Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
GitHub

Sign-in a user with the Microsoft Identity Platform and call an ASP.NET web API that calls a downstream Web API with Conditional Access

This sample demonstrates a .NET web App and native client calling a .NET web API that is secured using Azure AD. Further on the API will also call a downstream API on-behalf of the signed-in user. The ...
GitHub

v2-oauth2-client-creds-grant-flow.md

The OAuth 2.0 client credentials grant flow permits a web service (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another web service.