Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and ...
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
Ransomware gang creates tool to automate VPN brute-force attacks
The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking ...
Coinbase phishing email tricks users with fake wallet migration
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new ...
New Akira ransomware decryptor cracks encryptions keys using GPUs
Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU ...
Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process ...
Week-long Exchange Online outage causes email failures, delays
Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving ...
Microsoft apologizes for removing VSCode extensions used by millions
Microsoft has reinstated the 'Material Theme - Free' and 'Material Theme Icons - Free' extensions on the Visual Studio ...
Suspected LockBit ransomware dev extradited to United States
A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited ...
New North Korean Android spyware slips onto Google Play
A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party ...
New SuperBlack ransomware exploits Fortinet auth bypass flaws
A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall ...
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited ...