Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Microsoft Defender Security Research Team and Microsoft Threat Intelligence documented a campaign in which Storm-2949 abused Microsoft Entra ID accounts to exfiltrate data from Microsoft 365 and Azure environments. The attack shows how cloud intrusions increasingly unfold through identity systems, administrative features, and legitimate platform capabilities rather than obvious malware or traditional endpoint compromise.

The security industry spent a good chunk of early 2026 debating whether Anthropic’s Mythos and OpenAI’s Daybreak are truly dangerous or just good marketing. It's a reasonable debate. But while we're having it, attackers are asking a different question: how do we use tools like this to move faster than defenders can respond?

Confluence is where teams keep operational knowledge: runbooks, architecture decisions, postmortems, HR policies, product specs, onboarding docs, and internal knowledge bases. Atlassian’s status pages show that disruption is not theoretical: on April 8, 2026, Atlassian reported search failures impacting multiple products, and on April 13, 2026, some users were unable to log in across Atlassian products.

Security and GRC teams have no shortage of risk mitigation activities. They are carrying more work than ever, yet many still lack confidence in the data and recommendations produced by all that manual effort. They are also operating in a risk environment that changes faster than their current operating model was designed to support. Unfortunately, the existence of risk activity does not mean actual risk has been reduced.

A malicious VS Code extension led to cloned private repositories, reportedly offered for sale on a criminal forum On May 19-20, 2026, GitHub confirmed a security incident affecting its own internal systems. A threat actor self-identifying as TeamPCP, also tracked as UNC6780, compromised an employee’s developer device by way of a malicious Visual Studio Code extension and used that foothold to clone roughly 3,800 of GitHub’s internal repositories.

Most teams can get OpenStack running, but keeping it running without burning out your engineers is the harder problem. Mirantis OpenStack packages upstream OpenStack with the validated builds, deployment tooling, and vendor support that platform teams need for stability. With Mirantis OpenStack for Kubernetes (MOSK), the architecture goes even further.

In an era where AI accelerates both innovation and adversarial capability, security leaders are confronting a difficult reality: traditional approaches to cyber defense are no longer sufficient. Cyberhaven’s Office of the CISO is responding with a forward-looking strategy designed not simply to keep pace with emerging threats, but to fundamentally redefine enterprise readiness in a post-Mythos world.

Sophos Firewall and Synchronized Security Synchronized Security is a unique capability you won’t get anywhere else. If you look at what’s required to properly secure a modern network, it breaks down into three pillars: hardening, protection, and detection and response. Or another way to look at it: being equal parts proactive and reactive - or what you need to do before, during, and after an attack.

Infostealers are among the most persistent and damaging strains of malware affecting individuals and organizations worldwide. These stealthy and malicious programs often go unnoticed, quietly infiltrating devices to steal sensitive data and relay it to cybercriminals. From session tokens and login credentials to financial information and browser-stored data, infostealers pose a grave risk to organizations.

Most organizations have an acceptable use policy for AI tools. Very few have controls that actually enforce it. The gap between what the policy says and what security teams can detect is where insider risk lives when it comes to large language model (LLM) usage.