Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Many organizations have hundreds or thousands of API endpoints across their services, each of which handles authentication differently. For example, one service might rely on standard headers like Authorization: Bearer, while another uses an API key, and a third uses a custom JSON Web Token header with mechanisms or naming conventions specific to the team that built it.

Every guide to AI agent observability tells you what to capture — prompts, tool calls, token usage, traces, syscalls. Almost none address which of those signal sources you can still trust when the agent itself is part of the threat model. That distinction is the entire difference between observability that helps your SRE team debug a slow reasoning chain and observability that helps your security team investigate a breach.

On 1 July 2026, Australia's Tranche 2 reforms take effect. If you're a lawyer, accountant, real estate agent, conveyancer, precious metals dealer, or trust and company service provider, this deadline likely applies to you. Tranche 2 extends Australia's AML/CTF obligations to approximately 100,000 businesses that were previously unregulated.

A GitHub breach occurred on May 18, 2026 when a threat actor called TeamPCP pushed a malicious version of Nx Console (a widely used VS Code extension with 2.2 million installs) to Microsoft’s official Visual Studio Marketplace.

Continuous threat exposure management, or CTEM, is a five-stage program framework for continuously reducing real-world security exposure. It builds on vulnerability scanning by adding risk-informed prioritization, validation of exposure conditions and control effectiveness, and cross-team mobilization to drive remediation.

Leaders from across the federal government gathered to better understand IT and cybersecurity challenges in the AI age.

For decades, finding a zero-day flaw followed a predictable script: a highly skilled human researcher spent weeks staring at source code, digging for edge cases, and manually stitching together an exploit. In April 2026, Anthropic flipped that script by announcing Claude Mythos. This frontier model didn’t just mark an incremental upgrade; it introduced autonomous, machine-speed vulnerability hunting.

In May 2026, the Drupal Security Team disclosed a critical SQL injection vulnerability affecting Drupal core. The issue, tracked as CVE-2026-9082, affects Drupal installations using PostgreSQL and has been assigned a Drupal security risk rating of 23/25. The vulnerability can be exploited by anonymous users, and Drupal has confirmed that exploit attempts are being detected in the wild.

Most data security posture management (DSPM) programs don't fail because the technology is wrong. They fail because of execution gaps, from incomplete data inventory to misclassified data at scale to fragmented cloud environments and teams stretched too thin to act on findings. However, each of these problems is predictable, and each has a known fix.

Code from GitHub and Grafana is in criminal hands. Secrets buried inside could open doors no one is thinking of protecting yet, and AI will make hunting 0-days in that private code faster than ever.