Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A CISO’s job never ends, and, according to a recent LevelBlue survey, the issues they are dealing with on a daily basis are piling up, causing some disconnect in priorities and a misunderstanding of how to accomplish specific cybersecurity goals. To help answer some of the more pressing questions CISOs face and to gain a different perspective on the survey’s results, we sat down with LevelBlue’s Chief Security & Trust Officer, Kory Daniels.

Open source made software development faster. It also made software delivery more fragile. Most teams already understand that dependencies can contain vulnerabilities. Fewer teams fully internalize the other half of the problem: dependencies can also change underneath them. When versions are not pinned, code from outside your organization can enter your build, CI pipeline, or runtime environment without a deliberate engineering decision. Your repo may be unchanged. Your app may be unchanged.

Phorpiex, also known as Trik, is a resilient and long-running botnet with a history dating back to 2011. While it has grabbed some headlines, its sustained presence and adaptability make it a subject of ongoing concern for the cybersecurity community. Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform.

Source code for Claude Code, Anthropic’s developer facing CLI tool, was exposed through source maps included in a published npm package under Anthropic’s npm namespace. The exposure revealed approximately 500,000 lines of application code across roughly 1,900 files.

CVE-2026-20929, a vulnerability with a CVSS of 7.5 that was patched in the January 2026 Patch Tuesday update, enables attackers to exploit Kerberos authentication relay through DNS CNAME record abuse. This blog focuses on detecting one particularly impactful attack vector: relaying authentication to Active Directory Certificate Services (AD CS) to enroll certificates for user accounts, as detailed in recent research.

Identity management is the foundational process of governing every digital identity across your environment: who exists, what they access, and whether that access remains appropriate. Credential abuse is the leading initial attack vector in confirmed breaches. The discipline requires a clean source of truth, automated lifecycle workflows, and continuous governance that scales across hybrid and SaaS environments.

We are always on the lookout for different solutions to safeguard our digital assets and accounts from potential cybercriminals. One such solution is the Multi-Factor Authentication (MFA). This authentication solution adds an extra layer of security on top of credential-based login, making the accounts more secure. It comprises several key methods—OTP over SMS/email, security questions, biometric authentication, push notification, and more.

Cloud environments don’t follow the same rules traditional data centers did. Workloads spin up in seconds, containers live and die within a single request cycle, serverless functions execute without a persistent footprint, and infrastructure scales faster than any manual security process can track. The security problem this creates isn’t just about scale. It’s about visibility.

The JavaScript ecosystem experienced a significant supply chain incident on 31 March 2026 when two newly published Axios versions were found to contain a malicious dependency. Axios is one of the most widely used HTTP clients in both browser and Node.js environments, with weekly downloads ranging from 80 to over 100 million. The compromise impacted organisations across sectors that rely on the package for service integration and automation.