Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

There are moments in the evolution of a nation when a single incident, seemingly isolated, exposes a deeper and more troubling ...

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

A hacker jailbroke Claude to steal 150GB of Mexican government data in a month-long campaign. CrowdStrike's latest threat report shows it's part of a wider pattern — and maps four domains most ...

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking ...

Jason Ivey quit his role of managing director at the airport at the end of January and the control deck is now overseen by Brian Rawlings, as Head of Operations, with Michael Morton still in the ...

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.

The revelation and its timing have caused many to compare it to how the Najib Abdul Razak administration attempted to distract and obfuscate the 1MDB scandal. PKR has given Pandan MP Rafizi Ramli a ...