GitHub Strengthens npm Security With Staged Publishing Protection
GitHub has introduced a major security enhancement to the npm ecosystem with the general availability of staged publishing and new install-time controls in npm CLI…
Month: May 2026
OpenHack: Open-source AI-powered vulnerability research
Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed…
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Ravie LakshmananMay 20, 2026Vulnerability / Encryption Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.…
From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Today we’re seeing AI agents approving expenses, routing support tickets, and optimising supply chains with minimal human oversight. They’re operating robots in warehouses and autonomous…
A Day in the Life of a Threat Analyst
As a UK member of the Threat Operations team, I have the immense pleasure of working with colleagues in the USA and Australia. When we…
Pentest Agent Suite – Autonomous Bug Bounty Framework for Claude Code and 6 AI Coding Tools
A fully autonomous bug-bounty framework called Pentest Agent Suite has been open-sourced, delivering 50 specialized security agents, 26 slash commands, 19 CLI tools, and a…
Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches
A threat actor is advertising what they describe as a massive database containing information linked to hundreds of millions of OnlyFans users, including creators and…
Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what…
CBA’s DevOps agent is helping on-call engineers on 2am wake-up duty
The Commonwealth Bank is having an AWS ‘frontier’ AI agent work simultaneously alongside its engineers who are on on-call support rotation with the express aim…
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog Pierluigi Paganini May 24, 2026 The U.S. Cybersecurity and Infrastructure Security…
How Huntress Can Complement—Not Complicate—Your Security Stack
There’s a common misconception in cybersecurity that more = better. Many businesses often flock to buy additional tools or add on more layers in hopes…
Agent AI is Coming. Are You Ready?
The Hacker NewsMay 20, 2026Identity Security / Enterprise Security New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results…