Officials Warn of Growing Cybersecurity Risks and Reporting Gaps

Massachusetts officials and cybersecurity experts warned that local governments and businesses are increasingly vulnerable to cyberattacks, and many still rely on weak security practices like poor passwords and outdated software. A new state report found that hackers commonly break in through internet-facing systems, often exploiting vulnerabilities that organizations failed to fix in time. Experts stressed that no organization is “too small” to be targeted.

The discussion also focused on the problem of underreporting data breaches. Some organizations delay reporting because they are unsure what information was accessed, while others avoid reporting out of fear of legal or financial consequences. Officials emphasized that transparency is critical because it helps consumers protect themselves after a breach and allows cybersecurity professionals to identify attack patterns and improve defenses across industries.

Panelists said that stronger cybersecurity depends not only on technology, but also on leadership, training, and workplace culture. Measures such as multifactor authentication, stricter password policies, employee training, and faster software updates can significantly reduce risk. Still, experts warned that cybercriminals continue to evolve quickly, using tactics like fake text messages and impersonation scams to trick employees and gain access to sensitive systems.

GitHub Breach Highlights Growing Risks From Compromised Developer Tools

GitHub disclosed that hackers stole internal code repositories after compromising an employee’s device through a malicious Visual Studio Code extension. The company said it quickly contained the breach, removed the harmful software, and began investigating. While GitHub believes only internal repositories were affected, thousands of repositories may have been exposed, and critical credentials were reset as a precaution.

The attack may be connected to a compromised version of Nx Console, a widely used coding tool for Visual Studio Code. Hackers reportedly gained access after stealing credentials from one of the tool’s maintainers, allowing them to upload a malicious update. Because developer tools like these have deep access to code, passwords, and software systems, a single compromised extension can create widespread risks for companies and developers.

Security experts say the incident highlights a growing problem in the software industry: attackers increasingly target the tools and accounts developers rely on rather than attacking companies directly. Similar “software supply chain” attacks have recently affected platforms like npm and Docker. Experts warn that malicious extensions can be difficult to detect and that many organizations lack visibility into what software is running on developers’ machines, making these ecosystems especially vulnerable.

Microsoft Launches Open-Source Tools to Improve AI Security Testing

Microsoft has introduced two open-source tools, called RAMPART and Clarity, designed to help developers build safer and more secure AI systems. RAMPART allows engineers to test AI agents for problems such as malicious prompts, unintended behavior, and data leaks before the systems are fully deployed. The tool simulates attacks and reports weaknesses so developers can fix issues early in the development process.

Clarity focuses on planning and decision-making before coding begins. It acts like a guided brainstorming partner that helps teams think through risks, assumptions, and possible failures while designing AI systems. Microsoft said the goal of both tools is to make AI safety an ongoing part of development rather than a one-time security check after a product is finished.

Defensible Strategies

Learn from those who have been attacked

CISA Contractor Exposed Sensitive Government Credentials on Public GitHub Repository

A contractor working for Cybersecurity and Infrastructure Security Agency (CISA) accidentally exposed highly sensitive government credentials and internal system information in a public GitHub repository. Security researchers discovered files containing passwords, cloud access keys, and internal software development details connected to important government systems. Experts described the leak as one of the most serious government cybersecurity exposures in recent years, especially because some passwords were stored in plain text and security protections had reportedly been disabled.

Researchers said the exposed accounts could access powerful government cloud systems and internal software repositories, potentially creating opportunities for attackers to spread malicious code or gain deeper access into federal networks. The repository was quickly removed after authorities were alerted, but some credentials reportedly remained active for days afterward. CISA said it is investigating the incident and currently has no evidence that the leaked information was misused, though experts warned the situation highlights major concerns about security practices and oversight.

1Password and OpenAI Partner to Secure AI Coding Tools

1Password and OpenAI have partnered to improve security for AI-powered coding tools. Their new integration for OpenAI Codex is designed to let AI coding agents access passwords and other sensitive credentials without exposing them in code, prompts, or developer tools where hackers or the AI system itself could accidentally leak them.

The companies say this addresses a major problem in AI-assisted software development: coding agents often need access to databases, APIs, and deployment systems, but those credentials are commonly stored in insecure places like scripts or source code files. If exposed, attackers could steal the credentials or manipulate the AI through prompt injection attacks. The new system instead provides credentials only when needed and removes them immediately afterward.

1Password’s technology keeps the credentials encrypted and centrally managed while allowing developers to continue using AI coding tools efficiently. The companies describe the project as an early step toward a future where AI agents regularly perform workplace tasks but receive tightly controlled access to systems and data rather than permanently holding sensitive credentials themselves.

Canvas Cyberattack Disrupts Schools as ShinyHunters Extort Education Platform

A major cyber extortion attack against the education platform Canvas disrupted schools and universities across the United States, including during a critical period of exams and coursework. The cybercrime group ShinyHunters claimed it had stolen data from hundreds of millions of students and faculty, and even temporarily replaced Canvas’s login page with a ransom message demanding payment to prevent the release of the data.

In response, Canvas’s parent company Instructure temporarily shut down the platform while investigating the breach. The company said the stolen information likely included basic user details such as names, email addresses, student IDs, and internal messages, but not highly sensitive data like passwords or financial information. Although the service was later restored, the incident caused widespread disruption and confusion across affected schools.

The attackers, known as ShinyHunters, are a well-known cybercriminal group that uses hacking and social engineering to steal data and demand ransom payments. Reports suggest they may have already received payments from some institutions, and in at least one case, data tied to previous breaches was publicly released when demands were not met. Instructure later said it paid the attackers in exchange for a promise that the stolen data would be destroyed and that customers would not be further targeted.