As more organisations adopt dedicated pentesting platforms, they’re looking to go beyond the usual...
Vectra Cyber Threat Intelligence - April 2026
April's report is focused on web application security, what we keep finding, and why it matters.
What's covered in this edition:
- Threat spotlight on broken access controls (still top on the OWASP Top 10 for a reason)
- Stats from our testing on apps
- Four case studies including the youX breach (444,000 Australians exposed through an unsecured MongoDB cluster)
- The Axios npm supply chain compromise, where a North Korean actor backdoored a package with 70 million weekly downloads
- Hardening tips covering API authorisation and dependency auditing - leading to conversations around product, TAS or GRC projects
Download the report here: https://info.vectra-corp.com/cyber-threat-intel-april-2026
