Signal Roundup — 30 May 2026
A quieter week, four items: a typosquatted npm supply-chain attack harvesting cloud and CI/CD secrets, Microsoft's analysis of the self-propagating Gentlemen ransomware, Exchange Online's move to REST-based calendar sharing, and Anthropic's Zero Trust framework for AI agents.
Typosquatted npm packages harvesting cloud and CI/CD secrets
Microsoft Threat Intelligence documented a single actor who published 14 typosquatted npm packages in a four-hour window, spoofing OpenSearch, ElasticSearch, and DevOps libraries. Once installed, the packages run a credential harvester that targets AWS credentials, HashiCorp Vault tokens, GitHub Actions secrets, and npm registry tokens — all during npm install. For anyone running automation or CI/CD pipelines that build client baselines, the practical defences are immediate: run installs with --ignore-scripts where feasible, and rotate any AWS, Vault, npm, or GitHub Actions tokens exposed to affected runners or developer workstations.
Source: Microsoft Security Blog
Microsoft analyses the self-propagating "Gentlemen" ransomware
Microsoft Threat Intelligence published a breakdown of Gentlemen, a ransomware-as-a-service strain written in Go that pairs per-file ephemeral-key encryption with an aggressive self-propagation module. The combination lets it spread across a network without operator interaction once it gains a foothold, which raises the stakes on lateral-movement containment and endpoint isolation. The analysis is defensive in framing and useful context for reviewing Defender for Endpoint detection coverage and attack-disruption settings with clients.
Source: Microsoft Security Blog
Exchange Online rolls out the new REST-based calendar sharing model
Exchange Online is automatically upgrading shared calendars from the legacy MAPI-based model to REST-based sharing, with the rollout completing for commercial tenants by late July 2026. The change is largely transparent, but shared-calendar sync behaviour and permission handling shift underneath, so it is worth flagging to clients who rely heavily on delegated or cross-mailbox calendar access. No admin action is required to enable it; the value here is setting expectations before the behaviour changes.
Source: Office 365 for IT Pros
Anthropic publishes a Zero Trust framework for AI agents
Anthropic laid out how to apply Zero Trust principles to AI agents — treating an agent as an identity that must be authenticated, scoped to least privilege, and continuously verified rather than implicitly trusted once running. It is a useful companion to the agentic-security guidance Microsoft published earlier this month, and the framing maps cleanly onto controls teams already use for service principals and workload identities. Worth a read for anyone scoping how autonomous agents should be governed before they reach production tenants.
Source: Anthropic — Claude blog