Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

fidelis security

What is XDR (Extended Detection and Response) in Cybersecurity? A Quick Guide

May 3, 2026 By Fidelis Security In Fidelis Security
Extended Detection and Response (XDR) is a comprehensive security solution that integrates various security products and data into a simplified, unified system. XDR security combines prevention, detection, investigation, and response to provide a holistic cloud-based security approach.
Read Post
mend

PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

May 3, 2026 By Tom Abai In Mend
Mend’s security research team has identified a previously undocumented fifth wave of the PhantomRaven campaign, an ongoing NPM supply chain attack that has been stealing developer credentials and secrets since August 2025. This new wave uses a fresh command-and-control server, 33 new malicious packages, and a more sophisticated three-stage payload chain.
Read Post
cycognito

Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF Injection

May 3, 2026 By Igal Zeifman In CyCognito
CVE-2026-41940 is a pre-authentication remote authentication bypass in cPanel and WHM caused by a CRLF (Carriage Return Line Feed) injection in the login and session handling logic. An unauthenticated remote attacker can inject raw \r\n characters into a malicious basic authorization header, which cpsrvd then writes into a session file without sanitization.
Read Post

Treat AI Like an Employee #ai #aisecurity

May 1, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

AI Sales Avatar Hijacked by Prompt Injection on Livestream #promptinjection #hacked #hacker

May 1, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
cato networks

Cato Joins OpenAI's Trusted Access for Cyber (TAC) to Advance AI-Driven Defense

May 1, 2026 By Elad Menahem In Cato Networks
Over a decade ago, Cato Networks helped shift cybersecurity to a new frontier: a converged, cloud-native platform that combines security and networking. As a long-time security researcher, the Cato platform was a radical change, providing researchers with the rich context and end-to-end visibility we needed to identify threats faster and deliver accurate protections.
Read Post
indusface

CVE-2026-42208: Pre-Authentication SQL Injection in LiteLLM Exposes API Credentials

May 1, 2026 By Deepak Kumar Choudhary In Indusface
A critical vulnerability in LiteLLM is turning AI infrastructure into an open vault; no login required. Tracked as CVE-2026-42208, this vulnerability allows attackers to extract API keys, cloud credentials, and provider authentication tokens without any credentials or prior access to the system. The root cause is fundamental lapse in input handling. LiteLLM’s API key validation blindly injects the Bearer token from the Authorization header into a SQL query without sanitization.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.