Scammers abuse official-looking `microsoftonline.com` sender for spam links

A trusted account-alert channel is being used as phishing cover. Treat even familiar SaaS notification senders as untrusted input; link-click flows need stricter checks.

[ KEY POINTS ]

The sender msonlineservicesteam@microsoftonline.com is tied to sensitive account notices such as 2FA codes, so the spoof feels unusually credible.
The campaign has lasted months, which makes it more than a one-off phishing wave; mail trust rules should assume official-looking senders can be abused.
Login and billing alerts should be verified by opening the service directly, not from email links. This is a cheap security habit with high downside protection.

Originalnews.hada.io/topic?id=29840Read original →

// related

#0001
#0001Infra & SaaS GitHub Changelog9 hours ago
`GitHub Code Quality` Adds Repository Enablement API
50radar
Repo-level quality checks can now be enabled and configured through API calls. Useful for automating setup across many repos, but it is still public preview.
- Repository Enablement API is available in public preview; avoid depending on it as a locked production contract yet.
- Two new endpoints support enabling and configuring GitHub Code Quality on individual repositories.
- Good fit for repo templates, onboarding scripts, and org-wide hygiene automation where manual settings drift quickly.
Source: github.blog/changelog/2026-05-26-github-code-quality-repRead original →
FIG-0011:1
50radar
FIG-0011:1
#0002
#0002Infra & SaaS GitHub Changelog20 hours ago
`GitHub` Adds PR Code Coverage Preview for Code Quality Users
70radar
Coverage now sits directly in the PR review loop. It reduces CI tab-hopping and makes test gaps harder to miss before merge.
- Available in public preview for all GitHub Code Quality users on github.com; coverage becomes part of normal PR review.
- PRs can show an aggregate covered-code percentage, so reviewers get a quick test-risk signal without opening separate reports.
- Best fit is repos already paying for GitHub Code Quality; teams outside that product get no immediate workflow change.
Source: github.blog/changelog/2026-05-26-code-coverage-in-pull-rRead original →
FIG-0021:1
70radar
FIG-0021:1
#0003
#0003Infra & SaaS GeekNews3 days ago
Is Google Turning Into IBM?
50radar
Vertical integration turned from strength into operational drag. The Railway incident makes blind reliance on Google Cloud support hard to justify.
- Google owns silicon, TPU, data centers, models, and search; that stack now carries product and org overhead.
- Railway reportedly had its GCP account blocked, exposing a trust problem around automated deletions and missing support paths.
- The practical move is boring: keep backups, billing alerts, and provider exit plans ready before cloud lock-in bites.
Source: news.hada.io/topic?id=29817Read original →
FIG-0031:1
50radar
FIG-0031:1

Scammers abuse official-looking `microsoftonline.com` sender for spam links

// related

`GitHub Code Quality` Adds Repository Enablement API

`GitHub` Adds PR Code Coverage Preview for Code Quality Users

Is Google Turning Into IBM?