Weekly Security Roundup: Tokens, Supply Chains, and Access Control

by TechHub

Updates in security span new authentication methods, improvements in supply chain risk management, endpoint security guidance, and permission management strategies. Development platforms now require updated credentials while guides support teams in securing infrastructure.

npm Authentication, Supply Chain, and IDE Attack Surface

The npm registry now mandates session-based or new CLI tokens, replacing classic tokens for authentication. Two-factor authentication is required for publishing, with short-lived (two-hour) tokens for sessions. The CLI assists with management tasks such as creating, listing, and revoking tokens. OIDC-based publishing is the new recommendation, and developers must revise their workflows to be compliant. A technical breakdown describes how the Shai-Hulud 2.0 attack targeted npm packages with scripting tools, advising on detection and defense using Defender for Cloud and Sentinel. The persistence of endpoint supply chain threats underscores the need for vigilance. This week’s security alert reports the discovery of malicious VS Code extensions installing infostealer malware, highlighting risks such as DLL hijacking and reinforcing the importance of plugin monitoring and least-privilege approaches in CI/CD workflows.

Azure and Microsoft Stack Authentication & Access Management

Azure DevOps has posted retirement deadlines for global personal access tokens; after March 2026, new tokens will not be issued, and all tokens will be invalidated by December 2026. Teams are urged to migrate to Entra-backed tokens to support least-privilege and avoid credential sprawl. A recent analysis points out security concerns with Custom Script Extensions on Azure Virtual Desktop, where blob tokens may appear in logs. Solutions include Key Vault or Managed Identities, although some limitations are noted for portal-based operations. Fabric’s OneLake now allows for more detailed ReadWrite permissions, making schema-level access management easier for compliance and data governance.

Cloud Incident Response, Endpoint Security, and Email Protection

New security incidents show attackers using fake employee identities and KVM tools to gain endpoint access. Microsoft’s investigation relied on Defender for Endpoint, Entra ID, and improved monitoring of onboarding, auditing, and data loss prevention for handling insider risks. Benchmark studies provided comparisons of email security solutions (Defender for Office 365, SEG, ICES) and highlighted the real-world effectiveness of different products. These rates help leaders shape incident response and technical defenses.

Securing AI, Advanced Defense Strategies, and Practical Security Modeling

A security advisory this week covers how to securely operate AI agents with Azure SQL, focusing on permission management, error tracking, and monitoring for regulatory compliance. Microsoft’s Security CTO advances the use of graph-based models—mapping identity, credentials, and assets—to enhance security operation centers, combined with AI analytics. Detailed inventory and KQL-based log review are central to this practice. A new video on security modeling highlights how storytelling improves understanding and training within teams, encouraging practical linkage between incidents and security improvements.

Other Security News

A practical guide walks through setting up Remote Desktop on Windows 11, covering basic access, firewall, VPN setup, and how to secure connections with Network Level Authentication. Troubleshooting advice is provided for typical real-world issues faced by administrators.