Developers rely on AI to review third-party code before it reaches production. Repo-Injection shows how that workflow can be manipulated, allowing a malicious package to both execute and influence the outcome of its own review.

Findability precedes targetability. Chris Wingfield examines how threat actors exploit the unprotected ecosystem around a principal, and what it takes to extend meaningful friction beyond the target.

Security leaders present technically sound risks that are acknowledged, discussed, and deferred across planning cycles. Not because the threat is unclear, but because it is framed in terms of exposure rather than consequence. Executives do not act on risk alone. They act on what that risk means for continuity, revenue, and enterprise value. When that translation is missing, alignment stalls. When it is clear, action follows.

Investigators found a spiral notebook in a killer’s SUV containing the addresses of 45 officials and a handwritten list of data broker websites with pricing notes. No tradecraft, no expertise, just websites anyone can access. He found and correlated every target by hand. AI does it in a prompt.

In May 2025, 360 Privacy’s Technical Team uncovered two public-facing domains that exposed the personal and professional details of over 23,000 executives.

The net of publicly accessible information is growing faster than we can keep up with, and unfortunately for corporate security teams, much of it includes information on executives and the companies they represent.

For all of our Uber subscribers, this past weekend you likely received an email notification titled “Prioritizing your safety with Audio Recording”. Below we break out the “need-to-know” features, additional safety considerations when traveling, and (again) highlight the importance of ‘microphone’ settings on mobile devices.

Executive Protection has evolved beyond physical security to encompass the protection of executives’ digital lives.