editorially independent. We may make money when you click on links
to our partners.
Learn More
Major Threats & Vulnerabilities
Software Supply Chain and CI/CD Exploits
Researchers uncovered a malicious campaign targeting SAP npm packages that secretly stole developer and CI/CD credentials through preinstall scripts and GitHub-based command and control. SAP has yet to comment on the incident, which highlights the growing risk of dependency poisoning in enterprise ecosystems.
Another critical flaw was found in Google’s Gemini CLI, allowing remote code execution in CI/CD environments. The Gemini CLI vulnerability has been patched, but organizations are urged to validate inputs, enforce least privilege, and isolate build environments to prevent similar pipeline attacks.
Web and SaaS Vulnerabilities
A hardcoded API key in ClickUp’s JavaScript exposed hundreds of enterprise and government emails for over a year. The ClickUp API key leak highlights the persistent risk of embedded credentials in SaaS platforms. Organizations should enforce MFA and eliminate hardcoded secrets immediately.
In another incident, a popular WordPress plugin with over 70,000 installs was found to contain a dormant backdoor capable of remote code execution. The plugin’s self-update mechanism concealed the malicious code for years, emphasizing the importance of plugin audits and integrity checks.
A flaw in Robinhood’s account creation process allowed attackers to send phishing emails from legitimate company addresses. The Robinhood bug has been fixed, but the case demonstrates how trusted branding can be exploited for social engineering attacks.
Critical Enterprise Vulnerabilities
Microsoft SharePoint administrators are urged to patch immediately following the discovery of a zero-day flaw affecting over 1,300 servers. The SharePoint zero-day vulnerability (CVE-2026-32201) allows remote code execution and is actively being exploited. Organizations should prioritize patching and restrict internet exposure.
Industry News
Law Enforcement and Global Cybercrime
Ukrainian police dismantled a hacking ring responsible for hijacking and selling over 610,000 Roblox accounts. The Roblox account hijacking ring generated roughly $225,000 in illicit profits and demonstrates the growing monetization of gaming-related cybercrime.
European authorities also took down a €50 million cryptocurrency fraud network that used fake investment platforms and remote access tools. The operation employed over 450 people, marking one of the largest crypto scams dismantled to date.
Corporate Breaches and Cloud Security
Two major industrial firms—Itron and Medtronic—reported cyber intrusions this week. Itron’s incident affected corporate IT systems, while Medtronic’s breach, attributed to the ShinyHunters group, exposed millions of records. These events highlight the widening gap between IT and OT security practices.
Home security giant ADT suffered a breach impacting 5.5 million users after attackers accessed its Salesforce cloud through a compromised Okta SSO login. Although alarm systems and payment data were unaffected, this marks ADT’s third breach since 2024, underlining the importance of identity security in cloud environments.
AI Governance and Ethics
The Vatican issued AI ethics guidelines to combat deepfake misinformation, emphasizing transparency and human oversight. In a related move, the Vatican also formalized a strict AI ethics framework banning manipulative AI and prohibiting clergy from using AI-generated sermons, reinforcing its stance on responsible technology use.
AI and Technology Industry Developments
Cisco’s open-source Model Provenance Kit aims to verify AI model origins and integrity, addressing supply chain risks in AI development. Meanwhile, OpenAI is reportedly developing an AI-driven smartphone that replaces traditional apps with intelligent agents, signaling a potential shift in mobile computing paradigms.
Security Tips & Best Practices
How Secure Are Your AI Agents?
- Apply zero trust principles and enforce least privilege access for AI agents using secure authentication and scoped permissions.
- Continuously monitor agent behavior and secure data pipelines with guardrails and validation.
- Use an AI safety checklist and test incident response scenarios to prepare for agent compromise or malicious outputs.
Guardz Warns MSPs of Cloud Ransomware and BEC Risks
- Monitor for AI-driven identity attacks and password compromises.
- Implement stronger SaaS security controls to mitigate BEC losses.
- Leverage AI detection tools with high accuracy rates to detect threats early.
Is Your Build Pipeline Truly Trusted?
- Enforce dependency security by pinning versions, using SBOMs, and verifying artifacts with signing tools like sigstore.
- Harden CI/CD pipelines and secrets management by restricting permissions and eliminating hardcoded credentials.
- Implement runtime monitoring to detect anomalous behavior and respond to potential supply chain compromises.
Patch SharePoint Servers Immediately
- Identify and patch all systems vulnerable to CVE-2026-32201.
- Restrict internet exposure of SharePoint servers.
- Implement access controls and monitor for exploitation attempts.
- Prioritize patch deployment across all affected environments.
- Review Microsoft’s latest security guidance for mitigation steps.
If you want to see more from our Newsletter Archive please click here.
