Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For a brief window, a widely used open source package in the AI ecosystem was compromised with credential-stealing malware. LiteLLM, a model gateway used to route requests to more than 100 LLM providers, has been downloaded millions of times per day. In that short window, the malicious versions were likely pulled tens of thousands of times before being caught.

A recently patched Google Chrome vulnerability is a signal security leaders cannot ignore. But it's only the beginning of a much larger story. In January 2026, a high-severity vulnerability was disclosed in Chrome's Gemini AI integration: CVE-2026-0628. The flaw allowed a malicious browser extension with only basic permissions to escalate privileges and gain access to a user's camera, microphone, local files, and the ability to screenshot any website, all without user consent. Google patched it quickly.

Walking the halls of Moscone Center last week, the energy was high, but the conversation had a notably different edge than last year. In 2025, everyone was asking, "What can AI do?" This year, "How can we trust it?" As the theme "The Power of Community" echoed across the keynotes, one thing became clear: a community is only as strong as its foundation. For network and cybersecurity professionals to truly operate as one, we must move beyond fragmented data to a single, trusted source of truth.

Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence Amazon has integrated Sophos threat intelligence into Amazon GuardDuty, expanding the breadth and accuracy of malicious threat detection for customers running workloads on Amazon Web Services (AWS). Threat intelligence is a cornerstone of effective cyber defenses. The higher the quality of intelligence, the faster security teams can detect, investigate, and block malicious activities.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo John White is the Field CISO for EMEA at Torq. A respected security executive with more than 20 years of leadership experience, John previously served as CISO at Virgin Atlantic, where he led a multi-year transformation deploying the Torq AI SOC Platform to modernize cyber operations.

Effective January 1, 2026, Mexico’s Ley Aduanera (Customs Law) has dramatically increased documentation requirements for anyone importing or exporting through Mexico. If you move goods through Mexico, the increased documentation requirements can become a compliance risk if you’re not set up to both collect and verify the validity of documents.

Welcome to the team! New hires hear this phrase often during their first few weeks on the job. Onboarding new employees is essential as it sets the tone for company culture, expectations, and values. You use this time to teach new employees about their roles, workplace conduct, and benefits. But one critical value often gets left off the HR checklist: cybersecurity awareness. Protecting sensitive data is no longer just the IT department’s job.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Be careful of what you commit to version control.

Like the sands through the hourglass, so are the days of our SOC lives…. An alert surfaces, and while it doesn’t immediately signal a critical incident, it carries just enough ambiguity to require attention. An analyst opens the investigation, begins pulling in context, reviews authentication activity, pivots into endpoint data, and checks for any corresponding changes in the cloud environment.

Security teams are under pressure to demonstrate measurable progress against an increasingly complex cybersecurity landscape. Framework expectations evolve, insurance requirements tighten, and executive stakeholders demand defensible evidence that investments are improving risk posture. Yet most organizations still rely on static assessments — point-in‑-‑time documents that provide limited visibility and quickly lose relevance as environments change.