Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages

Apr 29, 2026 By Stephen Thoemmes In Snyk
On April 29, 2026, attackers published malicious versions of four npm packages in the SAP development ecosystem: mbt, @cap-js/db-service, @cap-js/sqlite, and @cap-js/postgres. Each compromised release ships a preinstall hook that downloads the Bun JavaScript runtime from GitHub Releases and uses it to execute an ~11.6 MB obfuscated credential stealer.
Read Post
Snyk

Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)

Apr 29, 2026 By Brian Vermeer In Snyk
The Thymeleaf vulnerability with a CVSS score of 9.1 grabs your attention, as it should. But before you call the cavalry and claim this as the new Log4shell, read this first. CVE-2026-40478 is a server-side template injection vulnerability in Thymeleaf. Thymeleaf is a templating engine in Java that is used for server-side webpage rendering. The sandbox that normally prevents arbitrary code execution got bypassed using a tab character. And yes, this can lead to a remote code execution if exploited.
Read Post
Snyk

Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jira

Apr 29, 2026 By Jack Ryan In Snyk
Modern development teams are currently drowning in security debt, often trapped in a manual, fragmented cycle of "find and fix" that slows down innovation. Even when equipped with high-fidelity vulnerability data, traditional workflows require developers to constantly context-switch between Jira tickets and their codebases to manually implement and test patches.
Read Post
outpost 24

Stryker Hack: What We Know So Far

Apr 29, 2026 By Outpost24 Threat Intelligence Team In Outpost 24
On March 11, 2026, the Iranian hacktivist group Handala Hack Team claimed responsibility for compromising the American healthcare technology company Stryker. Public reporting suggests more than 200,000 systems were impacted and up to 50TB of data exfiltrated. While these figures remain unverified, the scale of operational disruption alone places this incident among the most significant enterprise cyber events of the year so far.
Read Post
aikido

Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer

Apr 29, 2026 By Raphael Silva In Aikido
A new npm supply-chain compromise is targeting the SAP developer ecosystem. The affected packages we are tracking so far are: The pattern is familiar but also a bit different: a trusted package receives a new preinstall hook, the hook runs a new setup.mjs file, and that loader downloads the Bun JavaScript runtime to execute a large obfuscated payload named execution.js. The payload is an 11.7 MB credential stealer and propagation framework.
Read Post
netwrix

A double win at the Cas d'Or 2026: what identity governance success looks like in the public sector

Apr 29, 2026 By Hannah King In Netwrix
A French channel partner recently won two top awards at the Cas d'Or 2026 for a public-sector identity governance project. The recognition covered Cyber Governance & Risk Management and the Public Sector category. Here's a look at what the win signals about identity governance in public organizations and how modern IGA platforms help tackle budget pressure, compliance demands, and complex user populations. Identity governance in the public sector rarely makes headlines.
Read Post
Kling Video 2.6 API: How to Build Automated Visual Simulation Workflows

Kling Video 2.6 API: How to Build Automated Visual Simulation Workflows

Apr 29, 2026 By SecuritySenses In SecuritySenses
The landscape of generative media has shifted from simple prompt-based experimentation to sophisticated, integrated production pipelines. With the release of Kling 2.6, the focus has moved toward "Native Audio-Visual Generation"-a breakthrough that allows developers to synchronize high-fidelity visuals with context-aware sound in a single automated step. For platforms focusing on digital senses and technical security, the Kling Video 2.6 API offers a robust framework for building simulations that were previously too resource-intensive to automate.
Read Post
How Cyber Resilience Supports Long-Term Security Goals

How Cyber Resilience Supports Long-Term Security Goals

Apr 29, 2026 By SecuritySenses In SecuritySenses
In recent years, cyber resilience has moved from being an option to a huge necessity. With organizations becoming a constant target for digital threats, the need for protection, prevention, and deterrence strategies has become more pertinent than ever. Resilience is about being prepared for disruptions, responding quickly, and recovering thoroughly. This makes it easy to secure information and builds faith in the long run.
Read Post
Top Tools Used to Bypass Cloudflare for Web Scraping: A Security Perspective

Top Tools Used to Bypass Cloudflare for Web Scraping: A Security Perspective

Apr 29, 2026 By SecuritySenses In SecuritySenses
Cloudflare protects more than 20% of all websites on the internet, according to W3Techs infrastructure data. Its layered security model combines IP reputation filtering, TLS fingerprinting, JavaScript challenges and behavioural analysis to block automated traffic before it reaches the origin server.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.