%term

What Is the Shai Hulud npm Worm and How to Protect Against It

Jan 6, 2026 By The Apono Team In Apono

Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.

Read Post

Apono

Read more about What Is the Shai Hulud npm Worm and How to Protect Against It

The Need for Speed in Exposure Validation

Jan 6, 2026 By Marc Gaffan In IONIX

In cybersecurity, speed has always mattered, but never as much as it does today. Modern enterprises are operating in an era of constant digital acceleration. Cloud-first strategies, third-party integrations, and remote workforce enablement have massively expanded the digital footprint of nearly every organization. With that expansion has come an explosion in internet-facing assets, many of which sit outside the visibility and control of security teams.

Read Post

IONIX

Read more about The Need for Speed in Exposure Validation

5 Indicators That Standing Privileges Put You at Risk

Jan 6, 2026 By Gabriel Avner In Apono

In most organizations, standing privileges don’t show up all at once. They accumulate quietly. A role is added “temporarily.” A contractor needs broad access to finish a project. A service account gets oversized permissions because no one has time to fine-tune them. None of these choices seem harmful in the moment, but over time they build into a privilege surface that’s far too large and far too easy to misuse.

Read Post

Apono

Read more about 5 Indicators That Standing Privileges Put You at Risk

Secrets in the Machine: Preventing Sensitive Data Leaks Through LLM APIs

Jan 6, 2026 By GitGuardian In GitGuardian

In this webinar, we break down a simple but increasingly common problem: secrets leak wherever text flows, and modern LLM apps and agentic workflows are built to move text fast. We walk through concrete demos showing how API keys and passwords can surface through RAG-based assistants when secrets accidentally live in knowledge bases (tickets, docs, internal wikis). We also show why “just harden the system prompt” isn’t a reliable fix, and how output-only redaction can be bypassed (for example by simple formatting/encoding tricks). Most importantly, we explore real-world agent architectures.

View Video

GitGuardian

Read more about Secrets in the Machine: Preventing Sensitive Data Leaks Through LLM APIs

CMMC: From Ignored Compliance to Mandatory Enforcement

Jan 6, 2026 By Baan Alsinawi In CISO Global

Protecting sensitive data does require investment, and that mindset hasn’t been universal. Now, it isn’t an option. It’s time to move from debate to execution.

Read Post

CISO Global

Read more about CMMC: From Ignored Compliance to Mandatory Enforcement

AI-Enabled Cyber Intrusions: What Two Recent Incidents Reveal for Corporate Counsel

Jan 6, 2026 By Daniel Ilan et al. In LevelBlue

This article was authored by Daniel Ilan, Rahul Mukhi, Prudence Buckland, and Melissa Faragasso from Cleary Gottlieb, and Brian Lichter and Elijah Seymour from Stroz Friedberg, a LevelBlue company. Recent disclosures by Anthropic and OpenAI highlight a pivotal shift in the cyber threat landscape: AI is no longer merely a tool that aids attackers, in some cases, it has become the attacker itself.

Read Post

LevelBlue

Read more about AI-Enabled Cyber Intrusions: What Two Recent Incidents Reveal for Corporate Counsel

How Permit-All Mode Simplifies Troubleshooting Across Routing and Firewalls

Jan 6, 2026 By Forward Networks In Forward Networks

When application traffic fails to reach its destination, teams must determine whether the problem lies in routing, firewall rules, NAT behavior, or a combination of all three. In many environments, these components overlap in ways that make traditional troubleshooting slow and error-prone. Engineers often have to run repeated tests, stage changes, or temporarily disable rules to understand why a flow is being blocked.

Read Post

Forward Networks

Read more about How Permit-All Mode Simplifies Troubleshooting Across Routing and Firewalls

How MSPs can solve their Microsoft 365 productivity crisis with AI and automation

Jan 6, 2026 By Lee Pender In Acronis

Microsoft 365 is both powerful and challenging for managed service providers (MSPs). It's nearly ubiquitous at client sites, which means MSPs don't have to worry about managing multiple business suites. Unfortunately, protecting Microsoft 365 isn't easy. Microsoft's own level of protection is limited by design, and MSPs often have to cobble together a collection of unintegrated tools to keep Microsoft 365 data safe for clients. Technicians end up stretched thin as tickets pile up.

Read Post

Acronis

Read more about How MSPs can solve their Microsoft 365 productivity crisis with AI and automation

The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Jan 6, 2026 By Eric Schwake In Salt Security

In the race to deploy autonomous AI agents, organizations are inadvertently building on a foundation of shifting sand. While security teams have spent the last year focused on "Prompt Injection" and "Model Poisoning," a much older, more dangerous adversary has quietly become the primary attack vector for the agentic era: Broken Object Level Authorization (BOLA).

Read Post

Salt Security

Read more about The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Acronis Cyber Protect Local: Enabling OT resilience for manufacturers

Jan 6, 2026 By Lee Pender In Acronis

One thing is certain for manufacturers: Cyberattacks on your operations will succeed. Improving detection and prevention capabilities is critical, but at some point, your operational technology (OT) environment will face a significant incident. What matters most is how quickly you can recover and resume operations.

Read Post