7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP's Node.js packages — and it's still active. Here's what GitGuardian found.

A French channel partner recently won two top awards at the Cas d'Or 2026 for a public-sector identity governance project. The recognition covered Cyber Governance & Risk Management and the Public Sector category. Here's a look at what the win signals about identity governance in public organizations and how modern IGA platforms help tackle budget pressure, compliance demands, and complex user populations. Identity governance in the public sector rarely makes headlines.

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

This post covers a supply chain attack introducing a capability not seen before: using an AI coding assistant’s own GitHub access to commit malicious code to a corporate repository.

In the modern digital world, API’s are no longer just “connectors” – they are the real security product. Whether you are a Fintech processing payments, a SaaS platform managing multi-tenant data, or an E-Commerce giant handling the bulk of sales, your API’s are the foundation of your customer registration, checkout experiences, and partner ecosystems. However, that transition has made API’s the fastest-growing attack surface in history.

In the fast-moving world of software supply chains, the discovery of a malicious version of a popular library often triggers a state of emergency. Traditional security tools take a reactive approach: they scan, they find a match, and they fail the build. But what happens if the malicious version was merged before it was flagged? What if it’s already running in your production containers? Or what if it’s being pulled dynamically across hundreds of different pipelines?

Why do access control challenges exist, despite most companies following it? The gaps could be due to inconsistent permissions, accumulation of accesses, or poor management of user lifecycles. Access control is about governance. It answers two questions: “Who are you?” and “What are you allowed to do?” To add on, in today’s multi-cloud hybrid reality, governance is hard to handle. This isn’t another theoretical deep dive.

A phishing campaign is targeting senior executives with social engineering attacks conducted over Microsoft Teams, according to researchers at ReliaQuest. The researchers believe former associates of the Black Basta criminal gang are running this operation.