I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

Microsoft open-sources Agent Governance Toolkit to enforce deterministic runtime policies for AI agent actions

Microsoft released the Agent Governance Toolkit in public preview to sit between AI agent frameworks and the tools or resources agents try to use. The idea is to enforce deterministic allow-or-deny decisions before execution, generate audit evidence, and add runtime controls that do not depend on prompt-level safety alone.

Key Details

  • The toolkit is focused on runtime governance, including policy enforcement, identity checks, sandboxing, and operational guardrails.
  • Microsoft says it governs tool calls, resource access, and inter-agent messages rather than just model inputs and outputs.
  • The project is positioned as framework-agnostic, with support paths for Semantic Kernel, AutoGen, LangChain, LangGraph, CrewAI, OpenAI Agents SDK, and Google ADK.
  • Microsoft says it has 9,500+ tests and full coverage of the OWASP Agentic Top 10.

Next Steps

  • If you are evaluating agentic workflows, test whether a policy enforcement layer like this can sit in front of sensitive tools and data stores.
  • Treat agent runtime controls as a separate security layer from model safety and prompt hardening.

Read more at GitHub

Microsoft to enable Entra passkey sign-ins from unmanaged Windows PCs, rolling out in late April

Microsoft says Entra passkeys on Windows will roll out from late April, with general availability expected by mid-June 2026. The notable change is that phishing-resistant, passwordless sign-ins will work from unmanaged Windows devices too, not only from company-managed endpoints.

Key Details

  • Users on personal or shared Windows devices can use Windows Hello with Entra passkeys instead of falling back to passwords.
  • Each device stores its own local passkey, rather than relying on a centrally managed company device state.
  • Microsoft says the rollout starts in late April 2026 and should reach general availability by mid-June 2026.

Next Steps

  • Enable “Microsoft Entra ID with passkeys” in Entra Authentication Methods if you want to support this flow.
  • Recheck Conditional Access policies so unmanaged-device sign-ins behave the way you intend.

Read more at BleepingComputer

Helpdesk impersonation over Microsoft Teams used to trick users into installing SNOW malware and remote access tools

Threat actor UNC6692 is abusing Microsoft Teams to impersonate internal IT staff and talk employees into installing malware. The social engineering often starts after a spam flood, creating urgency and making the fake helpdesk message look like a legitimate response to an ongoing issue.

Key Details

  • The campaign installs SNOWBELT, a malicious Chromium-based extension, by launching Microsoft Edge in headless mode and loading the extension.
  • The broader SNOW toolkit is modular, with SNOWBELT, SNOWBASIN, and SNOWGLAZE handling browser control, remote execution, tunneling, file transfer, and screenshots.
  • The attack works because Teams lets anyone create a tenant with an arbitrary display name and message external users in a way that can look internal.

Next Steps

  • Restrict or disable inbound chats and meetings from external Teams tenants where the business does not need them.
  • Train staff to treat unsolicited “IT support” messages inside Teams the same way they would treat suspicious email or phone support requests.

Read more at BleepingComputer, The Hacker News, BleepingComputer, CSO Online

GitHub issue lures can trick developers into authorizing malicious OAuth apps with repo and workflow access

Researchers showed a phishing technique that abuses GitHub’s own notification flow to deliver a convincing prompt to authorize a malicious OAuth app. The attack relies on official GitHub issue-notification emails, making the initial lure harder to dismiss than a normal spoofed message.

Key Details

  • Mentioning a GitHub user in an issue on any public repository can trigger a real notification email from [email protected] to the target.
  • The issue body can contain links that route the victim to a malicious GitHub OAuth authorization prompt requesting broad scopes.
  • If the victim authorizes the app, the attacker gains a token that may allow data access and code or workflow modification across the account.

Next Steps

  • Treat unexpected GitHub security or workflow emails with the same suspicion as any other phishing lure, even when they come from legitimate GitHub infrastructure.
  • Limit who can approve third-party OAuth apps, and review existing GitHub OAuth grants for excessive scopes.

Read more at atsika.ninja

Bitwarden CLI npm package version @bitwarden/cli 2026.4.0 found compromised via GitHub Actions supply-chain vector

Socket reported that the Bitwarden CLI npm package was compromised and that the malicious release appears connected to the wider Checkmarx GitHub Actions supply-chain campaign. The reported payload targeted CI/CD and developer secrets, including GitHub, npm, SSH, and cloud credentials.

Key Details

  • The affected artifact identified in reporting was @bitwarden/cli 2026.4.0, with malicious code reportedly placed in bw1.js.
  • The exfiltration infrastructure overlaps with the broader Checkmarx campaign, including audit.checkmarx[.]cx/v1/telemetry and IP 94[.]154[.]172[.]43.
  • Stolen data reportedly included GitHub Actions tokens, npm tokens, SSH keys, and cloud credentials across AWS, Azure, and GCP.

Next Steps

  • Block and remove @bitwarden/cli 2026.4.0 anywhere it was installed in developer or CI environments.
  • Rotate potentially exposed secrets and review pipeline logs for any execution tied to the compromised package version.

Read more at Socket

Apple fixes iOS and iPadOS bug that retained “deleted” notifications, enabling recovery of message content from notification history

Apple patched CVE-2026-28950, a Notification Services flaw where notifications marked for deletion could still be retained on the device. That matters because notification previews can persist in the device’s notification history database even after the originating messaging app is removed.

Key Details

  • Reporting tied the issue to a case where the FBI extracted Signal message content from an iPhone’s push-notification database after the app had been deleted.
  • Signal said that after installing the patch, previously preserved notifications are deleted and future notifications for deleted apps will no longer be retained.
  • The exposure is not limited to one app; it is fundamentally about OS-level notification handling and preview storage.

Next Steps

  • Deploy iOS 26.4.2 / iPadOS 26.4.2 or iOS 18.7.8 / iPadOS 18.7.8, depending on device support.
  • Set sensitive messaging apps to show “Name only” or no preview content on the lock screen.

Read more at The Hacker News

Deepfake-enabled mobile KYC fraud used stolen IDs to open 46 ABN AMRO bank accounts

A reported fraud case shows how mobile onboarding flows can be bypassed with stolen identity documents and deepfake-generated selfies. In this case, the attacker allegedly opened 46 ABN AMRO accounts by defeating selfie-to-ID checks without proving a real, live person was present.

Key Details

  • The stolen IDs were reportedly obtained through a fake rental listing on Marktplaats and additional harvesting from social media.
  • Authorities reportedly seized multiple debit cards and PINs, dozens of fake IDs, and chat logs showing the suspect asking ChatGPT how to bypass bank controls.
  • The case highlights the weakness of KYC flows that verify face similarity but not robust liveness.

Next Steps

  • Reassess whether your onboarding stack has real liveness detection rather than simple face matching.
  • Add step-up review for suspicious account-creation clusters, reused documents, or high-velocity selfie submissions from the same device or network.

Read more at iProov

Florida opens criminal investigation into OpenAI, subpoenas sought over ChatGPT chats tied to FSU shooting

Florida Attorney General James Uthmeier said the state has opened a criminal investigation and issued subpoenas seeking information from OpenAI over whether ChatGPT bears any criminal responsibility for communications with the Florida State University shooter. The case is notable because it tests how aggressively prosecutors may try to attach criminal-liability theories to AI product behavior.

Key Details

  • The probe centers on whether chatbot interactions may have supported planning related to the shooting.
  • The state says it has issued subpoenas to seek information from OpenAI.
  • The case could become an early test of criminal-responsibility arguments around AI system design and operation.

Next Steps

  • If you build or deploy high-risk AI features, track this case as part of your legal and governance risk register.
  • Review how your product logs, policy controls, escalation paths, and abuse-handling processes would hold up under prosecutor or regulator scrutiny.

Read more at SiliconANGLE

FIRESTARTER backdoor persists on Cisco ASA and Firepower firewalls after patching, requiring power-cycle and often reimage

CISA and the UK’s NCSC disclosed FIRESTARTER, a Cisco ASA and Firepower backdoor that can survive firmware updates and ordinary reboots. That makes it unusually dangerous because patching the original vulnerability does not necessarily remove attacker persistence from the device.

Key Details

  • CISA found FIRESTARTER on a Cisco Firepower device inside a US federal civilian agency after suspicious connections were detected.
  • The malware can survive firmware updates and normal reboot commands, allowing threat actors to retain or regain access.
  • CISA and Cisco say that only a hard power cycle clears the in-memory persistence mechanism, and some cases may still require deeper remediation.

Next Steps

  • If you operate affected Cisco firewalls, follow vendor and CISA guidance to power-cycle, validate integrity, and reimage where required rather than assuming patching alone is enough.
  • Review logs and monitoring for suspicious VPN or firewall behavior that may indicate post-patch persistence.

Read more at BleepingComputer, Security Affairs, The Hacker News, SecurityWeek, CyberScoop

Researchers reported 73 Open VSX Marketplace impersonation extensions linked to the GlassWorm campaign. The extensions initially look benign, but at least six were later updated to activate malicious behavior and install or fetch malware through the normal extension update path.

Key Details

  • The campaign relied on cloned extension listings with copied names, icons, descriptions, and README content to confuse developers browsing the marketplace.
  • At least six extensions were later “activated” through routine updates, turning the extension into a thin malware loader.
  • Confirmed malicious examples named in reporting include outsidestormcommand.monochromator-theme, keyacrosslaud.auto-loop-for-antigravity, krundoven.ironplc-fast-hub, boulderzitunnel.vscode-buddies, cubedivervolt.html-code-validate, and winnerdomain17.version-lens-tool.

Next Steps

  • Put a formal extension allowlisting and review process in place for IDE and editor marketplaces.
  • Hunt for and remove the known malicious Open VSX extensions listed in the report.

Read more at Socket, Cybersecurity News

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.