Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mini Shai-Hulud: The Most Sophisticated NPM Supply Chain Attack of 2026

May 18, 2026 By Snyk In Snyk
On May 11, 2026, the TanStack namespace was hit by a "Mini Shai-Hulud" supply chain attack. Unlike typical attacks, this did not involve stolen credentials; instead, the threat group TeamPCP hijacked the legitimate GitHub Actions release pipeline. This video covers the technical details of the OIDC token extraction, the "Dead Man's Switch" that triggers a rm -rf / upon credential revocation, and the mandatory remediation order you must follow to save your data. We also discuss how to harden your workflow using release-age cooldowns and OIDC pinning.
View Video

Attackers Don't Care About Your CVSS Score

May 18, 2026 By CrowdStrike In CrowdStrike
No blind spots. No waiting. Just visibility that works. Customers using Falcon Exposure Management say it has changed how they view and prioritize risk. They’re getting instant clarity across cloud, endpoint, and identity — knowing exactly which exposures to address first. They’re cutting through noise, saving time, and acting faster with AI-powered context from ExPRT.AI. In this video, they share how Falcon Exposure Management delivers the full picture — and why they’ll never go back to legacy VM tools.
View Video

"Dirty Frag", Canvas ransomware, "Mini Shai-Hulud" malware & AI-developed zero-day exploit [324]

May 18, 2026 By LimaCharlie In LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
View Video
upguard

What is CVSS? A Complete Guide to Vulnerability Scoring

May 18, 2026 By Shane Moosa In UpGuard
The Common Vulnerability Scoring System (CVSS) remains the bedrock of risk communication for many mid-market organizations. Assigning numerical values to vulnerabilities enables a unified dialogue among security researchers, vendors, and IT teams, ensuring everyone speaks the same language when a new threat emerges. However, relying on a static score is no longer enough to defend a modern enterprise.
Read Post
komodo consulting

We Pentested a Complex API Application with AigentX AI Agent - Then Verified the Results with Source Code Review

May 18, 2026 By Komodo Research In Komodo Consulting
How AigentX found 24 real vulnerabilities, confirmed what wasn't exploitable, and discovered risks that code review alone could never catch.
Read Post
Snyk

Malicious node-ipc versions published to npm in suspected maintainer account compromise

May 15, 2026 By Brian Vermeer In Snyk
On May 14, 2026, multiple malicious versions of the popular npm package node-ipc were published to the npm registry. Current public reporting identifies node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1 as compromised versions containing an obfuscated credential-stealing payload. The malicious code was added to the CommonJS bundle, node-ipc.cjs, and is triggered when the package is loaded through require("node-ipc").
Read Post
one identity

Why Active Directory vulnerabilities demand more than patching

May 15, 2026 By Richard Lambert In One Identity
A newly disclosed privilege-escalation flaw in Microsoft Active Directory Domain Services (AD DS) is a timely reminder that identity infrastructure continues to be one of the most consequential attack surfaces in any enterprise. CVE-2026-25177, rated HIGH with a CVSS score of 8.8, allows an authenticated domain user to escalate their privileges over the network without any elevated starting point or user interaction.
Read Post
sentrium

Bleeding Ollama Out-of-Bounds Read Vulnerability (CVE-2026-7482)

May 14, 2026 By Tom Keech In Sentrium
A critical vulnerability (CVE-2026-7482), dubbed “Bleeding Llama”, has been disclosed in Ollama, a widely used open-source framework for running large language models (LLMs) locally. With a CVSS v3.1 score of 9.1, the issue is classified as Critical and affects versions prior to 0.17.1. The vulnerability exposes organisations using self-hosted AI infrastructure to significant information disclosure risks.
Read Post

UAE breach attempts, dupe ransomware, PAN-OS vulnerability & Microsoft's Phone Link attack [321]

May 13, 2026 By LimaCharlie In LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
View Video
cycognito

Emerging Threat: (CVE-2026-45185) Exim Remote Code Execution via BDAT over GnuTLS

May 13, 2026 By Igal Zeifman In CyCognito
CVE-2026-45185, nicknamed Dead.Letter, is a use-after-free vulnerability in the BDAT message body parsing path of Exim, the open-source Mail Transfer Agent that runs a large share of the internet's email servers. The flaw lives in the GnuTLS-backed TLS path, where Exim can free its internal transfer buffer during a TLS shutdown while the SMTP state machine still holds a reference to it.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.