Falcon Cloud Security: Graph Explorer - Investigating Internet-Exposed Risk
Graph Explorer helps security teams connect the dots across cloud resources, understand attack paths, and prioritize what matters most - before it becomes a breach.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Episode 13 - Battle-Hardened Research: Navigating the Intersection of AI and Open Source
Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands.
Detecting Threats in Multi-Agent Orchestration Systems: LangChain, CrewAI, and AutoGPT
It’s Tuesday morning at a mid-size fintech. A customer-support workflow runs on CrewAI in production: a Triage agent reads tickets, a Records agent pulls customer history, a Remediation agent drafts and sends the reply. A user submits a ticket with a pasted error log containing an indirect prompt injection. Triage summarizes and delegates. Records, interpreting instructions embedded in the summary, pulls 2,400 customer records instead of one.
How Healthcare Platform Teams Should Secure AI Agents on Kubernetes
The surgeon is thirty-two minutes into a procedure. The ambient scribe pod listening to the operating room is mid-encounter — transcribing, retrieving prior chart context, drafting the operative note for post-op sign-off. At the same moment, your SOC gets an alert: anomalous tool invocation from that pod, elevated egress volume, behavioral deviation from the agent’s baseline.
AI Agent Security Framework on GKE: Implementation Guide
Your platform team spent a week configuring the Agent Sandbox CRD on a gVisor-enabled node pool — the architecture Google positions as the recommended pattern for AI agent workloads on GKE. Workload Identity Federation with KSA principals is bound to every agent pod. Container Threat Detection is licensed and active in Security Command Center Premium. And the runtime behavioral sensor you budgeted for won’t install.
When tokenmaxxing leads to riskmaxxing
Accelerating security solutions for small businesses Tagore offers strategic services to small businesses. A partnership that can scale Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.
The Butlerian Jihad: Compromised Bitwarden CLI Deploys npm Worm, Poisons AI Assistants, and Dumps GitHub Secrets
Part 1 covered CanisterWorm, the self-spreading npm worm. Part 2 covered the malicious LiteLLM package. Part 3 covered the telnyx WAV steganography attack. Part 4 covered the xinference AI inference attack. This post covers: a compromised @bitwarden/cli package that combines a self-propagating npm worm, a GitHub Actions secrets dumper, and a novel AI assistant poisoning technique.
Fingerprinting AI Attacks: Detection Every SOC Needs
Revisiting a conversation between LimaCharlie co-founder Christopher Luft and Chris Cochran, Field CISO & Vice President of AI Security at SANS Institute, on The Cybersecurity Defenders Podcast. For most of cybersecurity’s history, defenders could operate under a safe assumption: somewhere on the other end of an attack, a human was making decisions. Scripts might automate parts of the kill chain, tools might accelerate execution, but a person was in the loop.
From human-scale to AI-scale: Lessons in resilience from RSAC 2026
The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?" During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments.
No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.