AI red teaming agents change how LLMs get tested
Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Cresc...
Microsoft
20 articles
New GhostTree Attack Causes EDR Tools to Hang, Leaving Files Unscanned
A newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detectio...
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poison...
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitl...
Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
Microsoft’s AI red team lead talked to CyberScoop about the goals behind open sourcing a pair of security tools meant for developers and incident responders....
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes durin...
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (A...
Securing the gaming culture of cultures
Read about the unique challenges and rewards of securing gaming platforms and how to better protect gaming communities. The post Securing the gaming culture ...
GitHub admits major source code leak after 3,800 internal repositories breached
Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the...
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigati...
Microsoft issues YellowKey mitigation, no patch yet
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN.
Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow
The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well ...
GitHub says internal repositories were taken in poisoned VS Code extension attack
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension...
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver mali...
Storm-2949 actor targets Microsoft 365 and Azure environments
Storm-2949 initiates attacks by targeting users with privileged roles, such as IT personnel or senior leadership, using social engineering tactics to obtain ...
Microsoft to phase out SMS authentication for account recovery
Microsoft has announced it will begin phasing out SMS-based authentication and account recovery, citing it as a leading source of fraud.
Microsoft disrupts Fox Tempest malware-signing service
Fox Tempest operated a platform called signspace[.]cloud, which allowed threat actors to obtain short-lived Microsoft-issued certificates via Artifact Signing.
Microsoft addresses Windows Update failures in restricted environments
The failures occur in environments with strict network limitations, including air-gapped systems and heavily firewalled networks.
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Disc...
Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack
The ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating ...