Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

Microsoft Reveals How One Hacked Identity Triggered a Massive Cloud-Wide Breach

Microsoft says Storm-2949 used one hacked identity to infiltrate cloud systems, steal sensitive data, and spread across Azure ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
The Hacker News

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Turla turns Kazuar into a 3-module P2P botnet, enabling stealthy C2, resilient tasking, and persistent access.
Windows Latest

Former Microsoft VP says Microsoft missed the AI wave like the internet and mobile, as Copilot scales back in Windows 11

Former Microsoft PM says the company's AI push failed, citing Copilot's dismal 3.3% adoption rate and calling for a massive ...
The Hacker News

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...
Cryptopolitan on MSN

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...
Dark Reading

LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly

In the latest evolution of automated cyberattacks, 2 threat campaigns heavily leveraged AI agents to support attacks against ...
Cryptopolitan on MSN

Base x402 protocol adds batched settlement to enable sub-fraction-of-a-cent AI payments

Base creator Jesse Pollak announced on May 13 that the x402 payment protocol now supports batched settlement, in an X post.

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...