OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Check Point Research shows browsing-enabled AI chat can act as a malware relay, moving commands and data through normal-looking traffic. Microsoft urges defense-in-depth, while defenders may need ...

Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and ...

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

It’s hard to believe that something nefarious can lie within a QR code, but it can. QR codes have become a convenience of modern life. Just scan the black and white mosaic with your phone’s camera and ...

Master WS-Federation for enterprise SSO. Learn how Passive Requestor Profiles bridge legacy ASP.NET, SharePoint, and ADFS ...

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.

Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.

You should treat any unexpected package with caution, even if it looks innocent. Dangerous substances and malicious content increasingly come disguised in candy bags, toy boxes, souvenir items, and ...

A self-replicating npm worm dubbed SANDWORM_MODE hits 19+ packages, harvesting private keys, BIP39 mnemonics, wallet files and LLM API keys from dev environments.

Malware can blend in with legitimate AI traffic, using popular AI tools as C2 infrastructure.