Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In May 2026, Arctic Wolf observed a cluster of malicious activity affecting endpoints managed by FortiClient Endpoint Management Server (EMS). The malicious payload was disguised as a fake Fortinet endpoint patch, but it was actually a credential stealer. We named this payload EKZ Infostealer, based on internal symbol names extracted from decrypted code.

Organizations pursuing CMMC Level 2 readiness are discovering that the hardest challenges sit not in the controls themselves, but in operationalizing them consistently across administrative access, identity enforcement, and audit visibility.

Most malware analysis workflows follow the same pattern: run a set of tools, manually review the output, build detection rules from memory, and repeat. It's reliable, but slow, and for MDR and MSSP teams handling volume, delays have a cost. In this workshop, LimaCharlie Senior Solutions Engineer Chris Botelho demonstrates a faster path: using Claude Code with LimaCharlie's reverse engineering environment to triage, analyze, and build detections against a real malware sample pulled from Malware Bazaar.

There's a new playbook in the supply chain threat landscape, where an someone builds something genuinely useful, growing a real user base. But all while stealing credentials. codexui-android is a remote web UI for OpenAI Codex. Real GitHub repo. Active development. Polished enough to get 27.000 weekly downloads. And for the past month, every single invocation has been quietly exfiltrating your Codex authentication tokens to an attacker-controlled server.

Imagine this: your security team has done everything right. All development teams are using a centrally managed artifact repository with scanning in place. Your engineering organization has clear policies about where packages can come from. You feel good about your software supply chain posture. Then an incident review surfaces something nobody planned for: a compromised npm package entered your environment.

AI inherits the access permissions that accumulated quietly in organizations for years. Frontier models eliminate the obscurity that once limited what attackers, and even employees, could reach. Sensitive data, stale service accounts, and unreviewed permissions now surface in seconds. Governing identity and access before connecting AI determines whether frontier models become a force multiplier or a compounding risk.

When Kuwait launched the WAMD real-time payment rail in 2024, the goal was clear: Enable banks and financial institutions to add speed, convenience and resilience to the country’s national payment infrastructure. Facilitated by the KNET Payment Gateway under the supervision of the Central Bank of Kuwait (CBK), the service has become such a key part of the country’s digital banking ecosystem that the CBK is making it crystal clear that real-time must also mean reliable.

As a fraud analyst at Persona, I have to balance working on fraud escalations for specific customers and keeping an eye on cross-customer (and cross-industry and cross-region) fraud trends. The work naturally overlaps, as one escalation can turn into a trend as fraud rings move on to new targets. And, getting ahead of large trends helps us stop escalations. I have a lot of tools at my disposal, but I want to discuss Graph, Persona’s real-time link analysis product.