NCU-ISAO

Many organizations invest in EDR but still lack real resilience. Lean teams drown in alerts, investigations lag, and responses are slow. AI attacks are rising (67% of organizations affected), and 84% of major incidents now use living-off-the-land techniques. Visibility alone isn’t enough. Bitdefender GravityZone PHASR reduces attacker opportunities, while MDR adds 24x7 expert response. Read: https://t.co/Z2ZajjJhjd

🔥 A new supply chain attack has hit official Red Hat Cloud Services npm packages. The Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments. It also adds persistence and downstream poisoning. Read: https://t.co/P2YhSDOMRG

Microsoft has identified an active supply chain attack using typosquatted npm packages to steal cloud and CI/CD secrets. On May 28, 2026, a single threat actor operating under newly created maintainer alias vpmdhaj published 14 malicious packages within a 4-hour window. https://t.co/jC3f2m6EBp The packages typosquat well-known OpenSearch, ElasticSearch, DevOps, and environment-configuration libraries, and several spoof the upstream OpenSearch project’s repository URL in their package.json to appear legitimate. Once installed, the packages harvest AWS credentials, HashiCorp Vault tokens, and CI/CD pipeline secrets from the host environment. Read the blog from the Microsoft Defender Research team to an in-depth analysis, as well as mitigation, detection, and hunting guidance.

⚠️ Enterprise AI risk is heavily concentrated among a small group of power users and personal accounts. LayerX Security’s 2026 report shows the top 5% of employees generate 144+ conversations each. Nearly half of all enterprise AI conversations use personal identities. Over 6% contain sensitive data. Most organizations lack full visibility. Full report: https://t.co/BxP0vrKnZl