-
A newly disclosed “Ghost-Sender” flaw is exposing Microsoft Exchange Online environments to large-scale email spoofing attacks, allowing threat actors to bypass standard email authentication controls and deliver forged messages directly to users’…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Entra Agent ID logs have exposed a subtle but consequential threat vector: assistive agents using the OAuth On-Behalf-Of (OBO) flow to act with delegated user privileges and perform potentially risky actions, such as sending external emails. …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed Linux kernel vulnerability tracked as CVE-2026-23111 allows local attackers to escalate privileges to root by exploiting a use-after-free flaw in the nftables subsystem. The vulnerability, patched upstream on February 5, 2026, affects…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking legal action against the company for allegedly violating a U.S. court injunction. The disclosure h…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Weedhack, a Malware-as-a-Service (MaaS) operation specifically engineered to prey on Minecraft players, that has been active since at least January 2026. The service packages credential theft, cryptocurrency wallet extraction, account hijacking and ful…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A renewed and operationally refined wave of the NFCShare Android banking trojan that delivers NFC card-data theft by masquerading as legitimate banking applications. First documented in January 2026, NFCShare continues to rely on a social‑engineering p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Check Point has disclosed active in-the-wild exploitation of a critical authentication bypass vulnerability, tracked as CVE-2026-50751, impacting Remote Access VPN and Mobile Access deployments configured with the deprecated IKEv1 key exchange protocol…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A rapidly evolving supply chain campaign dubbed “Shai-Hulud” is targeting developers through malicious Python packages. Researchers have identified 23 newly weaponised PyPI artefacts, expanding the scope of the ongoing Mini Shai-Hulud, Miasma, and Hade…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are increasingly weaponizing the global fascination with large language models and generative AI by impersonating major AI brands ChatGPT, Anthropic’s Claude, DeepSeek, and others to trick users into revealing credentials, payment informa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apache has released HTTP Server version 2.4.68, addressing multiple security vulnerabilities across core modules and widely deployed components, reinforcing the importance of timely patching in internet-facing infrastructure. The update resolves a mix …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
