Entra Agent ID: The blueprint blast radius securitylabs.datadoghq.com/articles/age...
by @siigil.bsky.social
Freshly out on the Datadog Engineering blog!
From single pull requests to full software packages: Detecting malicious code at scale www.datadoghq.com/blog/enginee...
The May edition of the Datadog Security Digest is out, with some great content from the community on cloud security, AI security and supply chain security!
securitylabs.datadoghq.com/newsletters/...
IDE-Shepherd is now on the VS Code Marketplace and Open VSX. Real-time protection against malicious extensions and supply chain attacks in VS Code and Cursor.
github.com/DataDog/IDE-...
Compromised axios npm package delivers cross-platform RAT
securitylabs.datadoghq.com/articles/axi...
LiteLLM compromised on PyPI: Tracing the March 2026 TeamPCP supply chain campaign
securitylabs.datadoghq.com/articles/lit...
When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos
www.datadoghq.com/blog/enginee...
Entra Agent ID: Inside a cross-tenant agent compromise
securitylabs.datadoghq.com/articles/age...
by @siigil.bsky.social
Holding blobs for ransom: Four methods for Azure Storage ransomware
securitylabs.datadoghq.com/articles/azu...
Behind the console: Active phishing campaign targeting AWS console credentials
securitylabs.datadoghq.com/articles/beh...
Datadog scaled malicious code detection from pull requests to dependency packages using stacked LLM evaluations and agentic investigation.
Datadog Security Research identified an active adversary-in-the-middle (AiTM) phishing campaign targeting AWS Console credentials via typosquatted domains that mimic AWS infrastructure.
Continuing our Agent ID series, this post demonstrates how a privileged agent could be compromised through its third-party blueprint. This leads to a cross-tenant incident similar to Midnight Blizzard...
securitylabs.datadoghq.com
Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking a single app registration (blueprint) t...
A VS Code/Cursor extension capable of performing realtime security monitoring from inside the IDE - DataDog/IDE-SHEPHERD-extension
github.com
This post explores four vectors for threat actors to abuse Azure Storage to maliciously encrypt victim blobs, including step-by-step explanations and event codes for detection.
An attacker hijacked an axios maintainer's npm account to publish malicious releases that deliver a cross-platform RAT.
securitylabs.datadoghq.com
This month's edition covers supply-chain attacks on npm packages and GitHub repositories, the release of Pathfinding Labs (100+ intentionally vulnerable AWS environments), and research on malicious AI...
