differently. For example, one service might rely on standard headers like Authorization: Bearer, while another uses an API key, and a third uses a custom JSON Web Token header with mechanisms or naming conventions specific to the team that built it.

Every guide to AI agent observability tells you what to capture — prompts, tool calls, token usage, traces, syscalls. Almost none address which of those signal sources you can still trust when the agent itself is part of the threat model. That distinction is the entire difference between observability that helps your SRE team debug a slow reasoning chain and observability that helps your security team investigate a breach.

On 1 July 2026, Australia's Tranche 2 reforms take effect. If you're a lawyer, accountant, real estate agent, conveyancer, precious metals dealer, or trust and company service provider, this deadline likely applies to you. Tranche 2 extends Australia's AML/CTF obligations to approximately 100,000 businesses that were previously unregulated.

A GitHub breach occurred on May 18, 2026 when a threat actor called TeamPCP pushed a malicious version of Nx Console (a widely used VS Code extension with 2.2 million installs) to Microsoft’s official Visual Studio Marketplace.

Continuous threat exposure management, or CTEM, is a five-stage program framework for continuously reducing real-world security exposure. It builds on vulnerability scanning by adding risk-informed prioritization, validation of exposure conditions and control effectiveness, and cross-team mobilization to drive remediation.

Leaders from across the federal government gathered to better understand IT and cybersecurity challenges in the AI age.

For decades, finding a zero-day flaw followed a predictable script: a highly skilled human researcher spent weeks staring at source code, digging for edge cases, and manually stitching together an exploit. In April 2026, Anthropic flipped that script by announcing Claude Mythos. This frontier model didn’t just mark an incremental upgrade; it introduced autonomous, machine-speed vulnerability hunting.

In May 2026, the Drupal Security Team disclosed a critical SQL injection vulnerability affecting Drupal core. The issue, tracked as CVE-2026-9082, affects Drupal installations using PostgreSQL and has been assigned a Drupal security risk rating of 23/25. The vulnerability can be exploited by anonymous users, and Drupal has confirmed that exploit attempts are being detected in the wild.