Microsoft uses AI to link two malware operations in racketeering suit

Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised

Vào ngày 24/6/2026, tin tặc đã phát tán phiên bản độc hại của 20 package npm thuộc hệ sinh thái Leo Platform chỉ trong vòng chưa đầy 3 giây, sử dụng toolkit 'Phantom Gyp' tương tự chiến dịch Miasma trước đó. Phần mềm độc hại đánh cắp bí mật từ GitHub Actions, kho lưu trữ đa đám mây (AWS, GCP, Azure), registry package, HashiCorp Vault, Kubernetes và trình quản lý mật khẩu, sau đó exfiltrate qua token GitHub của nạn nhân để tránh bị phát hiện. Nó còn hoạt động như một worm trong chuỗi cung ứng, tự động phát tán phiên bản độc hại các package mà nạn nhân có quyền publish bằng cách vượt qua xác thực 2FA.

Lập trình viên nên đọc bài này để hiểu cách một cuộc tấn công supply chain mới sử dụng các kỹ thuật phức tạp—như obfuscation và evasion Bun—để tránh phát hiện và khai thác quyền truy cập vào các hệ thống quan trọng từ các gói npm phổ biến, từ đó cảnh báo về rủi ro khi sử dụng các thư viện công cộng mà không kiểm tra nguồn gốc và bảo mật.

Analysts attempt to make sense of Xbox's exclusivity shift

Microsoft's Xbox division has undergone multiple strategy reversals on game exclusivity — from console-exclusive titles, to full multiplatform releases on PlayStation and Nintendo, and now back to a selective exclusivity model under new leadership Asha Sharma. Analysts explain the shift through several lenses: leadership change, two-sided market theory, ecosystem retention, and the need to justify rising console prices. Gears of War: E-Day is now an Xbox exclusive again, while other titles remain multiplatform. Analysts are skeptical the exclusivity pivot will meaningfully drive hardware sales, suggesting it's more about symbolic goodwill than revenue, and warn that studio developers may pay the price for repeated strategic reversals.

Threat landscape for SMBs in 2026: fake AI tools, phishing and more

Kaspersky's 2026 SMB threat report reveals a nearly fivefold increase in cyberattacks disguising malware as popular AI tools like Claude compared to 2025. Fake messenger apps remain the most common lure with over 414,000 attacks detected in the first four months of 2026. Phishing campaigns increasingly exploit legitimate platforms (OneDrive, Zoom Docs) to bypass email filters. Dark web analysis shows SMBs and mid-sized businesses account for more than half of all initial access listings sold by brokers, with Middle East, Africa, and Latin America seeing significant increases. The report includes a practical cybersecurity action plan covering access controls, employee training, backups, and specialized security solutions.

RAISE US: AI giants back a $500m worker retraining push

OpenAI, Anthropic, Microsoft, and Amazon are among the backers of RAISE US, a new nonpartisan nonprofit led by former US Commerce Secretary Gina Raimondo. The initiative has raised over $500m toward a $1bn goal to retrain American workers displaced by AI. Working through state governments, RAISE US will fund pilot programs including AI-powered career navigation, wage insurance for workers taking lower-paying jobs, and short-time compensation schemes. The effort launches amid growing public anxiety over AI-driven job losses, with the irony that some backers like IBM and Workday have themselves cited AI in recent layoffs. Critics note that corporate retraining programs have historically underperformed, and the deeper question of whether AI will create jobs as fast as it destroys them remains unanswered.

Inside Kali365, a Device Code Phishing Ecosystem

Huntress SOC researchers investigated a surge of device code authentication events from Tencent Cloud IPs and uncovered Kali365, a mature Phishing-as-a-Service (PhaaS) kit targeting Microsoft 365. The platform features three variants with 33 built-in lure templates, a token vault, AI-powered BEC modules using Claude Sonnet, an in-panel Outlook webmail proxy, a domain marketplace, RBAC, and cryptocurrency-based self-service billing via OxaPay. Two companion Electron desktop apps — OctoLink Live and OctoLink Sender — convert stolen tokens into real authenticated browser sessions and enable mass lateral phishing via Microsoft Graph, all while mimicking legitimate user behavior to evade detection. The kit maintains persistent access even after MFA enforcement or password resets by abusing refresh tokens and the Microsoft Authentication Broker client ID. Huntress recommends blocking device code flow via Conditional Access and has published IoCs and KQL hunting rules.

Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack

A detailed technical analysis of a ClickFix attack chain observed in May 2026 that led to a full hands-on-keyboard intrusion across 11 hosts. The infection began with a user tricked into running a command via the Windows Run Dialog, which fetched and silently installed an MSI dropping 'Potemkin', a custom x64 loader using a Domain Generation Algorithm (DGA) with XorShift32 seeded at 151678 to find its C2. Potemkin reflectively loads 'RMMProject', a 4.4 MB Lua-scriptable DLL with 15 task types including browser credential theft (with a Chrome App-Bound Encryption bypass via DLL injection), hidden remote desktop control, process injection, and module loading. The attacker also deployed EtherRAT (a Node.js backdoor resolving C2 via Ethereum blockchain) and Cloudflare tunnels, then moved laterally via WMIExec and SMBExec to reach the domain controller. The post includes full DGA Python implementation, cipher decryption algorithm, C2 protocol details, and indicators of compromise.

Microsoft significantly increases Xbox prices worldwide and withdraws 2TB model citing "components crisis"

Microsoft is raising Xbox console prices worldwide effective August 2, citing a components crisis driving up storage and memory costs by more than 2.5x. The Xbox Series S 512GB jumps from $399.99 to $499.99, the Series S 1TB from $449.99 to $599.99, the Series X Digital from $599.99 to $749.99, and the Series X from $649.99 to $799.99. The 2TB model is being discontinued. Microsoft notes consoles are sold below cost and points to buy-now-pay-later options and refurbished console programs to help with affordability. The announcement follows Valve's Steam Machine also launching at higher-than-expected prices due to similar hardware supply issues.