-
A new phishing campaign exploiting Microsoft’s OAuth 2.0 Device Authorization Grant flow to gain unauthorized and persistent access to Microsoft 365 accounts. The sophisticated attack active since December 2025 specifically targets professionals and en…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PromptSpy is a newly discovered Android malware family that abuses Google’s Gemini generative AI model to make real‑time decisions on how to manipulate the user interface and stay active on infected devices. PromptSpy’s AI‑assisted functionality is foc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Beyond CVE, China’s dual vulnerability databases, CNVD and CNNVD, show that vulnerability disclosure is not a single, global, unified process but a set of parallel systems with different rules, incentives, and timelines. China runs two national vulnera…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Citizen Lab says it found forensic evidence that Cellebrite’s mobile extraction technology was used on a Samsung Android phone belonging to detained Kenyan activist and politician Boniface Mwangi while the device was in police custody in July 2025. The…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Selective thread emulation and coverage-guided fuzzing have exposed six denial-of-service (DoS) vulnerabilities in the Socomec DIRIS M-70 IIoT power-monitoring gateway, all of which are now patched under Cisco’s Coordinated Disclosure Policy. The Socom…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has unveiled a significant enhancement to its Defender platform: centralized library management for live response operations, powered by Microsoft Security Copilot. This new capability addresses a critical workflow limitation that previously …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting multiple Honeywell CCTV camera products that could allow attackers to take over user accounts and gain unauthorized acce…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign in which threat actors are using a convincing fake version of Google Forms to steal Google account credentials. Cybercriminals are once again exploiting a trusted brand Google to trick job seekers and steal their credentials. Th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are increasingly abusing emoji and other Unicode tricks to hide malicious code, bypass filters, and evade modern security controls, including AI-powered defenses. This emerging technique, known as emoji or Unicode smuggling, turns harmless-look…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The “ClickFix” tactic, which typically tricks users into copying and pasting malicious scripts …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
