%term

Stay Safe Online: How Two-Factor Authentication Works and Its Limits

May 18, 2026 By SafeAeon Inc. In SafeAeon

In the past, authentication was just a login step. But as cybercrime has become more sophisticated, the role of authentication has grown. Now, the majority of breaches do not start with malware. They start with stolen credentials or access to an active session. Attackers can gain access to systems even when multi-factor authentication is in place. They use phishing to obtain login credentials or to send repeated approval requests. In some cases, they take over sessions by stealing the session token.

Read Post

SafeAeon

Read more about Stay Safe Online: How Two-Factor Authentication Works and Its Limits

We Pentested a Complex API Application with AigentX AI Agent - Then Verified the Results with Source Code Review

May 18, 2026 By Komodo Research In Komodo Consulting

How AigentX found 24 real vulnerabilities, confirmed what wasn't exploitable, and discovered risks that code review alone could never catch.

Read Post

Komodo Consulting

Read more about We Pentested a Complex API Application with AigentX AI Agent - Then Verified the Results with Source Code Review

Shiny Hunters' Supply Chain Playbook: How Tech and Enterprise Get Breached Without Clicking a Single Phishing Link

May 18, 2026 By foresiet In Foresiet

If you look at the cybersecurity setups of massive companies like Rockstar Games, Medtronic, or Amtrak, they look like digital fortresses. They spend millions on top-tier firewalls, hire elite security teams, and lock down their perimeters. Yet, all of them have made headlines for major data breaches. Recent Data Breaches How does this happen if their security is so good? The answer is simple: Attackers didn’t kick down the front door.

Read Post

Foresiet

Read more about Shiny Hunters' Supply Chain Playbook: How Tech and Enterprise Get Breached Without Clicking a Single Phishing Link

San Francisco Secure Software and AppSec Summit 2026: The Next AppSec Operating Model

May 18, 2026 By Dwayne McDaniel In GitGuardian

Security leaders at this SF area Summit examined AI agent risk, dependency governance, stale infrastructure, and the future of secure software.

Read Post

GitGuardian

Read more about San Francisco Secure Software and AppSec Summit 2026: The Next AppSec Operating Model

Mini Shai-Hulud: The Most Sophisticated NPM Supply Chain Attack of 2026

May 18, 2026 By Snyk In Snyk

On May 11, 2026, the TanStack namespace was hit by a "Mini Shai-Hulud" supply chain attack. Unlike typical attacks, this did not involve stolen credentials; instead, the threat group TeamPCP hijacked the legitimate GitHub Actions release pipeline. This video covers the technical details of the OIDC token extraction, the "Dead Man's Switch" that triggers a rm -rf / upon credential revocation, and the mandatory remediation order you must follow to save your data. We also discuss how to harden your workflow using release-age cooldowns and OIDC pinning.

View Video

Snyk

Read more about Mini Shai-Hulud: The Most Sophisticated NPM Supply Chain Attack of 2026

What is CVSS? A Complete Guide to Vulnerability Scoring

May 18, 2026 By Shane Moosa In UpGuard

The Common Vulnerability Scoring System (CVSS) remains the bedrock of risk communication for many mid-market organizations. Assigning numerical values to vulnerabilities enables a unified dialogue among security researchers, vendors, and IT teams, ensuring everyone speaks the same language when a new threat emerges. However, relying on a static score is no longer enough to defend a modern enterprise.

Read Post

UpGuard

Read more about What is CVSS? A Complete Guide to Vulnerability Scoring

What is Financial Services Cybersecurity? Threats and Defenses

May 18, 2026 By Shane Moosa In UpGuard

Financial services cybersecurity has evolved into a prerequisite for institutional solvency, moving far beyond traditional perimeter defense into the realm of total digital operational resilience. As the industry scales toward hyper-connected API ecosystems and decentralized service delivery, the sector’s risk profile has expanded significantly.

Read Post

UpGuard

Read more about What is Financial Services Cybersecurity? Threats and Defenses

Multi-Cloud Identity Management: 10 Best Practices

May 18, 2026 By The Apono Team In Apono

The moment teams move from one cloud to two, identity governance starts to fracture. Roles don’t translate cleanly, and access reviews lag behind deployment velocity. Multi-cloud identity management is the practice of controlling who can access what across AWS, Azure, GCP, Kubernetes, SaaS tools, databases, and other cloud-connected systems.

Read Post

Apono

Read more about Multi-Cloud Identity Management: 10 Best Practices

May 18, 2026 Emerging Threats Weekly

May 18, 2026 By Kroll In Kroll

This week’s briefing covers: Dive deeper.

View Video

Kroll

Read more about May 18, 2026 Emerging Threats Weekly

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

May 18, 2026 By Liran Tal In Snyk

A supply chain attack affecting the @antv data visualization ecosystem and related npm packages is actively spreading through the npm registry. The attack, attributed to a threat group called TeamPCP and branded as another wave of the Mini Shai-Hulud campaign, published more than 300 malicious package versions across 323 packages in a 22-minute automated burst on May 19, 2026. The packages collectively represent approximately 16 million weekly downloads.

Read Post