Open source is one of the best things to ever happen to software development. It is also one of the easiest ways to accidentally ship legal obligations you did not sign up for. Most teams know they rely heavily on open-source dependencies. Fewer teams know exactly what licenses those dependencies use, what obligations come with them, or how those licenses travel through transitive dependencies and container images. That gap is what we call open-source license risk.

With HaloSHARE’s automated MPIP encryption for CAD, PDF and MS Office files, Defense can improve production efficiency and file security. Here’s how. From protecting IP secrets to securing controlled unclassified information (CUI), Defense contractors can’t take any chances with digital security.

Traditional HIPAA response plans were built for the incidents everyone can picture, like a compromised server, ransomware in the network, or unauthorized access to a clinical database. But website PHI leaks are different altogether. Often, there’s no attacker and no break-in. The leak comes from authorized tracking pixels or third-party analytics scripts simply collecting and sending data as designed, but on pages where it should never touch patient information in the first place.

CVE-2026-23745 is a high-severity path traversal flaw in node-tar (the tar library for Node.js). Versions ≤7.5.2 fail to sanitize linkpath in hardlink and symlink entries when preservePaths is false (default secure mode). Malicious tar archives bypass extraction root restrictions, enabling arbitrary file overwrite via hardlinks and symlink poisoning via absolute targets. Discovered January 2026, patched in 7.5.3. Impacts npm ecosystems, CI/CD pipelines, and apps extracting untrusted archives.

We are surrounded by generative AI tools, cloud-based solutions, and AI assistants that often perform functions for us. We tend to share data with them for smoother operations and to automate our work for enhanced productivity. The non-human tools are a playground for cybercriminals to access the data and damage critical infrastructures. So, it is paramount for us, especially organizations, to protect the shared information, along with the access rights of the non-human entities.