Security Bulletin

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

Palo Alto researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management.

In a conversation with Dark Reading’s Terry Sweeney, DigiCert CEO Amit Sinha explains how AI-driven identities and quantum threats are reshaping the foundations of digital trust.

Neoclouds are losing high-margin inference revenue. Learn why a unified network fabric is the key to capturing the full AI lifecycle.

Telefónica’s acens is setting the standard for cloud-native service delivery, becoming the first in the group to deploy Isovalent Enterprise for Cilium to power a secure, scalable, and cloud-independent Kubernetes platform.

Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations.

Want to get an insider look at a Cisco campus? Come on a tour of the Cisco Bangalore offices with Technical Intern Sai S.

Last week, DJ wrote about why OpenClaw – the agent he uses to help run his family’ life needs a governance layer. He pointed to ClawHavoc, 135K exposed instances, and the growing gap between how powerful OpenClaw is and how little anyone was doing...

The massive amount of junk code that hides the malware's logic from security scans was almost certainly generated by AI, researchers say.

In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace.