TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge

Laura FrenchMay 15, 2026

The variant was used in recent attacks against TanStack and others – but it’s not the original, researchers say.

RESOURCES

Managed Security Services
The CISO shortage: Finding leadership without a leader
Exposure management
Fighting fire with fire: Defending against Mythos-powered cyberattacks
SOC
The human factor: Why AI-powered SOCs still need people in charge
Email security
Beyond the inbox: Why your domain and social media are the next front lines
AI/ML
Securing every door: Scalable strategies to manage machine and AI agent risks

PODCASTS

Vulnerability Management
Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more… – SWN #581
Breach
You’re not going to patch your way out of this – PSW #926
Leadership
Optimize Legal Operations as the CISO Role Changes to Address Skills Gaps and AI – Walter Scott Wilkens – BSW #447
Vulnerability Management
Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland… – SWN #580
Application security
Why Basic Security Practices Still Work – Rob Allen – ASW #382

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Vulnerability Management

10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV list

Steve ZurierMay 15, 2026

Maximum-severity bug an authentication bypass flaw that’s considered the highest value target in an attacker’s playbook.

Vulnerability Management

New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available

Laura FrenchMay 15, 2026

Fragnesia is at least the fourth privilege escalation flaw affecting Linux systems disclosed in the last three weeks.

(Credit: Andrii Lysenko – stock.adobe.com)

OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery

Laura FrenchMay 14, 2026

The program aims to leverage GPT models and Codex Security to improve software resilience.

US Capitol Building with 3 Flags Flying

House calls on Instructure to brief Congress on Canvas hack

Steve ZurierMay 13, 2026

ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.

(Credit: theartofpics – stock.adobe.com)

Vulnerability Management

Patch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEs

Laura FrenchMay 12, 2026

The May 2026 Microsoft security update included no zero days for the first time since June 2024.

(Adobe Stock)

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

Steve ZurierMay 12, 2026

Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.

Google reports first known AI-assisted zero-day exploit in the wild

Laura FrenchMay 12, 2026

Attackers used AI to create an exploit script for a 2FA bypass flaw in an open-source project.

(Credit: Robert – stock.adobe.com)

SailPoint GitHub repo hit by third-party cyberattack

Steve ZurierMay 11, 2026

SailPoint says GitHub repo breach exposed no customer data or production systems.

EVENTS