Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How Aurora Vulnerability Management Provides Asset Visibility, Risk Prioritization, and Remediation

May 23, 2026 By Arctic Wolf Networks In Arctic Wolf
In this demo, we will see how Aurora Vulnerability Management helps organizations discover and categorize assets, prioritize risks, and take action to remediate and patch vulnerabilities.
View Video

Running the Inverted Offensive Campaign with Adam Karcher

May 23, 2026 By Rubrik In Rubrik
- What happens when the adversary’s dwell time is measured in years, but your defense is measured in tickets? Adam Karcher, FBI Supervisory Special Agent, Cyber Division, and a member of the Bureau’s AI Working Group, joins the show to break down the "convergent evolution" of modern cyber threats. Karcher explains why defenders are often stuck in a cleanup cycle, while threat actors operate in a sophisticated, compartmentalized ecosystem that requires a fundamental shift in defensive strategy.
View Video
armo

How to Threat Model AI Agents in Kubernetes: A Practical Framework

May 23, 2026 By Yossi Ben Naim In ARMO
Most threat modeling assumes the attacker has to break something. AI agents change that assumption. An attacker who controls a prompt can make the agent misbehave without breaking anything at all. The prompt can be a customer support ticket the agent reads, a document it retrieves, or a tool response it processes — any input the agent treats as context is an attack surface. On Kubernetes, that attack surface has physical form.
Read Post
armo

Deploying AI Agents to Production Kubernetes: A Security Checklist for Platform Teams

May 23, 2026 By Ben Hirschberg In ARMO
Your platform team already runs a production-readiness review on every workload that ships to Kubernetes. When the workload is an AI agent, the PRR doesn’t get thrown out — it gets a delta. Most of the items still apply; specific ones need extension when the workload is non-deterministic, calls tools dynamically, and exercises identity at runtime in ways the manifest didn’t predict.
Read Post
mend

Laravel-Lang Composer tag-rewrite Supply Chain Attack

May 23, 2026 By Alina Podoba In Mend
On 2026-05-22, an attacker rewrote every repository tag across four Composer packages in the Laravel-Lang ecosystem to point at malicious commits. The affected packages are laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses, and laravel-lang/actions. The rewrite took place on 2026-05-22 into the early hours of 2026-05-23. Every malicious commit makes the same two-file change: one entry added to composer.json, and one new file at src/helpersphp.
Read Post
aikido

Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer

May 23, 2026 By Ilyas Makari In Aikido
On May 22, 2026, we detected an active supply chain attack against Laravel-Lang. We filed a report with the maintainers immediately. The attacker published malicious version tags across three widely used repositories, injecting credential-stealing code that loads automatically via composer’s autoloader feature. What makes this particularly sneaky is that the malicious code was never committed to the official repos at all.
Read Post
ignyte Team

CMMC Affirming Official: FCA Liability Explained

May 22, 2026 By Dan Page In Ignyte
CMMC is one of the most modern cybersecurity frameworks out there, and while it’s limited to just the Department of Defense contractor chain, it’s still very important to know about it if you’re part of that ecosystem. After all, over 300,000 organizations are part of the defense ecosystem and DIB. The point of CMMC is simple: securing controlled unclassified information and federal contract information from top to bottom in the defense supply chain. The details are not so simple.
Read Post
acronis

GenAI security management: Governing apps, agents and MCP servers through central policy

May 22, 2026 By Acronis In Acronis
Author: Alexander Ivanyuk, Senior Director, Technology Generative AI in business is no longer just one chatbot in one browser tab. In many environments, it is already a mix of web-based AI apps, built-in assistants inside larger platforms, internal agents created for specific workflows and model context protocol (MCP)-connected tools that let AI reach documents, services and business systems beyond the model itself. That changes the conversation completely.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.