Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 31, 2026, a threat actor used stolen maintainer credentials to compromise the widely used HTTP client library Axios Node Package Manager (npm) package and deploy platform-specific ZshBucket variants. CrowdStrike Counter Adversary Operations attributes this activity to STARDUST CHOLLIMA with moderate confidence based on the adversary’s deployment of updated variants of ZshBucket (malware uniquely attributed to STARDUST CHOLLIMA) and overlaps with known STARDUST CHOLLIMA infrastructure.

Microsoft has announced the retirement of the Windows UEFI CA 2011 certificate and the transition to the Windows UEFI CA 2023 certificate, with hard enforcement beginning in 2026. This update is part of Microsoft’s ongoing effort to preserve the integrity of the Windows Secure Boot trust chain and ensure continued delivery of boot-level security updates. For enterprise IT teams, this is not simply a certificate replacement.

Cloud migrations have a reputation for running over budget and behind schedule. That reputation isn’t entirely undeserved — migrations done without structure often do. But AWS has invested heavily in programs that give businesses a faster, cheaper path to the cloud, and most organizations don’t know they exist or how to access them. The AWS Accelerator Program is one of the more practical frameworks available for SMBs and mid-market companies planning a move to AWS.

Agentic AI workloads are shipping to production on Kubernetes faster than the standards to secure them. Many teams deploying autonomous, tool-calling agents as containerized microservices do so without a shared baseline for securing or monitoring those containers. The CNCF AI Technical Community Group recently published a comprehensive article on cloud-native agentic standards, marking the first attempt to define best practices for such deployments.

“AI-powered DAST” is everywhere. It signals progress, but assumes something fundamental was missing. It wasn’t. DAST struggled not from lack of intelligence, but from lack of depth. Most tools never reached inside authenticated, stateful, multi-step journeys where real logic, sensitive data, and critical vulnerabilities exist. That’s the part Appknox solved years ago. AI here is not a reset. It is an accelerator, applied to a system already operating where risk actually lives.

If the public sector had unlimited cybersecurity budgets and fully staffed SOCs, today’s threat landscape would look very different. But that’s not reality. Public sector organizations face chronic staffing shortages, constrained budgets and compensation structures that make it difficult to recruit and retain cybersecurity talent. Meanwhile, adversaries are accelerating their attacks. The result? Small teams carrying massive responsibility.

Public sector organizations are operating in a threat environment that is both relentless and increasingly personal. Federal agencies, state and local governments and educational institutions are prime targets for ransomware, phishing, business email compromise (BEC) and credential theft. Local governments alone account for an estimated 43% of ransomware victims in 2025. But the real shift isn’t just in volume. It’s in tactics. Attackers have stopped trying to break in.

Although Jira serves as the system of record for many DevOps and IT teams, retrieving secrets or approving requests for privileged information often occurs on other platforms. Teams may depend on external tools, email messages or Slack chats to manage credentials or elevation requests, leading to context switching, audit gaps and delays that increase operational risk.

What resonated most at RWC 2026? GitGuardian highlights key research on private key leaks, password managers, trusted execution environments, and secret sprawl.