SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterprise-grade e-commerce platform and the S/4HANA ERP suite. […]
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next.
The post Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? appeared first on SecurityWeek.
Why Agentic AI Is Security’s Next Blind Spot
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point.
The more urgent
The more urgent
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign.
The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek.
Instructure reaches ‘agreement’ with ShinyHunters to stop data leak
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. […]
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.
The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed to profile the execution
The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed to profile the execution
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities.
In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized actor involved in
In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized actor involved in
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues.
“Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across
“Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative.
To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.
To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.
GM agrees to $12.75M California settlement over sale of drivers’ data
California Attorney General Rob Bonta announced a proposed $12.75 million settlement agreement with General Motors (GM) over allegations that the company violated the California Consumer Privacy Act (CCPA). […]