Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

Unified data foundation with Fabric solution accelerator

This solution accelerator delivers a unified data foundation using Microsoft Fabric, OneLake, Microsoft Purview, and Azure Databricks for integrated, governed analytics. Built on medallion lakehouse ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...