Update 1520 UTC, 30 April 2026: Two additional packages were trojanized today: NPM Package: intercom-client@7.0.5 PyPI package lightning@2.6.2 and 2.6.3 Both packages appear to contain…
Artificial Intelligence has officially crossed the chasm from experimental pilot to foundational cloud infrastructure. In just a few years, AI systems have moved from limited…
Amazon Web Services (AWS) is excited to release the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in machine-readable OSCAL format alongside…
AI-powered GitHub Actions from vendors like OpenAI, Anthropic, and Google are now running in thousands of public workflows. We set out to map the shared…
Wiz Red Agent, our AI-powered attacker, recently launched in Public Preview to all Wiz ASM Advanced customers, marking a major milestone in our mission to…
CVE-2026-31431 (dubbed “Copy Fail”) is an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access.…
AI-powered offensive security has made significant progress in finding flaws that would have seemed out of reach for automated testing just a year ago, and…
This is the first blog post in the Red Agent POV series, where we cover real-life examples of the Red Agent’s findings in production. In…
What we believe We’ve been thinking deeply about enterprise security. The operating model that served us for the past decade (collect telemetry, store it, query…
In our previous blog in this series, we walked you through a 90-day action plan to achieve complete visibility and start your path to Zero…
Microsoft 365 powers how many modern businesses collaborate, but it also connects deeply into the cloud environments that run those businesses. Today, we’re excited to…
Supply chain package compromises follow a familiar playbook: an attacker gains access to a maintainer account or build system, pushes a malicious update, and waits…
