Joe Stocker @ITguySoCal

@rodtrent hey @rodtrent is there an SLA for Log Ingestion? I didn't see it called out in the SLA for MOS but I did find it referenced here: “Log analytics has a five-minute SLA for data ingestion” Reference: learn.microsoft.com/en-us/azure/se…

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

@godofprompt @UnrollHelper

Phenomenal article on credential brokering. Your AI agent shouldn't be reading your API keys. @dangtony98 cooked 👇

Tony Dang @dangtony98

2 weeks ago

x.com/i/article/2057…

12 17 209 117K 741

@NathanMcNulty @CISAgov this is for you 😅

😅

Matt Zorich @reprise_99

2 weeks ago

If you want to age your sys admins 30 years overnight, remember that Active Directory is fully unicode compatible, so you can rename your laptop with emojis it its hostname, and it will reflect like that in AD ping desktop-🤷‍♂️👍👌.mycompany.local

116 359 5K 312K 817

Announcing something new 👇 We’ve launched a Sentinel Cost Calculator to help you take control of SIEM spend. ✔ Predict costs upfront ✔ Build smarter security budgets Take a look: patriotconsulting.com/press/sentinel… #MicrosoftSentinel #Cybersecurity

😭 VS Code extensions are no different than browser extensions - high risk that you should be controlling with an allowlist Yes, review and approval processes suck, but IR sucks even more code.visualstudio.com/docs/enterpris…

GitHub @github

2 weeks ago

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version,

584 4K 11K 7.5M 4K

The enterprise plans for Claude are cost prohibitive because you pay for API calls on top of flat billing per employee. Whereas the tier right below enterprise, Claude Team, includes a large bucket of token usage with each $20 dollar seat.

Hedgie @HedgieMarkets

2 weeks ago

🦔Microsoft canceled its internal Claude Code licenses this week after token-based billing made the cost untenable, even for a company with effectively infinite cloud resources. Uber's CTO sent an internal memo warning the company burned through its entire 2026 AI budget in just

1K 4K 20K 8.3M 12K

And yet cloudflare makes a great point that everyone will soon be facing a pickle: patch fast and skip regression testing (causing bigger problems than the original vulnerability), OR, patch after 6(?) hours of regression testing then spend the rest of the weekend doing IR. 🤦‍♂️

It’s just that soon you will have minutes to deploy patches zerodayclock.com

Justin Elze @HackingLZ

2 weeks ago

For those of you just now paying attention to cybersecurity, large companies got hacked before AI. Colonial Pipeline, SolarWinds, OPM, Kaseya, Aramco, Change Healthcare, Equifax, Target, Home Depot, TJX, etc

26 21 238 56K 19

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

If you are wondering if you own App Proxy, yes you most likely do - it’s included in M365 E3 or M365 F3 which gives you Entra P1.

Nathan McNulty @NathanMcNulty

2 weeks ago

Entra App Proxy continues to be one of the biggest hidden gems of Entra P1 For over a decade, we've been able to stop exposing risky apps to the Internet by routing through agents with outbound connections to Azure I don't care what vendor you use, just get it off the Internet

10 37 239 49K 206

You must be able to be trusted in the small things before you can gain the massive things. - Walk On. - See you at the top!

“Patching faster does not change the shape of the pipeline that produces the patch. If regression testing takes a day, you cannot get to a two-hour SLA without skipping it, and the bugs you ship when you skip regression testing tend to be worse than the bugs you were trying to patch. We learned a version of this when we tried letting the model write its own patches and watched a few go out that fixed the original bug while quietly breaking something else the code depended on. The harder question is what the architecture around the vulnerability should look like. The principle is to make exploitation harder for an attacker even when a bug exists, so that the gap between when a vulnerability is disclosed and when it is patched matters less. That means defenses that sit in front of the application and block the bug from being reached. It means designing the application so that a flaw in one part of the code cannot give an attacker access to other parts. It means being able to roll out a fix to every place the code is running at the same moment, rather than waiting on individual teams to deploy it. “

Cloudflare @Cloudflare

3 weeks ago

Cloudflare's security team spent the last few weeks testing Anthropic's Mythos against fifty of our own repositories. What we learned about offensive AI, why faster patching is the wrong reaction, and what the architecture around vulnerabilities has to look like next.

87 709 4K 1.6M 5K

WE'RE HIRING - Senior M365 Forensic Investigator Looking for DFIR/IR experience + deep Microsoft security expertise (Defender XDR, Sentinel, Entra, Purview) and strong KQL. 📍 Remote (U.S.) 💼 Full-time 💰 $120K–$165K Apply here: patriotconsulting.com/career/mxdr365…

North Korean intelligence agents built an entire fake company to compromise one JavaScript developer. And it worked. UNC1069 didn't hack Axios. They befriended its maintainer. They cloned a real company founder's identity, built a branded Slack workspace with fake employee profiles and LinkedIn post channels, then scheduled a Microsoft Teams call with what appeared to be a full team. During the call, a fake error message said his system needed an update. He installed it. That update was the RAT. From one developer's laptop, they had everything: npm credentials, publishing access, the keys to a package installed in 80% of cloud environments. Axios gets 100 million downloads per week. The attackers published two poisoned versions at 12:21 AM UTC on a Sunday night, tagging both the latest and legacy branches within 39 minutes. The malicious dependency had been pre-staged 18 hours earlier with a clean decoy version to build registry history. Three separate RAT payloads were pre-built for macOS, Windows, and Linux. The malware self-deleted after execution to erase forensic evidence. The poisoned versions were live for about three hours before npm pulled them. Huntress observed 135 endpoints across all operating systems calling the attacker's command-and-control server during that window. Wiz found the malicious versions in roughly 3% of environments scanned. Every affected machine needs full credential rotation: npm tokens, AWS keys, SSH keys, CI/CD secrets, everything in .env files. The part that keeps getting worse: this isn't isolated. The same threat cluster compromised Trivy (a security scanner), KICS, LiteLLM, and multiple GitHub Actions in the two weeks before Axios. Google estimates hundreds of thousands of stolen secrets are now circulating from these combined attacks. The maintainer had 2FA enabled. He said himself: "I have 2FA/MFA on practically everything." The exact method of token compromise is still undetermined. One person. One fake Teams call. 100 million weekly downloads weaponized in under three hours. The npm ecosystem runs on mass trust in individual maintainers who volunteer their time, and North Korean intelligence now has a repeatable playbook for turning that trust into a delivery mechanism.

flavio @flaviocopes

2 months ago

How Axios was compromised 🤯

149 854 7K 1.6M 2K

The entire Axios meltdown was social engineering to get a dev to join a fake Microsoft Teams call and the dev trying to update Microsoft Teams. Incredible.

flavio @flaviocopes

2 months ago

How Axios was compromised 🤯

149 854 7K 1.6M 2K

Someone just poisoned the Python package that manages AI API keys for NASA, Netflix, Stripe, and NVIDIA.. 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine. The attacker picked the one package whose entire job is holding every AI credential in the organization in one place. OpenAI keys, Anthropic keys, Google keys, Amazon keys… all routed through one proxy. All compromised at once. The poisoned version was published straight to PyPI.. no code on GitHub.. no release tag.. no review. Just a file that Python runs automatically on startup. You didn’t need to import it. You didn’t need to call it. The malware fired the second the package existed on your machine. The attacker vibe coded it… the malware was so sloppy it crashed computers.. used so much RAM a developer noticed their machine dying and investigated. They found LiteLLM had been pulled in through a Cursor MCP plugin they didn’t even know they had. That crash is the only reason thousands of companies aren’t fully exfiltrated right now. If the code had been cleaner nobody notices for weeks. Maybe months. The attack chain is the part that gets worse every sentence. TeamPCP compromised Trivy first. A security scanning tool. On March 19. LiteLLM used Trivy in its own CI pipeline… so the credentials stolen from the SECURITY product were used to hijack the AI product that holds all your other credentials. Then they hit GitHub Actions. Then Docker Hub. Then npm. Then Open VSX. Five package ecosystems in two weeks. Each breach giving them the credentials to unlock the next one. The payload was three stages.. harvest every SSH key, cloud token, Kubernetes secret, crypto wallet, and .env file on the machine.. deploy privileged containers across every node in the cluster.. install a persistent backdoor waiting for new instructions. TeamPCP posted on Telegram after: “Many of your favourite security tools and open-source projects will be targeted in the months to come.. stay tuned.” Every AI agent, copilot, and internal tool your company shipped this year runs on hundreds of packages exactly like this one… nobody chose to install LiteLLM on that developer’s machine. It came in as a dependency of a dependency of a plugin. One compromised maintainer account turned the entire trust chain into a credential harvesting operation across thousands of production environments in hours. The companies deploying AI the fastest right now have the least visibility into what’s underneath it.

Andrej Karpathy @karpathy

2 months ago

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database

1K 5K 28K 66.6M 14K

A company that sells cybersecurity risk intelligence to 91% of Fortune 100 companies just got breached through an unpatched React app and a single overprivileged AWS role. LexisNexis. 3.9 million records. 400,000 user profiles. 53 secrets extracted in plaintext from AWS Secrets Manager. Including credentials for production databases, Salesforce, Oracle, and analytics platforms. The password "Lexis1234" was reused across five different internal systems. This is a company that describes itself as "one of the largest protectors of private and confidential data in the world." They provide risk intelligence to 7,500 US government agencies, nine out of ten banks, and major insurers globally. They sell cybersecurity assessments to their customers. And they couldn't secure their own AWS account. Here's what makes this worse than a typical breach: - The compromised data includes accounts tied to 118 .gov email domains. Three US federal judges. Four Department of Justice attorneys. SEC staff. Probation officers. Federal court law clerks. The attackers published doxxed profiles of federal officials tied to courts and regulatory agencies across the country. - These aren't random consumer records. These are the digital identities of people whose exposure carries national security implications. A compromised federal judge's profile doesn't just enable identity theft - it enables targeted influence operations, blackmail, and intelligence gathering. The attack path is textbook and that's the problem: → Unpatched React application - the front door → Single ECS task role with read access to every secret in the account - the keys to everything → 536 Redshift tables, 430+ database tables, full VPC infrastructure mapping - complete visibility → 53 secrets in plaintext including database credentials, API tokens, and development access keys No zero-day. No advanced persistent threat. No nation-state capability required. Basic hygiene failures — unpatched app, overprivileged IAM role, password reuse, plaintext secrets. This is LexisNexis's second confirmed breach in two years. The December 2024 incident exposed 364,000 individuals through a compromised corporate account on a third-party development platform. Data brokers and analytics providers are not peripheral players - they're deeply embedded in today's risk landscape. That's the pattern we keep seeing. Attack the aggregator, not the individual. BPO providers. Cloud platforms. Legal data giants. The organisations that hold everyone else's data are the highest-value targets - and often the weakest links. For every enterprise that uses LexisNexis services: → Assume your metadata, contract details, and product usage history are exposed → Watch for targeted phishing using the exposed business relationship data → If your staff have LexisNexis accounts, reset credentials immediately → Ask your vendor risk team: when was the last time we assessed LexisNexis's actual security posture - not their marketing, their controls? The company that indexes the world's legal information couldn't index its own IAM policies. And they're not the exception. They're the pattern. More info: cybernews.com/security/lexis…