Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Part 1 covered CanisterWorm. Part 2 covered the malicious LiteLLM package. Part 3 covered the Telnyx WAV steganography attack. This post covers the latest wave: three malicious versions of xinference on PyPI, carrying the same credential-stealing playbook and a plot twist. On April 22, 2026, Mend.io’s threat detection identified malicious versions of xinference on PyPI: 2.6.0, 2.6.1, and 2.6.2.

Many engineering teams treat zero trust as a simple MFA checkbox. They invest in advanced identity providers but still leave environments exposed, with permanent admin roles and manual ticket queues that frustrate developers. Most teams have adopted the language of zero trust without changing how access actually works. They verify identity at login, then leave broad permissions in place long after the task is done.

Organizations across the Asia-Pacific region are accelerating adoption of open infrastructure, Kubernetes, and modern virtualization platforms. As these environments grow, protecting applications and data becomes a core operational requirement. The strategic partnership between Trilio and Bigstack to deliver integrated cloud-native data protection and migration capabilities for enterprises deploying modern private and hybrid cloud environments.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo The AI SOC is cybersecurity’s fastest-growing category, and for very good reason. Machine-speed threats demand machine-speed responses, and the $82.45 billion market forming around this reality reflects just how urgent that need has become. The Torq AI SOC Platform delivers agentic insights and the ability to streamline action across the full security stack.

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

This year's Devner OWASP event showed why modern AppSec depends on secure defaults, stronger provenance, and security controls that appear where developers make decisions.

Critical infrastructure systems, such as power plants, water treatment plants, transportation networks, and factories, depend on operational technology (OT) to work. OT systems are designed to manage physical devices and processes, while traditional IT systems primarily focus on protecting data and information. Because of this difference, OT security is complex, especially as OT networks are increasingly linked to IT networks, making them more vulnerable to cyber threats.

When it comes to online safety, performance, and privacy, one size does not fit all. This is where Avast One Silver comes in.