Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’ve established the new forensic reality: a massive 72.9% inventory gap exists between the vendors you monitor and those invisible to your security. We have seen the shortcomings of SSO and its inability to holistically monitor all the vendor applications your users engage with, along with a Shadow AI explosion that is compounding both issues. The era of procurement-only discovery is over. To secure the modern cyber workforce, we must pivot from "buying-based" to usage-based discovery.

Researchers recently analyzed 18,000 Claude Code configuration files pulled from public GitHub repositories. What they found was straightforward and alarming: developers are already installing mistyped, misconfigured, and near-identical MCP server names — often without realizing it. The human-error condition that makes typosquatting work was already present at scale before any attacker needed to exploit it.

Somewhere in your environment right now, an AI agent is reading files, querying a database, and passing output through a channel your DLP has never seen. It's running under a legitimate user credential, inside a sanctioned tool, and it will not trigger a single alert. When it's done, there will be no record of what it accessed or where that data went. This is not an edge case. It is the default state of most enterprise environments in 2026.

In the modern digital world, API’s are no longer just “connectors” – they are the real security product. Whether you are a Fintech processing payments, a SaaS platform managing multi-tenant data, or an E-Commerce giant handling the bulk of sales, your API’s are the foundation of your customer registration, checkout experiences, and partner ecosystems. However, that transition has made API’s the fastest-growing attack surface in history.

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

On April 29, 2026, attackers published malicious versions of four npm packages in the SAP development ecosystem: mbt, @cap-js/db-service, @cap-js/sqlite, and @cap-js/postgres. Each compromised release ships a preinstall hook that downloads the Bun JavaScript runtime from GitHub Releases and uses it to execute an ~11.6 MB obfuscated credential stealer.

The Thymeleaf vulnerability with a CVSS score of 9.1 grabs your attention, as it should. But before you call the cavalry and claim this as the new Log4shell, read this first. CVE-2026-40478 is a server-side template injection vulnerability in Thymeleaf. Thymeleaf is a templating engine in Java that is used for server-side webpage rendering. The sandbox that normally prevents arbitrary code execution got bypassed using a tab character. And yes, this can lead to a remote code execution if exploited.

Modern development teams are currently drowning in security debt, often trapped in a manual, fragmented cycle of "find and fix" that slows down innovation. Even when equipped with high-fidelity vulnerability data, traditional workflows require developers to constantly context-switch between Jira tickets and their codebases to manually implement and test patches.

On March 11, 2026, the Iranian hacktivist group Handala Hack Team claimed responsibility for compromising the American healthcare technology company Stryker. Public reporting suggests more than 200,000 systems were impacted and up to 50TB of data exfiltrated. While these figures remain unverified, the scale of operational disruption alone places this incident among the most significant enterprise cyber events of the year so far.

A new npm supply-chain compromise is targeting the SAP developer ecosystem. The affected packages we are tracking so far are: The pattern is familiar but also a bit different: a trusted package receives a new preinstall hook, the hook runs a new setup.mjs file, and that loader downloads the Bun JavaScript runtime to execute a large obfuscated payload named execution.js. The payload is an 11.7 MB credential stealer and propagation framework.