Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend’s security research team has identified a previously undocumented fifth wave of the PhantomRaven campaign, an ongoing NPM supply chain attack that has been stealing developer credentials and secrets since August 2025. This new wave uses a fresh command-and-control server, 33 new malicious packages, and a more sophisticated three-stage payload chain.

CVE-2026-41940 is a pre-authentication remote authentication bypass in cPanel and WHM caused by a CRLF (Carriage Return Line Feed) injection in the login and session handling logic. An unauthenticated remote attacker can inject raw \r\n characters into a malicious basic authorization header, which cpsrvd then writes into a session file without sanitization.

Over a decade ago, Cato Networks helped shift cybersecurity to a new frontier: a converged, cloud-native platform that combines security and networking. As a long-time security researcher, the Cato platform was a radical change, providing researchers with the rich context and end-to-end visibility we needed to identify threats faster and deliver accurate protections.

A critical vulnerability in LiteLLM is turning AI infrastructure into an open vault; no login required. Tracked as CVE-2026-42208, this vulnerability allows attackers to extract API keys, cloud credentials, and provider authentication tokens without any credentials or prior access to the system. The root cause is fundamental lapse in input handling. LiteLLM’s API key validation blindly injects the Bearer token from the Authorization header into a SQL query without sanitization.

IT fulfillers typically juggle multiple systems to resolve a single incident: the ticket in ServiceNow, endpoint data in a separate console, and a knowledge base full of prior resolutions. The upcoming Moveworks integration with Tanium changes that. Real-time endpoint intelligence appears directly in the chat window where fulfillers already work, whether that is Slack, Microsoft Teams, or the ServiceNow web experience.

AI just became the world's most dangerous exploit writer. Here's why Sophos Endpoint is built to stop it. AI-generated zero-days are here. Sophos Endpoint was architected to stop exploits that have never been seen before — blocking the techniques every attack must use, at the moment of execution, with no signature, no cloud lookup, and no configuration required.

AI finds the vulnerabilities, but exploiting them is a different problem. How Sophos Endpoint defends in the AI era, and what the public record on Mythos shows. When Mozilla shipped Firefox 150 with fixes for 271 issues identified by Anthropic’s Mythos model, the headlines focused on the count. The detail that mattered was further down: Mozilla credited only three CVEs to the model. The remaining 268 were classified as defense-in-depth, hardening, or bugs in code paths that could not be exploited.

Organizations that operate servers across data centers, cloud accounts, and colocated environments face a problem that grows with each site they add: identity fragmentation. If an engineer needs access to infrastructure in ten locations, it's highly likely that the identity and access systems governing those locations exist in ten separate configurations. Each new site or cloud deployment also creates thousands of new credentials, adding new paths and additional attack vectors.

Regulatory compliance is one of the most operationally expensive obligations security and legal teams carry. GDPR, HIPAA, CCPA, PCI DSS, and CMMC all require organizations to demonstrate, on demand, that they know where regulated data lives, who can access it, and how it is protected. Most enterprises struggle to meet that standard because they are trying to answer a continuous question with a periodic process.

Every security vendor now claims artificial intelligence (AI) capabilities. Foundation models are becoming increasingly interchangeable, and the gap between what vendors promise and what programs actually deliver is widening. The question worth asking is not which vendor has the best model. It is: what is the model running on? The answer to that question determines whether a data security program hardens over time or requires constant manual maintenance.