The Governance Gap: Why Policy Breaks Down at Scale
Join CyCognito’s CEO Rob N. Gurzeev and Commvault’s Ben Herzberg to uncover what enforcing data security at scale actually requires and how to close the gap between policy and ground truth.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages
On April 29, 2026, attackers published malicious versions of four npm packages in the SAP development ecosystem: mbt, @cap-js/db-service, @cap-js/sqlite, and @cap-js/postgres. Each compromised release ships a preinstall hook that downloads the Bun JavaScript runtime from GitHub Releases and uses it to execute an ~11.6 MB obfuscated credential stealer.
Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)
The Thymeleaf vulnerability with a CVSS score of 9.1 grabs your attention, as it should. But before you call the cavalry and claim this as the new Log4shell, read this first. CVE-2026-40478 is a server-side template injection vulnerability in Thymeleaf. Thymeleaf is a templating engine in Java that is used for server-side webpage rendering. The sandbox that normally prevents arbitrary code execution got bypassed using a tab character. And yes, this can lead to a remote code execution if exploited.
Bridging the Gap to Autonomous Fixes: Snyk and Atlassian Unveil Intelligent Remediation for Jira
Modern development teams are currently drowning in security debt, often trapped in a manual, fragmented cycle of "find and fix" that slows down innovation. Even when equipped with high-fidelity vulnerability data, traditional workflows require developers to constantly context-switch between Jira tickets and their codebases to manually implement and test patches.
Stryker Hack: What We Know So Far
On March 11, 2026, the Iranian hacktivist group Handala Hack Team claimed responsibility for compromising the American healthcare technology company Stryker. Public reporting suggests more than 200,000 systems were impacted and up to 50TB of data exfiltrated. While these figures remain unverified, the scale of operational disruption alone places this incident among the most significant enterprise cyber events of the year so far.
Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer
A new npm supply-chain compromise is targeting the SAP developer ecosystem. The affected packages we are tracking so far are: The pattern is familiar but also a bit different: a trusted package receives a new preinstall hook, the hook runs a new setup.mjs file, and that loader downloads the Bun JavaScript runtime to execute a large obfuscated payload named execution.js. The payload is an 11.7 MB credential stealer and propagation framework.
Phishing Attacks Target Executives via Microsoft Teams
A phishing campaign is targeting senior executives with social engineering attacks conducted over Microsoft Teams, according to researchers at ReliaQuest. The researchers believe former associates of the Black Basta criminal gang are running this operation.
A double win at the Cas d'Or 2026: what identity governance success looks like in the public sector
A French channel partner recently won two top awards at the Cas d'Or 2026 for a public-sector identity governance project. The recognition covered Cyber Governance & Risk Management and the Public Sector category. Here's a look at what the win signals about identity governance in public organizations and how modern IGA platforms help tackle budget pressure, compliance demands, and complex user populations. Identity governance in the public sector rarely makes headlines.
Kling Video 2.6 API: How to Build Automated Visual Simulation Workflows
The landscape of generative media has shifted from simple prompt-based experimentation to sophisticated, integrated production pipelines. With the release of Kling 2.6, the focus has moved toward "Native Audio-Visual Generation"-a breakthrough that allows developers to synchronize high-fidelity visuals with context-aware sound in a single automated step. For platforms focusing on digital senses and technical security, the Kling Video 2.6 API offers a robust framework for building simulations that were previously too resource-intensive to automate.
How Cyber Resilience Supports Long-Term Security Goals
In recent years, cyber resilience has moved from being an option to a huge necessity. With organizations becoming a constant target for digital threats, the need for protection, prevention, and deterrence strategies has become more pertinent than ever. Resilience is about being prepared for disruptions, responding quickly, and recovering thoroughly. This makes it easy to secure information and builds faith in the long run.