Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
Products
Discover amazing products built by our community
Open Source ProjectsNEW
Curating the best open-source projects shaping the future
Latest from the Blog
Analysis, product insight, and practical reads for builders
Webinar: The hidden bottlenecks in network incident response
BleepingComputer will host a live webinar on June 2, 2026, titled “From alert to resolution: Fixing the gaps in network incident response,” featuring Edgar Ortiz from Tines. The session explores how high alert volumes and manual cross-system workflows slow incident response, and how AI-assisted workflows and automation can streamline triage, enrichment, routing, and resolution across monitoring, identity, and security tools. Attendees will learn to automatically enrich alerts with network, identity, and threat context, prioritize and route incidents without manual intervention, and move from fragmented response to coordinated resolution. Register now to secure your spot.
Microsoft confirms patching issues in restricted Windows networks
Microsoft confirms a Windows Update issue in restricted networks (air‑gapped or tightly firewalled) after January 2026 optional non‑security previews. Affected devices may download the February 2026 security update but then cannot download March and later updates, displaying error 0x80010002. The problem stems from changed download timeout behavior and does not affect update installation. Microsoft recommends a workaround using Known Issue Rollback (KIR) via Group Policy, with specific KB rollbacks for Windows 11 26H1 and for Windows 11 24H2/25H2 and Windows Server 2025, plus a restart to apply the policy and guidance on deployment.
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
Tycoon2FA, a well-known phishing toolkit, has added device-code phishing to its arsenal, using Trustifi tracking URLs to hijack Microsoft 365 accounts via the OAuth device login flow. After an international police disruption in March, the operation rebuilt its infrastructure and returned to normal activity with added obfuscation. In late April, Tycoon2FA campaigns leveraged the device authorization grant to gain OAuth tokens, granting attackers access to victims’ emails, calendars, and cloud storage. Researchers warn that device-code phishing is surging and recommend defenses such as disabling the device-code flow when not needed, restricting OAuth permissions, requiring admin approval for third-party apps, enabling Continuous Access Evaluation, and monitoring Entra logs for deviceCode activity, along with applying published IoCs.
Microsoft rejects critical Azure vulnerability report, no CVE issued
Security researcher Justin O'Leary alleges a critical privilege-escalation flaw in Azure Backup for AKS that could let a user with only the Backup Contributor role gain cluster-admin rights via the Trusted Access mechanism. Microsoft says the behavior was expected and that no product changes or CVE were issued, despite O'Leary's claims and evidence of new permission checks and failed exploits after disclosure. CERT/CC independently validated the issue, assigned a tracking ID, and initially scheduled public CVE disclosure, but Microsoft lobbied MITRE to block a CVE and CERT/CC closed the case under CNA rules. After the disclosure, the attacker path reportedly no longer works; Microsoft now requires manual Trusted Access configuration and added permission checks, suggesting the vulnerability was fixed without a public advisory. The episode underscores the 'validation gap' and the challenge defenders face when CVEs or public advisories are absent.