Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The landscape of third-party cyber risk is undergoing a profound transformation, driven by an escalating threat environment, an expanding attack surface, AI, and a tidal wave of new global regulations. As organizations grapple with complex digital supply chains, regulators across the US and EMEA are stepping up oversight, making 2026 a pivotal year for compliance and risk management. This analysis explores the essential threat intelligence and regulatory shifts that demand immediate attention.

Every packet flowing through a Corelight sensor contains both security-relevant data and performance-relevant data. Until now, Corelight has focused exclusively on extracting security value from network traffic: connection logs, protocol analysis, and threat detections. But the same traffic that reveals lateral movement also reveals TCP latency. The same DNS queries that surface potential C2 channels also reveal resolution timing.

Corelight Sensor v29.1 and Fleet Manager v29.1.1 fundamentally expand what a Corelight Sensor delivers. The release turns existing network evidence into a shared source of truth for SecOps, NetOps, triage, and forensic investigation. Network performance monitoring and asset classification unlock new value from traffic you're already collecting.

As organizations expand across cloud platforms, SaaS applications, remote teams, and AI-driven systems, managing access becomes more challenging. Security teams must ensure users, applications, and automated workflows can access the resources they need without exposing sensitive data or critical systems. This is where the RBAC vs ABAC discussion becomes important.

An attacker republished more than 140 packages in the @mastra npm scope, each carrying a single malicious dependency, easy-day-js. The malicious versions were observed on 2026-06-17. easy-day-js is a typosquat of the dayjs date library: version 1.11.21 is the clean prior release with no install hook, while version 1.11.22 adds an obfuscated postinstall dropper.

Kroll identified a cross-platform malware framework, dubbed GARUDA C2, that uses public code-hosting platforms like GitHub for staging, redundancy and command distribution across Windows, macOS and Linux. Analysis links the campaign to an India-based operator supported by Hindi-language development artifacts, build logs, infrastructure indicators and evidence suggesting use of a locally hosted large language model (LLM) to accelerate malware development.

For connecting physical servers and computers to a network, you need physical network adapters, switches, and routers. With virtual machines, virtual network concepts are used for communication between the different components of an infrastructure. The proper configuration of ESXi networking on a host is critically important to the configuration of any ESXi environment. Generally, ESXi host networks include storage, vMotion, VM, and management networks.

On June 17th we detected a large-scale supply chain attack targeting the entire @mastra npm scope, a popular open-source AI agent framework. An attacker republished 141 packages in a burst between 01:15 and 02:00 UTC, silently injecting a malicious dependency into every one of them. The affected packages include @mastra/core, which has 918K weekly npm downloads, as well as mastra and create-mastra.