Signal Roundup — 20 June 2026
Five items this week: Conditional Access extends to baseline-scope sign-ins, self-service password reset will require registered authentication methods, a North Korean npm supply-chain compromise, an AI-agent host takeover from a single web page, and central authorization for Claude's MCP connectors.
Signal Roundup — 10 June 2026
Six items this week: a record-breaking June Patch Tuesday with three public zero-days, a Purview label that blocks Copilot and connected services from reading content, a prompt injection flaw in the Claude Code GitHub Action, threat actors using AI brand names as phishing bait, Microsoft's push toward the Artifact Registry for PowerShell modules, and container labels that now cover guest access to security groups.
Signal Roundup — 30 May 2026
A quieter week, four items: a typosquatted npm supply-chain attack harvesting cloud and CI/CD secrets, Microsoft's analysis of the self-propagating Gentlemen ransomware, Exchange Online's move to REST-based calendar sharing, and Anthropic's Zero Trust framework for AI agents.