Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

Microsoft’s Agent Governance Toolkit brings runtime policy enforcement to autonomous agents, based on the OWASP top 10 agent ...

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

In the future, AI agents will be able to find one another using the Domain Name System (DNS), instead of crawling about and ...

Microsoft says Storm-2949 used one hacked identity to infiltrate cloud systems, steal sensitive data, and spread across Azure ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link related npm compromises affecting TanStack and Mistral SDKs to the broader ...