Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An active supply chain attack has compromised 323 npm packages published under the atool npm maintainer account. The wave sweeps the entire @antv data-visualization organization alongside standalone libraries with wide independent adoption: echarts-for-react, timeago.js, size-sensor, and canvas-nest.js. With echarts-for-react pulling roughly 1.1 million weekly downloads, any project that auto-updates these packages is in scope.

Design system work follows a well-defined loop: read the ticket, check the Figma spec, find the right component primitives, apply the right tokens, write the Storybook stories, run the tests, open the PR. The steps are consistent enough that when we looked at our design system backlog, we didn't just see a list of tasks; we saw a set of instructions waiting to be executed.

Zero-Shot Learning is a podcast for AI builders, hosted by Nancy Wang, Chief Technology Officer at 1Password, and Dev Tagare, Senior Director and Head of Engineering for Gemini Enterprise & Business at Google. Together, they’ve built and scaled AI systems at the infrastructure and product layers and bring a builder's perspective to every conversation.

In a typical enterprise, non-human identities (NHIs) are thought to outnumber human users by at least 50:1. NHIs are various and include: It is estimated that the NHI: human ratio may have leapt to 144:1 as more AI agents were deployed over the last year. CISOs are already alive to the risks posed by orphaned accounts on their systems. They know that automated rotation is required to revoke privileges as soon as NHIs complete tasks.

Grid is LimaCharlie's agentic AI layer for security teams that want AI operations running across their existing stack right now. Security providers and SOCs need access to AI capabilities without waiting for a migration window, a contract renewal, or a vendor to ship the features they need. Every major security vendor is offering some version of AI. CrowdStrike has Charlotte AI. SentinelOne has Purple AI. Microsoft has Copilot for Security.

For MSPs, patching has evolved beyond a routine maintenance task into a core security service that directly impacts client protection, helping reduce risk, improve operational efficiency, and create scalable recurring revenue opportunities. Unpatched vulnerabilities remain one of the primary exposure vectors for organizations today.