Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...
Security Boulevard

A fake FileZilla site hosts a malicious download

A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past ...

Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Microsoft

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek.
Windows Report

Hackers Abused Legit Certificates to Sneak Into Work PCs

A fake company bought a valid EV certificate, signed malware, and helped criminals keep remote access to enterprise PCs.

Experts say Perplexity's AI Comet browser can be hijacked to steal your passwords

Security researchers found a zero-click exploit in a new AI browser ...
The Hacker News

Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks

Authorities dismantle Tycoon 2FA phishing service linked to 64,000 attacks, millions of emails, and breaches at nearly ...
Opinion
The PrintOpinion

SubscriberWrites: Insider Threat – Malicious, or Rarely So?

When an insider incident surfaces, organisations tend to isolate the act. Consequently, it is easier to condemn an employee than examine culture. But insiders are people who once belonged, who once ...

Be aware of extortion scam emails claiming your data is stolen

Bitcoin extortion emails claiming hackers stole your information are hitting thousands of inboxes daily, and experts are warning users of the signs.

Google dismantles 9M-device Android hijack network

Google says it disrupted what it believes was the world's largest residential proxy network that hijacked about 9 million ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...