Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Understanding shadow AI in your endpoint environment

Generative AI–and large language models in particular–reached mass consumer adoption beginning in late 2022 and early 2023, with ChatGPT reaching 100 million users faster than any consumer application in history. Since then, AI has advanced at a breakneck pace and now seems to be incorporated in every tool, app, and website–regardless of how useful it might actually be.

Axios npm package compromise: What happened, what matters, and how to respond

Attackers carried out a supply chain compromise by abusing a compromised npm maintainer account to publish malicious Axios versions (axios@1.14.1 and axios@0.30.4). These releases introduced an unexpected dependency, plain-crypto-js@4.2.1, which attempted platform-specific malware execution via an npm lifecycle script during installation on Windows, macOS, and Linux.
Featured Post

The UK's Cyber Action Plan marks the end of compliance-led security

The UK government's new £210 million Cyber Action Plan signals an important shift in how cyber risk is being addressed at a national level. Designed to strengthen cyber defences across government departments and the wider public sector, the plan establishes a new Cyber Unit and introduces stronger expectations around resilience, accountability and operational capability.

CVE202547813: Wing FTP Server vulnerability flagged by CISA

CVE-2025-47813 is an information disclosure vulnerability in Wing FTP Server that reveals the application's full installation path when attackers send an oversized UID cookie value. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog in March 2026, indicating active exploitation in the wild.

Why our AI world demands a remediation-first approach to exposure management

Editor's note: This guest article by Tanium Senior Sirector, Product Management, Julia Grunewald was originally published in SC Media Exposure management has emerged as a powerful alternative to traditional vulnerability management for good reason. A proactive, always‑on security discipline that continuously identifies an organization’s exposures and prioritizes them based on risk helps us know where to best focus our limited resources.