⚠️ PyPI revokes all tokens stolen in the GhostAction supply chain attack
Malicious GitHub Actions exfiltrated tokens
- No PyPI packages compromised
- Developers advised to use short-lived Trusted Publisher tokens

💬 How do you safeguard DevOps pipelines against supply chain threats?

Follow @technadu for updates.

#CyberSecurity #SupplyChainAttack #PyPI #Python #DevSecOps #GhostAction #OpenSourceSecurity #TokenSecurity #GitHubActions

🚨 Over the weekend, Microsoft Entra customers experienced unexpected account lockouts — and it turns out it was caused by a mistake inside Microsoft’s own token logging systems.

On Saturday morning, organizations began receiving alerts from Microsoft Entra ID Protection that certain user accounts had potentially leaked credentials, resulting in auto-lockouts.

Initial suspicion centered around a new enterprise app called “MACE Credential Revocation” — but Microsoft has since clarified the root cause.

According to Microsoft:
- On Friday, April 18, a small percentage of short-lived user refresh tokens were mistakenly logged in full, not just as metadata
- Upon realizing the issue, Microsoft invalidated those tokens to protect customers
- This action inadvertently triggered compromise alerts and lockouts in Entra for affected users

🛠️ The alerts were issued between 4AM–9AM UTC on April 20.
Microsoft says there’s no evidence that any of the tokens were accessed maliciously. If unauthorized use is detected, their security incident response process will be activated.

Admins affected by this incident can restore access by marking users as “Confirmed Safe” in Entra.

At @Efani, we see this as another example of how even cloud giants can run into operational errors — and why incident response, transparency, and zero-trust token hygiene are essential pillars of identity security.

#CyberSecurity #Microsoft #Entra #TokenSecurity #IncidentResponse #EfaniSecure

JWTweak - JSON Web Token [JWT] Algorithm Convertor and Generator Tool

With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementation like JWT Algorithm Confusion Attack. This tool is designed to automate the process of modifying the JWT algorithm of input JWT Token and then generate the new JWT based on the new algorithm.

https://www.knowcybersec.today/2023/08/JWTweak-security-tool-for-algorithm-attacks.html

#jwt #security #JWTtokens #jwt #TokenSecurity #appsec