The Hackers Behind Shai-Hulud: Lucky or Skilled? – Dark Reading
TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it’s not necessarily due to skill alone. – Read More
May 2026
For Enterprises, Security Remains Agentic AI’s Biggest Challenge – Dark Reading
Every company needs an agentic AI strategy, but the tools to allow agentic AI frameworks be safely and securely adopted are just starting to appear. – Read More
Microsoft Issues Out-of-Band SharePoint Patch – Dark Reading
SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well. – Read More
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries – The Hacker News
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of…
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos – CSO Online
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD upkeep. Researchers at SafeDep observed the campaign, Megalodon, touching…
Pinsent Masons criticised by judge over junior lawyer’s AI blunder – Legal Cheek
Cited law that didn’t exist Pinsent Masons has been criticised by a High Court judge after AI-hallucinated legal authorities, produced during a junior lawyer’s research, were relied upon during insolvency…
Remembering Tim Wilson, Whose Legacy Lives on at Dark Reading – Dark Reading
The co-founder and former editor-in-chief passed away five years ago in November. As Dark Reading enters is third decade, we pause to celebrate and honor Wilson’s instrumental role in building…
Why car hire claims are surging in the UK – and what it means for accident victims in 2026 – Legal Futures
A courtesy car is a short-term loan vehicle usually provided by a repairer while your car is in the workshop. A credit hire vehicle is a like-for-like replacement supplied on…
New AI DDoS Attacks Are Smarter. Learn How to Fight Back in This Webinar – The Hacker News
Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using…
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions – The Hacker News
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be…
TrapDoor malware campaign puts developer workstations in CISO spotlight – CSO Online
A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files. Researchers at…
MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You – The Hacker News
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn’t log in without the…
BigHand and Ayora partner to bring AI-Powered intelligence to legal pricing and budgeting – Legal Futures
Strategic integration combines BigHand Matter Pricing & Budgeting with Ayora’s AI and data enrichment capabilities to help law firms improve pricing transparency, profitability and commercial decision-making. The post BigHand and…
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks – The Hacker News
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to…
Stop treating AI governance as a review layer. Make it release infrastructure – CSO Online
I’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: They all follow the same pattern. Build the product, then prove…