The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and account takeover.
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Opinion
Cloud Security AllianceOpinion

The Agentic Trust Deficit: Why MCP's Authentication Vacuum Demands a New Security Paradigm

Enterprises have tethered their most consequential operations to AI agents & neglected to secure the ingress. This article explains the gravity of this threat.
Dark Reading

How AI Coding Tools Crushed the Endpoint Security Fortress

Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have ...

Snyk Launches Evo AI-SPM To Govern Autonomous Coding Agents

Autonomous AI coding agents are shipping code faster than security teams can review it. Here’s why the governance gap is bigger than most organizations realize ...

HMRC to introduce MFA for agent online services

HMRC said that MFA will provide greater protection as agents sign in to its services. Credit: Mehaniq/Shutterstock.com. (Mehaniq/Shutterstock.com.) HM Revenue & Customs (HMRC) in the UK has outlined ...
The Manila Times

Saviynt Unveils Industry’s First Identity Control Plane for AI Agents

Saviynt delivers the first enterprise-grade platform with the full capabilities to govern AI agents from discovery through runtime ...
Center for a New American Security

Off Target

As the United States and its competitors race to field AI capabilities, the decisive edge will belong to whoever can deploy ...
Pharmaceutical CommerceOpinion

The Dark Side: “Serialized, But Not Secure”

Regulatory regimes such as the EU FMD and U.S. DSCSA drive serialization to strengthen visibility and oversight, but these ...

TP-Link warns users to patch critical router auth bypass flaw

TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker ...