Sensitive data has become the target, the signal, and the source of risk in nearly every modern security program. Source code, customer records, intellectual property, credentials, and regulated data now move continuously across endpoints, cloud apps, SaaS platforms, browsers, collaboration tools, and GenAI applications. That movement is not inherently bad. It is how modern work gets done.

Most attacks do not start with malware. They mostly start with access. Attackers find new ways to steal credentials, which they then use to gain unauthorized access. They also use legitimate tools to gain access to systems without triggering alerts. To repeat their actions across environments, they make use of automation. Modern attacks, such as phishing, ransomware, zero-day exploits, and insider threats, target both systems and users.

For most of the last decade, the central question in bot management was a binary one: is this traffic malicious? If yes, block it. If no, let it through. That question was the right one to ask when the problem was DDoS traffic, credential stuffing, and inventory-hoarding scalpers. It is no longer the right question for a significant proportion of the non-human traffic now hitting enterprise digital platforms.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Are you on the fence with this too? Your hard disk may not be all safe and secure as you think… I think this counts as one of those WTF moments right?

On May 11, 2026, Mend Defender flagged more than 120 malicious packages newly published to RubyGems — the standard package manager for the Ruby ecosystem. Within 24 hours, that initial cluster expanded into something far larger: tens of thousands of packages pushed by thousands of attacker-controlled accounts, forcing RubyGems to suspend new account registration entirely while the cleanup got underway.

Most data security posture management (DSPM) evaluations start with a deceptively simple question: where does our sensitive data live? There are many tools that answer that question. However, the number of tools that go further by tracking how data moves, enforcing controls when data leaves controlled environments, and closing the gap between visibility and action are far more limited.

SaaS-only platforms are betting everything on automation. But when the threat landscape demands judgement, data volume alone is not the answer. For years, a certain category of threat intelligence vendor has sold the same idea: feed your data into our platform, let the AI process it, and your security team will have everything they need. It is a compelling proposition, particularly for organisations under pressure to demonstrate coverage without expanding headcount.

CurrentWare v12.0.2 release focuses on a single shift: Turning passive visibility into decision-ready intelligence. From energy cost visibility to fair productivity measurement, from real-time behavioral alerts to cloud first deployment, this update helps IT, security, HR, and operations leaders act faster, with more confidence and less friction.