Honestly the last week was insane, so many interesting and scary staff. If you don't read this usually, I would highly recommend reading this week summary. 🛡️ Axios npm Supply Chain Attack Impacts Millions of Developers What happened: A major supply chain attack compromised the widely used Axios npm package, impacting a library with ~100 million weekly downloads. Attackers hijacked a maintainer account and published malicious versions that injected a hidden dependency executing a cross-platform remote access trojan (RAT) during installation. The campaign has been attributed to a North Korean-linked actor, with payloads targeting Windows, macOS, and Linux systems. 🔗 https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/ 🤖 DeepLoad Malware Uses AI to Evade Detection What happened: Researchers identified a new malware strain dubbed DeepLoad, which leverages AI model APIs to dynamically generate polymorphic malicious code during execution. By continuously changing its structure and behavior at runtime, the malware can bypass traditional signature-based defenses and adapt in real time to detection mechanisms. 🔗 https://reliaquest.com/blog/threat-spotlight-deepload-malware-pairs-clickfix-delivery-with-ai-generated-evasion/ ☁️ AWS Expands Bedrock Security with Cross-Account Guardrails What happened: AWS announced general availability of cross-account guardrails for Amazon Bedrock, enabling organizations to enforce consistent AI security and governance policies across multiple accounts. This allows centralized control over model behavior, compliance rules, and safety constraints across enterprise-scale AI deployments. 🔗 https://aws.amazon.com/blogs/aws/amazon-bedrock-guardrails-supports-cross-account-safeguards-with-centralized-control-and-management/

I’m excited to announce that a brand-new course covering the AB-900 certification is now live inside our Skool community! As many of you know, AB-900 is becoming the new fundamental certification for Microsoft 365, especially with the retirement of MS-900 in 2026. If you want to stay ahead in the Microsoft ecosystem, this is the place to start. 🎯 What This Course Covers: - Foundations of Microsoft 365 - Core concepts of Microsoft 365 Copilot - Copilot architecture & integration - Agent administration fundamentals - Governance, compliance & security considerations - Real-world scenarios to understand how Copilot fits into modern organizations - Exam-focused preparation + practical insights This isn’t just theory. The goal is to help you: - ✅ Understand how Copilot works under the hood - ✅ Speak confidently about AI in Microsoft 365 environments - ✅ Prepare properly for the certification exam - ✅ Apply the knowledge in real-world IT and security roles If you're planning to transition into AI-focused roles, Microsoft 365 administration, or modern workplace architecture — this certification is a strong addition to your CV. YouTube Video Covering the RoadMap https://youtu.be/rmdXeOuAgZo Link to Course https://www.skool.com/cloud-ai-security-academy-4626/classroom/19ef12e5?md=cfc463ec812448fe8997d48b7ef943fe

Here’s your clean, high-signal roundup of the biggest cybersecurity developments from the past week — from cutting-edge AI threats to targeted phishing and critical device security patches. 🔍 Google Gemini Prompt Injection & ‘Delayed Tool Invocation’ Exploit What happened: Security researchers demonstrated how indirect prompt injection can be used to trick Google’s Gemini assistant into leaking private data and performing actions by embedding hidden instructions within trusted inputs (e.g., calendar invites or text). This method — often referred to as delayed tool invocation — conditions the hidden instruction to run later when the user interacts with the AI, enabling exfiltration of calendar or email content and other workflows. 🔗 https://www.techrepublic.com/article/news-google-gemini-indirect-prompt-injection-attack/ 🇷🇺 Russian State-Linked Actors Conduct Sophisticated Microsoft 365 Phishing Campaigns What happened: A series of phishing and device-code authentication abuse campaigns linked to Russian state-aligned threat groups (including activity attributed to organizations in the SVR network like APT29 and variants) continue to target Microsoft 365 and Azure AD authentication flows. Adversaries use social engineering — including OAuth device code phishing — to steal tokens and gain persistent access to corporate tenants. 🔗 https://www.securityweek.com/russian-state-hackers-target-organizations-with-device-code-phishing/ 🍎 CISA Adds Apple iOS USB Restricted Mode Bypass Zero-Day to KEV Catalog What happened: The U.S. Cybersecurity and Infrastructure Security Agency confirmed that CVE-2025-24200, a vulnerability allowing attackers with physical access to bypass USB Restricted Mode on locked Apple devices, has been added to its Known Exploited Vulnerabilities (KEV) catalog. The flaw impacts iOS and iPadOS devices and was patched by Apple after reports of sophisticated targeted attacks.

Let’s kick this off casually — drop your location, favorite drink or something random about yourself. I’ll go first: I’m in Czech Republic and usually running on ☕. Most days I’m up by 5 AM — I love those early hours when everything’s quiet and I can dive deep into focused work without distractions. Best time to build, think and create. No tech talk here — just hang out, vibe and get to know the crew. 👉 Like someone’s post if you relate!