Category: Uncategorized

  • Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

    Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

    Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents.

    RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents, covering

  • Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

    Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

    Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.

    The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme

  • Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

    Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications.

    Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies

  • GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

    GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum.

    “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises,

  • Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem

    AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires.
    Download the CISO Expert Guide to Typosquatting in the AI Era →

    TL;DR 

    Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.

  • Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

    Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

    Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.

    The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.

    “Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as ‘YellowKey,’” the

  • Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

    Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised.

    It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories.

    “After the initial assessment, we found that in addition to source

  • GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

    GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

    GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum.

    “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises,

  • May 19 Primary Election: Preliminary results for Hood River and Wasco counties

    May 19 Primary Election: Preliminary results for Hood River and Wasco counties

    Free news: preliminary results of the May 19 Primary Election as of 8 p.m.
  • Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

    Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

    Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users.

    The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud.

    “Users