Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Laravel-Lang Composer tag-rewrite Supply Chain Attack

On 2026-05-22, an attacker rewrote every repository tag across four Composer packages in the Laravel-Lang ecosystem to point at malicious commits. The affected packages are laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses, and laravel-lang/actions. The rewrite took place on 2026-05-22 into the early hours of 2026-05-23. Every malicious commit makes the same two-file change: one entry added to composer.json, and one new file at src/helpersphp.

Deploying AI Agents to Production Kubernetes: A Security Checklist for Platform Teams

Your platform team already runs a production-readiness review on every workload that ships to Kubernetes. When the workload is an AI agent, the PRR doesn’t get thrown out — it gets a delta. Most of the items still apply; specific ones need extension when the workload is non-deterministic, calls tools dynamically, and exercises identity at runtime in ways the manifest didn’t predict.

How to Threat Model AI Agents in Kubernetes: A Practical Framework

Most threat modeling assumes the attacker has to break something. AI agents change that assumption. An attacker who controls a prompt can make the agent misbehave without breaking anything at all. The prompt can be a customer support ticket the agent reads, a document it retrieves, or a tool response it processes — any input the agent treats as context is an attack surface. On Kubernetes, that attack surface has physical form.

The Top 5 File Activity Monitoring Tools in 2026

In 2026, protecting sensitive data requires more than a firewall; it requires total visibility. As insider threats and AI-driven breaches grow more sophisticated, file activity monitoring tools have become essential for tracking how data is accessed, moved, and modified. Maintaining a secure environment now depends on turning every file interaction into actionable intelligence to ensure compliance and prevent data leaks.

More Than The Sum of its Parts: Combining EASM and Pentesting

In late April 2025, SAP released an emergency patch for a critical vulnerability in SAP NetWeaver, sending security teams across Europe scrambling to assess their exposure. The flaw, CVE-2025-31324, was rated critically severe, and the details that followed made clear why. Media reports quickly revealed the full scope. SAP NetWeaver Visual Composer allowed unauthenticated malicious file uploads through a specific HTTP API endpoint (/developmentserver/metadatauploader).

A Guide on How to Find Old Emails in Microsoft 365 (Office 365)

Microsoft Exchange and Outlook email services are among the most popular email applications in business environments. Sometimes, new users cannot find old emails in the Outlook client or Outlook web application after three or twelve months. One of the possible reasons may be improper synchronization settings in Outlook. Read this blog post to discover how you can find old emails and get Outlook emails back.

Back to the Fundamentals: Reflections from the IACIS BCFE Event in Orlando

In today’s cybersecurity landscape, speed is often treated as the ultimate objective. Organizations are racing to adopt AI-driven technologies, automate workflows, reduce response times, and deliver faster outcomes. Digital forensics is no exception. Forensic examiners increasingly rely on tools that automate large parts of the analysis process, helping reduce the time required for complex investigations. But this raises an important question: at what cost?

AI Alone Won't Stop the Breach: Why Email Security Needs Humans-on-the-Loop

2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds. The reality by the numbers: To close this window, your defense strategy must evolve into a two-step strategy of accuracy and automation.

How Agentic AI and Automation Are Changing Cybersecurity

There is no question that AI is changing cybersecurity in a massive way. In many respects, its impact is comparable to the rise of the internet. AI tools are helping organizations improve efficiency, automate repetitive tasks, and process data at a speed humans simply cannot match. Unfortunately, the same technology helping defenders is also being adopted by cybercriminals just as quickly. For cybersecurity professionals, keeping up with AI and agentic developments is no longer optional.

How to Prevent Credential Stuffing Attacks: Beyond MFA and Rate Limiting

Most organizations think MFA and rate limiting are enough to stop credential stuffing. They aren’t. Attackers have adapted, and the controls that worked five years ago are now routinely bypassed using residential proxy networks, low-and-slow automation, and real-time session token interception.