Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
Microsoft

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...
GitHub

GitHub - microsoft/coreutils: Coreutils for Windows: Installer & Packaging

UNIX-style core utilities for Windows. The same commands and pipelines you use on Linux, macOS, and WSL - natively. PowerShell 7.4 or later is required. PowerShell 7.6 or later is recommended for ~ ...
Bitdefender

Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows

Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...
GitHub

AWS Lambda Terraform module

Terraform module, which creates almost all supported AWS Lambda resources as well as taking care of building and packaging of required Lambda dependencies for functions and layers. This Terraform ...