Articles & News

On June 17, 2026, attackers republished 13 @mastra npm packages with a malicious easy-day-js dropper that steals secrets. Get the IOCs, timeline, and first-hour runbook.

CVE-2026-9277 is a shell-quote command injection flaw in npm versions 1.1.0 through 1.8.3. See how the quote() bypass works, what to hunt, and the 1.8.4 fix.

PCI DSS 4.0 compliance Requirement 6.3.2 asks for more than an SBOM. See what runtime evidence QSAs actually want in 2026 audits.

Your cardholder data environment grew with every BaaS partner and embedded program. See how runtime evidence reconciles scope with reality.

A vendor security questionnaire response framework for fintech SaaS. Handle SIG, CAIQ, and runtime evidence requests in hours, not days.

DORA compliance asks banks to prove which ICT risks are material to operational resilience. See how runtime reachability answers Article 6 and 8.

Kodem uses EC2 snapshots to deliver SBOM analysis for AWS EC2 Linux VMs with less scan load, while the Linux sensor keeps continuous runtime monitoring.

Kodem automates vulnerability remediation with AI. Get validated, repository-grounded fixes and one click pull requests your security team can review.

The TanStack OpenAI supply chain attack delivered Mini Shai-Hulud through trusted npm publishing. Get the IOCs, affected packages, and first-hour runbook.

MA-S2 is Palantir's proposed software security standard. See how runtime vulnerability prioritization, attack paths, and automated remediation map to it.

New Kodem and Intezer research reveals how attackers steal LLM inference, from exposed Ollama servers and leaked API keys to live AI malware running in the wild.

TeamPCP backdoored the Checkmarx Jenkins AST plugin. Get the affected versions, IOCs, and the first-hour CI/CD supply chain runbook.

vm2 sandbox escape vulnerabilities now enable host-level RCE in AI agent frameworks. Get the affected CVEs, IOCs, and the first-hour response runbook.

CVE-2026-0300 is an actively exploited PAN-OS Captive Portal zero-day allowing unauthenticated root RCE. Get affected versions, IOCs, and response steps.

How Kodem’s agentic AI security pairs WAF with runtime security to defend vibe coded apps, supply chain worms, and ISO 42001 controls.

CVE-2026-31431, the Copy Fail Linux kernel LPE, lets authenticated users gain root. See affected kernels, exploit details, IOCs and patches.

Mini Shai-Hulud compromised PyTorch Lightning (2.6.2, 2.6.3) and intercom-client (7.0.4). Affected versions, IOCs and response runbook.

The Shai-Hulud worm targets SAP npm packages via preinstall scripts. See affected packages, IOCs, and detection guidance for this supply chain attack.

Bitwarden CLI version 2026.4.0 was compromised after attackers gained access to its release pipeline by hijacking a GitHub Actions workflow. This allowed them to publish a tampered package to npm that executed malicious code during installation. The compromise was part of a broader supply chain attack targeting CI/CD workflows and package distribution systems, with shared infrastructure and techniques observed across multiple incidents linked to Checkmarx tooling.

NIST’s April 15, 2026 update to NVD operations is easy to summarize and easy to underread. The headline change is familiar by now: NIST will continue listing all CVEs, but it will only immediately enrich a subset, prioritizing CISA KEV, software used within the federal government, and software covered by Executive Order 14028’s critical software definition.

The campaign tracked as CanisterSprawl is a supply chain intrusion in which malicious npm package versions execute at install time, harvest credentials from developer environments, exfiltrate that material to attacker-controlled infrastructure and then attempt to republish poisoned packages using stolen publisher tokens.

A zero-day vulnerability in Adobe Reader was actively exploited for several months through malicious PDF files. The campaign allowed attackers to steal sensitive data, fingerprint victims, deliver follow-on payloads and potentially achieve arbitrary code execution and full system compromise.

The adoption of large language models (LLMs) as coding assistants has accelerated rapidly. GitHub’s 2024 developer survey found that 97% of developers have used AI coding tools, with many organizations now relying heavily on these technologies for rapid prototyping, MVP development, and production releases [1]. This increased reliance on AI-generated code introduces non-trivial security risks.

A newly discovered supply-chain campaign introduced 36 malicious npm packages across multiple versions disguised as Strapi plugins, designed to target Redis and PostgreSQL instances accessible within runtime environments, including localhost, to extract credentials, execute commands and deploy persistent implants.

In March 2026, a widely trusted security tool was turned into an attack vector. Trivy, an open-source vulnerability scanner used across CI/CD pipelines, was compromised and used to exfiltrate sensitive credentials from build environments.

In the early hours of 31 March 2026, security researchers noticed something odd: two new releases of the ubiquitous axios HTTP client (versions 1.14.1 and 0.30.4) shipped with a dependency that had never appeared in the project before.

When your backlog has thousands of open findings, the question becomes: "What single action gives me the most risk reduction for the least effort?"

Runtime visibility for third-party container images and the missing context for ownership and remediation.

Enterprise AI governance is rapidly evolving from discovery to visibility. Organizations have begun identifying where AI exists and, more recently, illuminating how AI behaves at runtime. Nevertheless, true governance demands more than just visibility, it requires enforcement.

On March 20, 2026, researchers at Socket disclosed a supply chain attack involving a compromised npm publisher account used to distribute malicious versions across 29 packages. By March 21, the scope expanded, with 135 affected packages identified, now tracked as part of the CanisterWorm campaign.