CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
SecurityWeek

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors have started exploiting CVE-2026-21643, a critical vulnerability in Fortinet FortiClient EMS leading to remote ...
NetEye Blog

Rethinking Authentication and Authorization in a Multi-Component Platform with OIDC

Each of these tools brings value and, inevitably, its own idea of authentication and authorization. At some point, “it works” ...
Microsoft

How Microsoft Defender protects high-value assets in real-world attack scenarios

High-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in ...
Security Boulevard

Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet

The Azure APIM signup bypass is a critical vulnerability affecting 97.9% of internet-facing Developer Portals. Azure API ...
Security Boulevard

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload ...

monday.com Launches Agentalent.ai, a Hiring Platform for Enterprise AI Agents

NEW YORK & TEL AVIV, Israel, March 23, 2026--monday agent labs, monday.com’s incubation engine that accelerates the release ...
SecurityWeek

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Oracle issues out-of-band updates to patch CVE-2026-21992, a critical vulnerability in Identity Manager and Web Services ...

SMX Establishes a New Framework for Verification and Visibility Across Global Energy Supply Chains

PLC (NASDAQ:SMX) is introducing a new level of transparency and control to the oil and gas industry, enabling real-time authentication and traceability across one of the world’s most complex and ...

Fake Google security page can turn your browser into a spying tool

Security researchers say a phishing scam impersonates Google to install malware that steals 2FA codes, tracks location and ...
The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in ...