Weekly Update 498
07 April 2026 This week, more time than I'd have liked to spend went on talking about the trials of...
have
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised...
What makes Non-Human Identities safe for companies
Have You Ever Considered How Securing Non-Human Identities Could Transform Your Organization? Non-Human Identities (NHIs) security is increasingly crucial...
The developer credential economy: Why exposure data is the new front line in the supply chain war
Recent supply chain attacks have highlighted an urgent need for organizations to shift from a reactive security posture to...
This month in security with Tony Anscombe – March 2026 edition
The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a...
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Ravie LakshmananMar 31, 2026Cloud Security / AI Security Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex...
Inventors of Quantum Cryptography Win Turing Award
Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased...
California to bar AI vendors that can’t prove bias safeguards
AI vendors selling to the California state government must prove they have safeguards against algorithmic bias, civil rights violations, and...
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Ravie LakshmananMar 30, 2026Malware / Network Security Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via...
Planning a spring break trip? Don’t fall for these 7 travel scams
Spring break scams are out to ruin your vacation, but they don’t have to. With a little awareness and...
AI threatens jobs that can be ‘unbundled’
There have been plenty of warnings about job losses due to AI, particularly in the world of IT and in...
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Ravie LakshmananMar 27, 2026Software Security / DevSecOps Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish...
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Ravie LakshmananMar 27, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if...
Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries
Image: Huntress More than 340 organizations across five countries have been caught in a sophisticated phishing campaign that weaponizes a...
![[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCypzkb6uvHuNx6LKknUqtvQFoqsr6aalztDeBKT1aaUASzfjZMZAZqExx1k0w5iKWl08lx3MxbM_FwWxAvBdZODEerioaMp8OHVvhSjC8VL3uAW9_NMniMl_niggBVhVMdDFu2324YyhW5TrK4fua1PXlrb0DweOULvNgi5mlQUZUct_dIX3OePrfqks/s1600/validate.jpg)
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
The Hacker NewsMar 26, 2026Security Testing / Security Automation Most teams have security tools in place. Alerts are firing, dashboards...
