O-UNC-066 uses vishing and a live phishing kit to trick Microsoft 365 users into enrolling attacker-controlled Entra passkeys ...
Researchers tested 281 free Android VPN apps and found DNS leaks, plaintext traffic, weak tunnels, and flaws across apps with ...
Former ransomware negotiator Angelo Martino gets 70 months for giving victim negotiation data to BlackCat operators and ...
Coinspect confirms $3.1M from 431 wallets drained due to Ill Bloom flaw, affecting crypto wallets from mobile apps built weak ...
Microsoft details GigaWiper, a Windows backdoor that bundles disk wiping, fake ransomware, and remote control into one ...
GitHub releases npm 12 with install scripts off by default and begins phasing out 2FA bypass tokens for sensitive npm actions ...
ThreatsDay Bulletin covers fraud arrests, supply-chain attacks, phishing, cloud hijacking, ransomware, Windows flaws, and ...
GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
Meta Muse Image lets users tag public Instagram accounts to generate AI images, with public posts and reels reusable by ...
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command ...
Wiz says GhostApproval abuses symlinks so AI coding agents write to SSH keys or shell startup files while showing benign ...
Infoblox says Lurking Lizard has used fake installers, mobile apps, and lookalike domains to recruit devices into a proxy ...