Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In March 2026, a GitHub account called hackerbot-claw, describing itself as an “autonomous security research agent powered by claude-opus-4-5,” began systematically targeting open source repositories—including one from Datadog. Over a week, it opened many pull requests designed to exploit misconfigurations in GitHub Actions workflows.

Cyber risk in 2026 isn’t defined by a lack of security tools; it’s defined by how quickly weaknesses compound when organizations aren’t aligned. To understand how organizations are responding, we researched the priorities, concerns, and blind spots of three critical leadership roles: the CISO, CIO, and CTO.

A few weeks ago we published the first part of this series where we described the infrastructure used by the RondoDox threat actors to scan and exploit vulnerable systems. In this second post we’ll take a deep dive into the malware that is deployed into vulnerable systems. Specifically, we’ll look at the initial implant used to fetch the RondoDox binary and the binary itself, detailing its behaviour, how it communicates with the Command and Control (C2), and its malicious capabilities.

Managed service providers (MSPs) are operating in an environment defined by growing attack surfaces, rising customer expectations and increasing pressure to scale efficiently. With MSPs managing more than 20 tools on average, integrations are no longer a backend convenience but are a strategic requirement for reducing complexity, accelerating response and improving margins.

OPSWAT Gold Certification validates that Netwrix Endpoint Protector delivers consistent encryption and data protection across Windows, macOS, and Linux. Linux environments often lack visibility and control, creating gaps in endpoint security. Extending unified policies across all operating systems reduces risk, strengthens compliance, and improves visibility into how sensitive data is accessed and moved across the environment. Many organizations believe their endpoint security is well covered.

We’ve been talking about zero trust for years, and for good reasons. The evolution of threats and the growing sophistication of attacks continue to underscore the need for an approach based on continuous validation, leaving behind the implicit trust that long defined traditional security.

Something big just happened in the cybersecurity world. And if you’re using OpenAI’s macOS apps… this affects you directly. OpenAI has rotated its macOS code-signing certificates after a supply chain attack quietly slipped into its workflow. No, your data wasn’t stolen. But yes, this is serious enough that every macOS user must update before May 8, 2026.

Two big things in this release, a remote-updating CertKit agent Google Trust Store CA issuer support.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Well, better late than never as some comments have been that I’ve seen.

Modern development teams move fast; security must keep pace. As organizations increasingly rely on GitLab to power CI/CD pipelines, integrating application security directly into the workflow is no longer optional — it’s essential. The Veracode GitLab Workflow Integration embeds automated security testing directly into GitLab pipelines, enabling teams to shift security left without disrupting delivery.