Microsoft

One intrusion, two cyberattackers: Uncovering parallel threat activity

Microsoft DART uncovers dual threat actors in a single intrusion, revealing how blended tactics conceal attacks and ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
Memeburn

Microsoft's GitHub Repos Were Hacked to Steal AI Developer Passwords

Hackers injected malware into 73 Microsoft GitHub repos on June 5, 2026. The attack targeted AI coding tools like Claude Code ...
InfoQ

Run Untrusted AI Agent Code Safely with Azure Container Apps Sandboxes

Microsoft has announced the public preview of Azure Container Apps Sandboxes. This new ARM resource type is ...
Dark Reading

Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.
TechCrunch

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
LinkedIn

Azure Functions with Managed Identity: No More Credentials in Code

For years, developers building cloud applications have wrestled with the same uncomfortable problem: how do you securely store the credentials your application needs to talk to other services?
Gizmodo

‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been leaving the digital keys to its own cloud storage accounts sitting out in the open, in plain text form, for some unknown ...
KLTV

Diocese removes priest following sexual allegation, Vatican investigating complaint

BATON ROUGE, La. (WAFB/Gray News) - The Diocese of Baton Rouge has removed Catholic Priest Father Charbel Jamhoury from ministry. According to the Diocese, it has also revoked his Safe Environment ...