June 15, 2026
Reading Time: 5 minutesBack in November I wrote about Flatcar Container Linux landing on AKS in preview. The short version was that it was a promising […]
May 29, 2026
In this article Attack chain overview The lure: typosquats and spoofed metadata Execution: npm lifecycle hook abuse Gen-1 stager: HTTP C2 beacon and payload drop Gen-2 […]
May 23, 2026
In this article Attack chain overview Initial access: Exploiting edge appliances Discovery and reconnaissance Lateral movement and identity compromise Mitigation and protection guidance Microsoft Defender XDR […]
May 21, 2026
Microsoft has identified an active supply chain attack targeting the @antv node package manager (npm) package ecosystem. A threat actor compromised an @antv maintainer account and […]
May 9, 2026
In this article Why Dirty Frag matters Technical overview Exploitation scenarios Mitigation guidance Post-mitigation integrity verification References A newly disclosed Linux local privilege escalation vulnerability known […]
May 2, 2026
In this article Vulnerability details Mitigation and protection guidance Microsoft Defender XDR detections References Learn more Microsoft Defender is investigating a high-severity local privilege escalation vulnerability […]
April 3, 2026
In this article Cookie-controlled execution behavior Observed variants of cookie-controlled PHP web shells Mitigation and protection guidance Microsoft Defender XDR detections Microsoft Security Copilot prompts Microsoft Defender XDR […]
April 2, 2026
In this article Analysis of the attack Mitigation and protection guidance Microsoft Defender detections Indicators of compromise Hunting queries On March 31, 2026, two new npm […]
January 14, 2026
I recently made a post about Azure Machine Configuration and PowerShell DSC, and how to deploy VM configurations as infrastructure as Code, just like the rest […]