Trigona ransomware attacks use custom exfiltration tool to steal data

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised ...
Visual Studio Magazine

Using Data API Builder to Speed Up Application Development

Microsoft's Data API Builder is designed to help developers expose database objects through REST and GraphQL without building a full data access layer from scratch. In this Q&A, Steve Jones previews ...
SecurityWeek

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

Threat actors have been exploiting the BlueHammer Microsoft Defender vulnerability as a zero-day to gain System privileges.
Microsoft

Detection strategies across cloud and identities against infiltrating IT workers

The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing ...

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...

TrustModel.ai Exposes Hidden Risks in Top Chrome Extensions and AI Agents—63% Flagged in First Independent Trust Audit

First large scale automated trust assessment finds widespread risk across browser extensions, including AI agents. Only ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
Dark Reading

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker ...
Que.com on MSN

Project Glasswing strengthens critical software security for the AI era

Introduction As organizations race to harness the power of artificial intelligence, the stakes for software security have never been higher.