Top Stories by Impact

🏢 Microsoft Security Critical

How Storm-2949 turned a compromised identity into a cloud-wide breach

18 May 2026 · 22:42 UTC

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actor…

Read full article →
🏢 Microsoft Security Critical

Exposing Fox Tempest: A malware-signing service operation

Yesterday · 15:07 UTC

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to mo…

Read full article →
🏢 Microsoft Threat Intel Critical

Exposing Fox Tempest: A malware-signing service operation

Yesterday · 15:07 UTC

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to mo…

Read full article →
🔐 Cloudflare Blog High

Project Glasswing: what Mythos showed us

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is…

Read full article →
🏢 AWS Security Medium

CIRT insights: How to help prevent unauthorized account removals from AWS Organizations

Yesterday · 21:34 UTC

The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tact…

Read full article →
🏢 OpenAI News Medium

Advancing content provenance for a safer, more transparent AI ecosystem

Yesterday · 10:45 UTC

OpenAI advances AI content provenance with Content Credentials, SynthID, and a verification tool to help people identify and trust AI-generated media.

Read full article →
🔐

Cybersecurity

Cloudflare Blog

1

Project Glasswing: what Mythos showed us

High

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.

Read full article →
🤖

AI & Technology

🏢

Vendor Security

Microsoft Security

1

How Storm-2949 turned a compromised identity into a cloud-wide breach

Critical

18 May 2026 · 22:42 UTC

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate…

Read full article →
2

Exposing Fox Tempest: A malware-signing service operation

Critical

Yesterday · 15:07 UTC

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious code…

Read full article →
3

How to better protect your growing business in an AI-powered world

18 May 2026 · 16:00 UTC

See how built-in security helps keep your growing business running, protect customer trust, and support growth. The post How to better protect your growing business in an AI-powered world appeared first on Microsoft Secu…

Read full article →

Microsoft Threat Intel

1

Exposing Fox Tempest: A malware-signing service operation

Critical

Yesterday · 15:07 UTC

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious code…

Read full article →

AWS Security

1

CIRT insights: How to help prevent unauthorized account removals from AWS Organizations

Medium

Yesterday · 21:34 UTC

The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that t…

Read full article →
2

Governing infrastructure as code using pattern-based policy as code

Yesterday · 16:15 UTC

Organizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for t…

Read full article →

OpenAI News

1

Advancing content provenance for a safer, more transparent AI ecosystem

Medium

Yesterday · 10:45 UTC

OpenAI advances AI content provenance with Content Credentials, SynthID, and a verification tool to help people identify and trust AI-generated media.

Read full article →
2

Introducing OpenAI for Singapore

Yesterday · 20:30 UTC

OpenAI for Singapore launches a multi-year AI partnership to expand deployment, build local talent, and support businesses and public services with AI.

Read full article →
3

The next phase of OpenAI’s Education for Countries

Today · 00:00 UTC

OpenAI advances Education for Countries, expanding AI adoption in schools with new partnerships, teacher training, and tools to improve global learning outcomes.

Read full article →

Palo Alto Unit 42

1

Tracking TamperedChef Clusters via Certificate and Code Reuse

Today · 10:00 UTC

Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate and Code Reuse appear…

Read full article →