Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-20 13:00 PDT
- Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
The Hacker News • 2026-05-20 10:06 • thehackernews.com
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents.RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents, covering
https://thehackernews.com/2026/05/microsoft-open-sources-rampart-and.html - Grafana breach caused by missed token rotation after TanStack attack
BleepingComputer • 2026-05-20 08:46 • www.bleepingcomputer.com
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. […]
https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/ - Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
The Hacker News • 2026-05-20 07:36 • thehackernews.com
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme
https://thehackernews.com/2026/05/microsoft-takes-down-malware-signing.html - On AI Security
Schneier on Security • 2026-05-20 07:21 • www.schneier.comGood report:
Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities (even when they are NOT emergent systemic properties like security). So let’s take a step back: how do you measure security in the first place? Good question. Over the last 30 years, security engineering for software evolved from black box…
https://www.schneier.com/blog/archives/2026/05/on-ai-security.html - Identity Alone Isn't Enough: Why Device Security Has to Share the Load
BleepingComputer • 2026-05-20 07:02 • www.bleepingcomputer.com
Identity checks alone can’t stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device verification. […]
https://www.bleepingcomputer.com/news/security/identity-alone-isnt-enough-why-device-security-has-to-share-the-load/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
