SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
CSO Online

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.
Windows Report

Microsoft Starts New Kerberos Hardening Phase for Windows Domain Controllers

To tackle that, Microsoft has started rolling out protections designed to prevent information disclosure attacks that could expose Kerberos service tickets using weak or legacy encryption, including ...
Hosted on MSN

Microsoft is cutting off a legacy cipher that caused decades of damage

Microsoft is finally ripping out one of the weakest links in its identity stack, cutting off a legacy cipher that attackers have abused for years to walk straight into corporate networks. The move ...
TechSpot

Microsoft will soon deprecate the insecure RC4 encryption algorithm

About time: Microsoft introduced support for the RC4 stream cipher in Windows 2000 as the default authentication algorithm for the Active Directory services. The system has been insecure for even ...
HHS

Microsoft to Kill RC4 in Kerberos by 2026

Microsoft is officially moving to shut the door on RC4 - a legacy cryptographic cipher that has quietly persisted inside Windows authentication environments for decades - and forcing organizations to ...