Blog

Security Insights

Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven exposure management.

The TanStack npm Attack That Punishes You for Fixing It — 170+ packages compromised, 84 malicious versions, 6 min publish window, 518M cumulative downloads

Supply Chain SecurityCybersecurity

The TanStack npm Supply Chain Attack That Hit 170 Packages and Punishes You for Revoking Your Token

The TanStack npm supply chain attack hit 12 million weekly downloads using three public techniques and zero novel code. Here is exactly how it worked.

May 13, 202613 min

Data BreachesCybersecurity

Top 10 Data Breaches of April 2026

The biggest data breaches of April 2026 ranked and analyzed, from Checkmarx supply chain poisoning to Salesforce misconfigurations and ransomware hitting two major US banks.

May 1, 202615 min

CVEVulnerability Intelligence

Top 7 Critical CVEs of April 2026 You Need to Act On Now

The top CVEs of April 2026 were exploited in hours. Marimo RCE, Windows IKE, Fortinet EMS, GitHub GHES, ActiveMQ, and more. Attack scenarios, risk context, and fixes.

May 1, 202622 min

Checkmarx and Bitwarden supply chain attack: Your CI/CD pipeline is the attack surface

CybersecurityVulnerability Intelligence

Checkmarx and Bitwarden Just Showed That Your Pipeline Is the Attack Surface

How the Checkmarx supply chain attack compromised Bitwarden's CLI pipeline in four minutes, what was stolen, and the program design gap that made it possible.

Apr 29, 20267 min

Offensive SecurityCybersecurity

AI-Accelerated Offense: The Cyberattack Your Security Program Was Never Built to Stop

AI-Accelerated Offense uses autonomous agents to run the full cyberattack chain in hours. A frontier AI model found thousands of zero-day vulnerabilities across every major OS and browser in weeks. See how it works, why your security program is already behind, and what to do now.

Apr 23, 202613 min

Vercel security breach 2026 featured image

Data BreachesCybersecurity

The Vercel Hack: How One AI Tool Compromised the Infrastructure Behind Millions of Websites

Vercel's April 2026 security breach started with one AI tool's OAuth approval. Here is the full attack chain, blast radius, and what every security team must do now.

Apr 20, 202613 min

Strobes VI Supply Chain Attacks Ransomware Groups Threat Actors - Featured Image

Product UpdatesVulnerability Intelligence

Strobes VI Now Tracks Supply Chain Attacks, Ransomware Groups, and Threat Actors

224,487 supply chain incidents. 1,251 threat actors. Ransomware groups tracked in real time. Strobes VI now provides the threat intelligence layer that powers proactive exposure management, starting with the lessons from the Axios npm compromise.

Apr 3, 202611 min

How Strobes AI Turns a Supply Chain Zero-Day into Full Exposure Assessment

CTEMCybersecurity

How Strobes AI Turns a Supply Chain Zero-Day into a Full Exposure Assessment in Under 30 Minutes

When the axios npm package was compromised on March 31, 2026, Strobes AI agents autonomously performed incident response, identified every exposed repository across the attack surface, and generated a complete exposure assessment with remediation tasks in under 30 minutes.

Mar 31, 202610 min

CTEMVulnerability Intelligence

Axios npm Supply Chain Attack: 83M Weekly Downloads Compromised by Cross-Platform RAT

On March 31, 2026, attackers compromised the axios npm maintainer account and published backdoored versions deploying a cross-platform RAT to macOS, Windows, and Linux. Full incident breakdown with IOCs, detection guidance, and real-time AI-driven response.

Mar 31, 20269 min

A Poisoned PyPI Package Hit 36 Percent of Cloud Environments

LLM SecurityCybersecurity

A Poisoned PyPI Package Quietly Hit 36 Percent of Cloud Environments Through LiteLLM

LiteLLM 1.82.7 and 1.82.8 silently swept AWS credentials, Kubernetes configs, and SSH keys from 3.4 million daily installs. Here is exactly what the payload did and how Strobes AI detects and shuts it down.

Mar 26, 202612 min

Cybersecurity

Cybersecurity Accountability: Why CISOs Must Share Ownership Across the Enterprise

The sharing of ownership is more secure within the company. There are still standards set by the CISO and the core program being executed, but business owners, product team, IT, data stewards, legal, procurement, and finance each have well defined responsibilities. This model transforms security int

Oct 24, 202512 min

Cybersecurity

Top 10 Cybersecurity Companies in United States (2025 Ranking)

Cyberattacks in the United States aren’t slowing down. From billion-dollar ransomware hits to stealthy supply chain breaches, every month brings a new headline. And the cost is staggering. The average US data breach now costs over $9.4 million, the highest anywhere in the world. In this environment,

Sep 1, 202522 min