SecQube

01/04/2026

North Korean hackers have compromised the popular Axios npm package, injecting malware via a fake dependency that deploys cross-platform RATs on developer systems. Downloaded millions of times weekly and used in 80% of cloud environments, this supply chain attack highlights the urgent risks to open-source dependencies in your SOC. At SecQube, our AI-powered Microsoft Sentinel platform automates threat detection and triage without KQL expertise, ensuring rapid response to such sophisticated threats. Stay vigilant and empower your team with AI-driven security operations.

30/03/2026

Struggling with Microsoft Sentinel incident triage? Harvey AI changes that. Our conversational AI bot guides you through investigations effortlessly, generating KQL queries automatically so no expertise is needed. Enjoy faster resolutions, reduced MTTR, and proactive threat hunting. Discover KQL-free Sentinel triage with SecQube today.

26/03/2026

I have created a 6-part blog series on Entra GSA (Global Secure Access). This is partly focused towards the C-Suite. We use GSA internally as well as have installed it in various environments, and we really like the solution; it's great for end-users!
https://scq.ms/gsa-p1
https://scq.ms/gsa-p2
https://scq.ms/gsa-p3
https://scq.ms/gsa-p4
https://scq.ms/gsa-p5
https://scq.ms/gsa-p6

Why organisations should adopt Entra Global Secure Access for Zero Trust networks (Part-1)

24/03/2026

Alert fatigue in SOCs is more than workload; it's a real safety risk with analysts missing critical threats amid thousands of daily alerts. SecQubes Harvey AI transforms Microsoft Sentinel triage into conversational guided sessions, eliminating KQL barriers. Focus on true positives faster with AI-driven prioritisation and real-time insights. Reduce burnout and boost efficiency today. https://scq.ms/h2ai

24/03/2026

CVE 2026 26123 in Microsoft Authenticator exposes one time login codes to malicious apps on the same iOS or Android device. Attackers exploit deep links if users select the wrong app during sign in, potentially accessing corporate services via BYOD phones. Security teams should prioritise app updates immediately and educate users on verifying app handlers for QR codes and links. CVSS score of 5.5 rates it medium but the impact on MFA trust is significant. Stay vigilant with mobile threat detection.

Microsoft Authenticator CVE 2026 26123 explained for security teams

24/03/2026

Traditional honeypots are static traps, but AI versions use machine learning to mimic live systems and respond convincingly to probes. This realism diverts sophisticated attackers, providing richer telemetry on emerging threats like autonomous agents. For CISOs, the operational win is reduced overhead and scalability across cloud and IoT. Consider them for early warning in your security stack.

24/03/2026

C-suite leaders, aligning AI strategy with business outcomes, start with clear objectives. Define specific problems like revenue growth or cost reduction that AI can solve directly. Use prioritisation matrices to focus on high-impact, feasible projects first. Run pilots to validate value before scaling. This ensures AI drives real strategic fit and ROI. https://scq.ms/ai-c-suite

23/03/2026

Microsoft is fortifying AI agents with Entra, Purview, and Defender integrations, embedding identity, data governance, and runtime protection into the AI lifecycle. CISOs can now capture AI interactions via DSPM for AI, enforce DLP to block uploads of sensitive data, and detect prompt injections at the network level with Entra Internet Access. This Zero Trust approach ensures secure AI deployment from POC to production. Stay ahead of AI risks with these built-in controls.

20/03/2026

CEOs, do your IT teams understand the basics of brand valuation? In cybersecurity, a single breach can slash brand value by millions due to lost trust. Arm IT with valuation insights to triage incidents and preserve reputation. Turn potential liabilities into strategic assets.

19/03/2026

A backdoored Open VSX extension exploited a compromised dev account to push GlassWorm malware via GitHub downloads, deploying RATs and stealers. This supply chain attack targeted developer credentials, AWS SSH keys, and crypto wallets, hitting over 22K installs. CISOs must audit VS Code extension histories for suspicious dependencies and transitive loaders to block such threats. Proactive supply chain security prevents lateral movement in enterprise environments.

19/03/2026

A misconfigured open directory on an Iranian server just exposed a 15 node relay network powering an SSH based botnet. This operation spans Finland and Iran with active C2 servers documented in bash history showing DDoS tooling and tunnel deployments. Key lesson for CISOs: Open directories are a goldmine for attackers scanning for exposed infra. Prioritize automated misconfiguration detection in your Sentinel workflows to catch these before they leak ops.

19/03/2026

CISA and Microsoft have issued urgent warnings about active exploitation of CVE-2025-53770 in on-premises SharePoint servers. Attackers are using this deserialization flaw, dubbed ToolShell, to gain full access to file systems and configurations, hitting federal agencies and energy firms. Prioritise patching with the latest security updates and hunt for indicators like spinstall.aspx web shells. In Sentinel environments, automate KQL queries for anomaly detection to stay ahead of these threats. Stay vigilant, CISOs.