Weekly Security Roundup: Passkeys, Token Theft, and Code-to-Cloud

by TechHub

Security updates this week landed in three places developers feel immediately: identity (with more passkey momentum and new token-theft campaign details), software supply chain (with tighter code-to-cloud visibility and new scanning options that work in agent-driven workflows), and infrastructure hardening (from open-sourcing HSM components to active Linux exploitation and stronger data platform controls). Coming right after last week's theme of shrinking ambient privilege and interrupting intrusion chains with automation, this week's items largely zoom in on the same question from different angles: once an attacker gets a foothold (or once risky code ships), how quickly can you detect it, bound it, and prove what happened.

Microsoft Defender threat research: token theft, macOS infostealers, and active Linux exploitation

Microsoft security researchers mapped out multiple active campaigns that target the gaps between “user is authenticated” and “attacker can operate as the user”, with a heavy focus on stealing tokens or escalating privileges after initial access. That builds directly on last week's token-centric identity framing and the Defender XDR incident writeups: the attacker goal stays the same (operate as a real user, move laterally, exfiltrate), but the tradecraft varies depending on what is easiest to reuse (session artifacts, interactive access, or local privilege escalation). One investigation broke down a large-scale “code of conduct” themed phishing operation that uses an adversary-in-the-middle (AiTM) flow to capture authentication tokens, which can bypass MFA by replaying tokens and session cookies rather than brute-forcing passwords. If last week showed how hands-on access via “remote help” tools can bypass the phishing-vs-MFA debate entirely, this week is the more classic “steal the session and skip the password” story, with the same operational implication: you need identity telemetry and fast response paths for session abuse, not just better password policy. The write-up pairs the attack chain with practical response material, including Defender detections, Microsoft Defender for Office 365 guidance, Microsoft Entra ID Protection recommendations, Microsoft Defender XDR coverage, and Advanced Hunting queries plus IOCs so security teams can validate whether the campaign reached their tenants. On endpoints, Microsoft detailed updated ClickFix-style social engineering on macOS where the “payload” starts with the user copying and pasting attacker-provided Terminal commands. The report outlines multiple campaign variants, how persistence is established (including LaunchAgents and LaunchDaemons), how command-and-control infrastructure is discovered, and how infostealers may progress into wallet trojanization. This is the same “attackers win when normal workflows get abused” theme that ran through last week's Quick Assist intrusion chain, just shifted to macOS and developer-style muscle memory (Terminal). For defenders, the value is in the concrete hunting and detection guidance (including Microsoft Defender for Endpoint KQL queries) and the extensive IOC set to speed up triage. The most urgent infrastructure note was an “active attack” advisory for the “Dirty Frag” Linux local privilege escalation technique, expanding the risk after a system is already compromised by giving attackers a way to jump to higher privileges. That complements last week's emphasis on cutting off the middle of the chain (lateral movement and credential abuse) by calling out another mid-chain accelerant: privilege escalation that turns a limited foothold into broader control. Microsofts coverage calls out affected components (including esp4/esp6 and rxrpc) and provides interim mitigation steps, along with Microsoft Defender detection coverage so teams can both reduce exposure and monitor for exploitation attempts in the wild.

GitHub + Defender for Cloud: bringing runtime context into code security, and scanning that works with AI agents

GitHubs security surface continued to shift toward “developer-first, but deployment-aware” workflows, starting with the general availability of code-to-cloud risk visibility via Microsoft Defender for Cloud integration with GitHub Advanced Security. This continues last week's supply chain focus (know what you built, limit blast radius when dependencies go bad) by extending the visibility story past CI and into production reality. The core change is correlation: teams can connect what shipped (deployed container artifacts) with what was known during development, then see runtime risk context directly inside GitHub security views. Practically, that means security and platform teams can triage findings with more signal (what is actually running, where, and with what risk context) instead of treating code findings as isolated from production. The GA update also adds runtime-aware filters and campaign targeting across code scanning and Dependabot, which helps teams focus remediation efforts on what is deployed rather than what is merely present in a repo. In parallel, GitHub expanded what its MCP Server (Model Context Protocol) can do for security in agent-driven development. This picks up the thread from last week on governing agent tool execution (MCP control planes and per-call policy enforcement) by showing how security checks are moving into the same agent tool boundary where code is increasingly being proposed and edited. Secret scanning via GitHub MCP Server is now generally available, enabling MCP-compatible IDEs and AI coding agents to detect exposed secrets before commits or pull requests. A key detail for teams already using GitHub Advanced Security is consistency: the GA release honors existing push protection customization, so detection rules and bypass behavior remain aligned across standard GitHub workflows and MCP-driven tooling. Alongside that GA, dependency scanning in GitHub MCP Server entered public preview, letting AI coding agents and MCP-compatible IDEs check proposed changes for vulnerable dependencies using the Dependabot toolset and the GitHub Advisory Database before the change becomes a commit or PR. Taken together, these updates push scanning earlier in the loop (inside the editor and agent workflow) while keeping enterprise policies coherent across the “human PR” and “agent-assisted change” paths.

Microsoft identity and passwordless: passkeys progress and recovery changes

Microsoft used World Passkey Day to summarize incremental but meaningful changes across Microsoft Entra ID, Windows, and consumer sign-in as passwordless adoption expands from “sign-in” into “sign-in plus recovery.” This is a clean continuation of last week's identity-first theme (reducing what attackers can steal and reuse) because recovery paths and helpdesk flows are where “passwordless” programs often get undermined in practice. The update highlights general availability improvements to Entra ID account recovery, which matters because recovery paths often become the weak link once primary authentication is hardened. Microsoft also reiterated a notable cleanup item: it plans to remove security questions as a password reset option starting January 2027, reducing reliance on low-signal knowledge-based answers that are frequently guessable, reused, or obtainable through social engineering. For teams rolling out FIDO2/passkeys, the practical takeaway is to treat recovery and helpdesk flows as part of the rollout plan, not as an afterthought.

Hardware and data platform controls: open HSM components and OneLake security GA

On the “trust the platform” side, Azure announced it is open-sourcing Azure Integrated HSM through the Open Compute Project, including firmware and supporting software plus independent validation artifacts. Paired with last week's emphasis on reducing exfil paths (for example, Fabric outbound access protection) and tightening identity boundaries, this is the lower-layer counterpart: if keys anchor your identity, encryption, and signing systems, then assurance in the HSM implementation becomes part of the overall “can we trust the control plane under pressure” story. The goal is verifiable key protection at scale for server-integrated hardware security modules (HSMs) that complement Azure Key Vault and Azure Managed HSM. The post frames this as a transparency and assurance move: by publishing artifacts and aligning with OCP SAFE, Azure enables deeper third-party scrutiny of how keys are protected by hardware-enforced controls, including the kind of assurance customers look for in regulated environments (the post calls out FIPS 140-3 Level 3). For organizations building stronger cryptographic trust chains, this is a reminder that key management is not only about API usage, but about attestation, validation evidence, and the ability to verify the underlying system design. In Microsoft Fabric, OneLake security reached general availability with default enablement and an automatic upgrade rollout running through May. This follows last week's Fabric security arc (better controls at the boundary and clearer enforcement points for data movement) by tightening governance inside the lake itself: who can see which rows and columns, and how quickly teams can validate and automate those permissions. The GA focuses on making governance usable at scale: UI improvements, inline row-level security (RLS) validation, a role creation wizard that supports RLS and column-level security (CLS) authoring, and more granular REST APIs for role management. For teams using OneLake mirroring or consolidating data access patterns in Fabric, the practical impact is faster iteration on least-privilege role design (via the wizard and validation) and better automation hooks (via the new APIs) to keep permissions consistent across environments.

Other Security News

Inspektor Gadget published the results of its first independent security audit, patching three vulnerabilities (including CVE-2026-24905 and CVE-2026-25996) and documenting hardening recommendations. Coming right after last week's blend of “supply chain plus operational guardrails”, this is a useful reminder that observability and inspection tooling needs the same scrutiny as the workloads it monitors, especially when it hooks deeply into Linux and Kubernetes through eBPF. For teams using eBPF-based inspection in Kubernetes and on Linux hosts, the report is useful both as a validation point and as a practical checklist for tightening RBAC and deployment posture.