Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The operational risk in threat intelligence is not missing a data source, it is misclassifying what that data means. This piece breaks down where the process fails, why threat actor attribution and dark web intelligence assessment require human analyst judgement, and how validated, attributed intelligence shortens breach lifecycles for CISOs and security teams.

On May 22, Brazil’s National Data Protection Agency (ANPD or Agência Nacional de Proteção de Dados) published new draft guidance on age assurance (aferição de idade) mechanisms. The guidance provides companies with their clearest picture yet of how to comply under the Digital ECA. Part of a broader rollout of Brazil’s Digital ECA framework, the guide emphasizes risk-based proportionality and privacy by design (privacidade desde a concepção).

Weekly cyberattacks now average 1,968 per week, up 18% year over year and 70% since 2023, while security teams still take an average of 277 days to identify and contain a breach, according to SentinelOne's cybersecurity statistics roundup. That combination changes the meaning of “real time” in security. It no longer means a dashboard that updates quickly. It means building detection and response so attackers don't get months of freedom between first access and containment.

Developer laptops are the most unmonitored credential store in your stack. GitGuardian's new Endpoint Protection finds every credential on every machine before infostealers do.

Your pipeline has an API testing stage. Your scanner runs on every build. A finding list comes back clean. And then something gets exploited in production that your pipeline ran past 47 times without flagging. Here's what happened: endpoint validation passed. Security didn't. They are not the same thing. Here's what that box doesn't capture: APIs don't fail in clean test environments.

CVE-2026-27577 is a code injection flaw in n8n, an open-source workflow automation platform, that lets an authenticated user with permission to create or modify workflows run system commands on the host through crafted workflow expressions. The vulnerability carries a CVSS base score of 9.4 (Critical). Exploitation requires authentication, but only the level of access needed to build or edit a workflow, which is a routine privilege for many users of the platform.

Over the past months, I’ve noticed a shift in customer conversations. Coverage, prioritization, emerging threats — those questions have given way to exposed MCP servers, unmanaged AI chatbots, and risks that don’t show up as CVEs. Mythos comes up in every other call. The calculus changed. AI now writes a quarter of production code, with twice as many vulnerabilities. The exploitation window collapsed from days to hours.

CERT-In just published a risk-based remediation framework that resets expectations for every organisation operating in India. The timelines are worth reading twice: Now consider one question: if a known exploited vulnerability appeared on your internet-facing application at 11pm tonight, what would your team do in the next 12 hours?

Oracle has disclosed CVE-2026-35273, a critical vulnerability in PeopleSoft Enterprise PeopleTools that has already been exploited by threat actors. The vulnerability allows unauthenticated attackers to remotely compromise vulnerable systems and potentially achieve remote code execution, putting exposed PeopleSoft environments at immediate risk. What makes this vulnerability especially concerning is that attackers exploited it as a zero-day before Oracle released a patch.

Small and medium businesses are increasingly exposed to email-based attacks that rely on compromised accounts and trusted communication patterns. In a typical business email compromise scenario, attackers gain access to an executive’s email account and monitor communication over time. This allows them to understand how financial requests are handled and when key individuals are unavailable. At the right moment, they send emails that appear legitimate.