pnpm 11 Turns On Minimum Release Age by Default to Reduce npm Supply Chain Risk
The npm ecosystem has long been a target for supply chain attacks, where threat actors exploit the open nature of public package registries to push…
Month: May 2026
Platform Engineering: The Rise of a Disciplinary Rethink
For years, organizations have celebrated the developer as the engine of innovation. They have invested in faster laptops, refined IDEs (Integrated Development Environments), and sprawling…
Microsoft Edge Found Storing Saved Passwords in Cleartext Memory at Startup
A new security finding reveals that Microsoft Edge loads every saved password into its process memory as cleartext the moment the browser launches. Even more…
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
Ravie LakshmananMay 04, 2026Malware / Network Security The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in…
Defender yanks root certs as Windows updates blocks backups
Microsoft has had users wondering what it was trying to achieve this week, following an update to its Defender anti-malware tool for Windows that removed…
DigiCert Revokes Certificates After Support Portal Hack
DigiCert last week announced that certificates fraudulently obtained from its internal support portal after a cyberattack were revoked. The attack, the company said in a…
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 Pierluigi Paganini May 04, 2026 Attackers exploit a critical cPanel flaw to target government and…
Arxis implements APRA-aligned resilience framework for Credit Union SA
Arxis says it has implemented an APRA-aligned operational resilience framework for Credit Union SA, as mutuals and other smaller financial institutions face growing regulatory and…
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
What a review might mean Pre-release evaluation of AI models is not a new idea, but it remains poorly defined in the US policy context.…
Elastic Conversational Entity Analytics for threat hunting — Elastic Security Labs
Entity Analytics is a core security analytics capability that extends Elastic Security from event-centric to entity-centric investigation. By focusing on critical entities, such as users,…
Weaver E-cology critical bug exploited in attacks since March
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days…
New MicroStealer Malware Actively Attacking Telecom & Education Sectors
A new infostealer malware called MicroStealer has quietly entered the threat landscape and is already showing a worrying reach. First spotted in December 2025, the…