SecurityTicks - Security Ticks

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages 2026-05-12 at 17:34 By TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. […]

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages Read More »

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP, Vulnerabilities, vulnerability / SecurityTicks

SAP Patches Critical S/4HANA, Commerce Vulnerabilities 2026-05-12 at 15:18 By Ionut Arghire The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution. The post SAP Patches Critical S/4HANA, Commerce Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SAP Patches Critical S/4HANA, Commerce Vulnerabilities Read More »

5 Ways To Keep AI In Check

Uncategorized / SecurityTicks

5 Ways To Keep AI In Check 2026-05-12 at 15:02 By Prateek Temkar How to protect productivity without slowing down innovation This article is an excerpt from SECURITY.COM View Original Source

5 Ways To Keep AI In Check Read More »

Citrix moves secure access to a flexible, credit-based consumption model

Citrix, Industry news / SecurityTicks

Citrix moves secure access to a flexible, credit-based consumption model 2026-05-12 at 15:02 By Industry News Citrix has introduced Citrix Platform Flex, a secure access platform that combines software, management, and infrastructure to deliver managed desktops, enterprise browsing, and zero-trust access in a single offering. Built around workforce personas, Platform Flex replaces one-size-fits-all licensing with

Citrix moves secure access to a flexible, credit-based consumption model Read More »

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

CVE, News, open source, software, vulnerability / SecurityTicks

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root 2026-05-12 at 14:18 By Sinisa Markovic Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root Read More »

Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?

AI, Incident Response, security operations, SOC / SecurityTicks

Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? 2026-05-12 at 14:18 By Danelle Au Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. The post Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? appeared first on SecurityWeek. This article is an

Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Read More »

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means

AI, Artificial Intelligence, Curl, debate, Vulnerabilities, vulnerability / SecurityTicks

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means 2026-05-12 at 14:18 By Eduard Kovacs Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security. The post Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means Read More »

Why Agentic AI Is Security’s Next Blind Spot

Uncategorized / SecurityTicks

Why Agentic AI Is Security’s Next Blind Spot 2026-05-12 at 14:18 By Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy:

Why Agentic AI Is Security’s Next Blind Spot Read More »

Škoda confirms unauthorized access to its online shop

car, data breach, Data Protection, News, online shopping, Privacy / SecurityTicks

Škoda confirms unauthorized access to its online shop 2026-05-12 at 13:49 By Anamarija Pogorelec Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed the

Škoda confirms unauthorized access to its online shop Read More »

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign

Uncategorized / SecurityTicks

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign 2026-05-12 at 13:20 By Threat Hunter Team Iran-linked threat actor abused signed Fortemedia and SentinelOne binaries for DLL sideloading and exfiltrated data through a public file-transfer service. This article is an excerpt from SECURITY.COM View Original Source

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign Read More »

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Featured, Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP / SecurityTicks

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack 2026-05-12 at 13:20 By Ionut Arghire Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack Read More »

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Uncategorized / SecurityTicks

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages 2026-05-12 at 11:54 By TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages Read More »

OpenAI’s Daybreak uses Codex Security to identify risky attack paths

AI, cybersecurity, News, OpenAI, resilience, software development, threat modeling / SecurityTicks

OpenAI’s Daybreak uses Codex Security to identify risky attack paths 2026-05-12 at 11:38 By Anamarija Pogorelec OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prioritize software vulnerabilities.

OpenAI’s Daybreak uses Codex Security to identify risky attack paths Read More »

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

Uncategorized / SecurityTicks

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation 2026-05-12 at 10:41 By OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. “Daybreak combines the intelligence

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation Read More »

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Uncategorized / SecurityTicks

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak 2026-05-12 at 10:41 By American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak Read More »

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Cyber Threats, Trend Micro Research : Research / SecurityTicks

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America 2026-05-12 at 09:28 By TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America Read More »

HEIDI: Free IDE security plugin for open-source vulnerability checks

Connecting Software, DevSecOps, Don't miss, LLMs, News, programming, software, software development, supply chain / SecurityTicks

HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a

HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »

The hidden smart fridge risks that emerge years after purchase

Bosch, data collection, Don't miss, Endpoint Security, Features, hardware, Hot stuff, Internet of Things, LG, News, Privacy, research, Samsung / SecurityTicks

The hidden smart fridge risks that emerge years after purchase 2026-05-12 at 09:28 By Mirko Zorz Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide,

The hidden smart fridge risks that emerge years after purchase Read More »

Cybersecurity jobs available right now: May 12, 2026

cybersecurity jobs, News / SecurityTicks

Cybersecurity jobs available right now: May 12, 2026 2026-05-12 at 09:27 By Anamarija Pogorelec Application Security Engineer Total Quality Logistics | USA | On-site – View job details As an Application Security Engineer, you will design, implement, and maintain security controls across the software development lifecycle. You will work closely with engineering and product teams

Cybersecurity jobs available right now: May 12, 2026 Read More »

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Uncategorized / SecurityTicks

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android 2026-05-12 at 09:27 By Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative. To that end, E2EE

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android Read More »