May, 2026 - Security Ticks

Novata uses AI to map risk across portfolios and supply chains

Novata uses AI to map risk across portfolios and supply chains 2026-05-20 at 14:21 By Industry News Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, […]

Novata uses AI to map risk across portfolios and supply chains Read More »

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP / SecurityTicks

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack 2026-05-20 at 14:21 By Ionut Arghire A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek. This article is an

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack Read More »

Caught Off Guard: Securing AI After It Hits Production

AI, Artificial Intelligence / SecurityTicks

Caught Off Guard: Securing AI After It Hits Production 2026-05-20 at 14:01 By Joshua Goldfarb As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. The post Caught Off Guard: Securing AI After It Hits Production appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Caught Off Guard: Securing AI After It Hits Production Read More »

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem

Uncategorized / SecurityTicks

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem 2026-05-20 at 14:01 By AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era

Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem Read More »

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

cybercriminals, data theft, Don't miss, GitHub, Hot stuff, News, open source, supply chain compromise / SecurityTicks

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension 2026-05-20 at 13:47 By Zeljka Zorz Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Read More »

Trust3 AI focuses on AI agent risks with MCP Security layer

Industry news / SecurityTicks

Trust3 AI focuses on AI agent risks with MCP Security layer 2026-05-20 at 13:47 By Industry News Trust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and

Trust3 AI focuses on AI agent risks with MCP Security layer Read More »

Real-World ICS Security Tales From the Trenches

Featured, ICS, ICS/OT, OT / SecurityTicks

Real-World ICS Security Tales From the Trenches 2026-05-20 at 13:18 By Eduard Kovacs SecurityWeek spoke with several ICS security experts and companies about their most memorable experiences in the field. The post Real-World ICS Security Tales From the Trenches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Real-World ICS Security Tales From the Trenches Read More »

FTC urged to investigate Roblox for allegedly exposing kids to sex predators, misleading public about safety

Uncategorized / SecurityTicks

FTC urged to investigate Roblox for allegedly exposing kids to sex predators, misleading public about safety 2026-05-20 at 13:04 By Thomas Barrabi Fairplay and the National Center for Online Sexual Exploitation (NCOSE) allege that Roblox’s voice and text chat features “are a source of substantial harm to children, facilitating predation and abuse by enabling adult

FTC urged to investigate Roblox for allegedly exposing kids to sex predators, misleading public about safety Read More »

Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals

Encryption Consulting, Industry news / SecurityTicks

Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals 2026-05-20 at 13:02 By Industry News Encryption Consulting has released CertSecure Manager v3.3, which automates zero-touch certificate renewal across all major enterprise server platforms and extends CA support to 11 providers, including Google Public CA and AWS. Certificate-related outages can cost enterprises millions in unplanned

Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals Read More »

Darwinium updates mobile SDKs to detect remote access scam activity

Darwinium, Industry news / SecurityTicks

Darwinium updates mobile SDKs to detect remote access scam activity 2026-05-20 at 13:02 By Industry News Darwinium has announced updates to its Android and iOS mobile SDKs. It enables banks, payment providers, and digital businesses to tackle the proliferation of remote access scams, including those that manipulate live sessions and account farming operations that run

Darwinium updates mobile SDKs to detect remote access scam activity Read More »

Virtual Event Today: Threat Detection & Incident Response Summit

Malware & Threats, threat detection, Threat Intelligence / SecurityTicks

Virtual Event Today: Threat Detection & Incident Response Summit 2026-05-20 at 13:02 By SecurityWeek News The speed and sophistication of cyberattacks have outpaced traditional defense methods. Please join us online today from 11AM -4PM ET for the Threat Detection & Incident Response Summit. Don’t miss this virtual event as we explore how to cut through alert

Virtual Event Today: Threat Detection & Incident Response Summit Read More »

GitHub Confirms Hack Impacting 3,800 Internal Repositories

Data Breaches, Featured, GitHub, TeamPCP / SecurityTicks

GitHub Confirms Hack Impacting 3,800 Internal Repositories 2026-05-20 at 13:02 By Ionut Arghire The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitHub Confirms Hack Impacting 3,800 Internal Repositories Read More »

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Uncategorized / SecurityTicks

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit 2026-05-20 at 13:02 By Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit Read More »

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

CVE, Don't miss, exploit, Hot stuff, Microsoft, News, PoC, vulnerability disclosure, Windows, Windows Server / SecurityTicks

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) 2026-05-20 at 11:49 By Zeljka Zorz Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Read More »

Communicating cyber risk in dollars boards understand

boardroom, CISO, communication, conferences, cyber resilience, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Span, strategy, tips / SecurityTicks

Communicating cyber risk in dollars boards understand 2026-05-20 at 09:34 By Mirko Zorz In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and

Communicating cyber risk in dollars boards understand Read More »

CVE Lite CLI: Open-source dependency vulnerability scanner

Don't miss, GitHub, News, open source, OWASP, scanner, software, software development, vulnerability assessment / SecurityTicks

CVE Lite CLI: Open-source dependency vulnerability scanner 2026-05-20 at 09:34 By Mirko Zorz Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours

CVE Lite CLI: Open-source dependency vulnerability scanner Read More »

When your AI assistant has the keys to production

agentic AI, AI, cybersecurity, Don't miss, LLMs, News, research, security operations / SecurityTicks

When your AI assistant has the keys to production 2026-05-20 at 09:34 By Sinisa Markovic Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediation or self-healing infrastructure.

When your AI assistant has the keys to production Read More »

7 hard truths security pros should know: 2026 DevOps Threats Report

authentication, Cloud, DevOps, DevSecOps, Don't miss, Expert analysis, Expert corner, GitProtect.io, News, threats / SecurityTicks

7 hard truths security pros should know: 2026 DevOps Threats Report 2026-05-20 at 09:34 By Help Net Security In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your

7 hard truths security pros should know: 2026 DevOps Threats Report Read More »

What happens when your identity provider becomes the kill chain

Atsign, authentication, cybersecurity, Don't miss, identity protection, News, OAuth, strategy, tips, Video / SecurityTicks

What happens when your identity provider becomes the kill chain 2026-05-20 at 09:34 By Help Net Security In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in

What happens when your identity provider becomes the kill chain Read More »

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Uncategorized / SecurityTicks

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack 2026-05-20 at 09:34 By Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack Read More »

May 2026