Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Nx npm malware (Aug 2025): attackers published malicious Nx packages that weaponized AI coding agents (Claude Code, Gemini CLI, Amazon Q) via a postinstall script to inventory sensitive files and exfiltrate sensitive data to public GitHub repos named “s1ngularity-repository-*.” We break down what happened, affected versions, and how to check + respond (rotate credentials, hunt IoCs, and more). Resources.

The Security Operations Center (SOC) is the nerve center of an organization's defenses, but its efficiency and effectiveness are often limited by the growing volume and complexity of threats. By leveraging AI-driven threat detection and automated incident response, security leaders can optimize their SOC to respond faster and smarter. For CISOs, this means not only protecting the organization from current threats but also future-proofing defenses against an increasingly sophisticated threat landscape.

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

Compliance isn’t a one-time thing. Just like a fitness tracker can’t replace your annual check-up, point-in-time audits aren’t enough on their own. You need both visibility and continuity.

Collecting logs and metrics isn’t enough real API security requires actionable insights and the ability to respond fast. In this clip, Wallarm and Oracle experts explain why telemetry without a clear response plan is useless, and how building detection into your incident response process makes the difference between stopping threats and just observing them.

DORA: From Theory to Cyber Reality.

In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk’s VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them. From his journey co-founding Jetstack and creating Cert Manager to leading CyberArk’s efforts in workload identity, Matt shares insights on why secrets-based security is no longer sustainable—and how open standards like SPIFFE are reshaping the future of cloud-native and AI-driven environments.

With every organization vying to automate away their cybersecurity problems, it’s easy to allow the machine identities taking on formerly manual tasks to become entryways for threat actors. Learn the must-haves for securing the non-human identities streamlining your organization with One Identity sales engineer Rob Kraczek.

AI consumes massive volumes of unstructured data — emails, documents, reports, and prompts. Hidden within them are sensitive details: customer PII, salary data, intellectual property, and confidential financial information. Without the right safeguards, one innocent prompt can lead to costly data leaks, compliance violations, and privacy risks. Traditional security tools like RBAC, DLPs, and prompt filters weren’t designed for AI. They fail because AI doesn’t see folders — it consumes raw context. That’s where Protecto’s Context-Based Access Control (CBAC) comes in.

Scam Week Spotlight: $1.5Billion… Gone in minutes. What looked like a “routine” transfer at Bybit became one of crypto’s biggest scams.