Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access.

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...

Learn how a human-centric approach can reduce authentication errors in enterprise environments while improving security and ...

Then imagine it replying: "Sorry, the website won't let me in." That's the quiet failure mode behind most AI agents today.

A security researcher who decompiled the White House's new mobile app says it contains hidden GPS-tracking capabilities, weak security protections, and code loaded from an outside GitHub page, raising ...

With the help of Claude Code, fourth-year Ben Heim is showing how generative artificial intelligence can be used for productivity and innovation.

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not laced with malicious code. In 2025, those odds got significantly worse.

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government ...