Weekly Security Roundup: Python Malware, Supply Chain, and AI Guardrails

This week’s security notes cover changing malware threats, improved automation, new defensive features, and more robust AI/data security. Recent incidents span macOS, Windows, and web threats.

Defender XDR and Threat Analysis Campaigns

Microsoft reports new infostealer malware (DigitStealer, AMOS, MacSync, PXA Stealer) now targeting both macOS and other platforms, using Python tooling and fake app bundles to steal logins. Teams get new Defender XDR and Sentinel detection patterns for Python attacks. The CrashFix ClickFix campaign is spreading a Python RAT via fake Chrome extensions disguised as ad blockers, using PowerShell obfuscation and fileless tricks for persistence. Response details include Defender for Endpoint, Security Copilot, and updated detection queries. Microsoft is responding to active SolarWinds Web Help Desk exploits (CVE-2025-40551, CVE-2025-40536, CVE-2025-26399), which use DLL tricks and lateral movement. Users are advised to patch, remove exposed endpoints, rotate sensitive accounts, and use KQL queries for incident detection.

• Infostealer Malware Expands to macOS and Cross-Platform Targets: Defender XDR Insights and Mitigation
• CrashFix ClickFix Variant Deploys Python RAT via Browser Extension and Living-off-the-Land Tactics
• Analysis of Active Exploitation of SolarWinds Web Help Desk: Detection and Mitigation

Secure Development at Scale: Automation and Operational Guardrails

Dependabot now offers OIDC authentication for private package registries, so pipelines can request credentials dynamically using cloud provider tokens, reducing risks from static credentials. Azure, AWS, JFrog, and similar platforms are supported, following last week’s coverage of software supply chain safeguards. Microsoft partners with the FBI’s Operation Winter SHIELD, expanding efforts to enforce technical controls (like secure baselines, legacy auth removal, MFA, and least privilege) using automation instead of just policy. Practical steps help teams apply stronger security in both legacy and new systems.

• Dependabot Adds OIDC Authentication for Private Registries
• Closing the Security Implementation Gap: Microsoft’s Support for Operation Winter SHIELD

AI and Data Security: Risks, Detection, and Lifecycle Evolution

Research from Microsoft looks at ways to detect hidden backdoors in open language models using attention analysis and pattern checking, including LoRA/QLoRA approaches. Teams are advised to combine static scanning with behavioral checks for AI deployment. Microsoft’s evolving Secure Development Lifecycle adds AI requirements including threat modeling, prompt/poison checks, and better logging and role separation for collaboration and risk tracking. Microsoft Fabric’s OneLake introduces centralized policy controls for data security, spanning analytic engines and formats for easier cross-cloud control and compliance management.

• Detecting Backdoors in Open-Weight Language Models: Microsoft Research Insights
• Microsoft SDL: Evolving Security Practices for AI Systems
• The Future of Data Security is Interoperability: A Technical Look at OneLake Security

Other Security News

CodeQL 2.24.1 improves support for Maven registries, as well as Kotlin, Java, and Python scanning, and adds checks for buffer overflows, locks, and prompt injection risks (especially for Python LLM code). These improvements target clearer reporting and fewer false positives. A new guide explains how to safely handle and validate user input, including special characters like apostrophes, to prevent SQL injection for .NET, Python, and Bicep, making the advice actionable for both software and infrastructure teams.

• What’s New in CodeQL 2.24.1: Enhanced Maven Registry Support and Improved Query Accuracy
• Handling Special Characters in User Input: A Developer’s Guide