Device Code Phishing: OAuth Abuse Hits 340+ Microsoft 365 Orgs
A new phishing campaign is sweeping across five countries — targeting over 340 Microsoft 365 organizations with a stealthy OAuth abuse technique known as device […]
Month: March 2026
Prompt Injection Residue: The Hidden AI Shadow Data
Asking an AI a question seems innocent enough. But what if those {secrets} you coaxed from the model never fully vanish? Welcome to the world […]
Google’s Cloud Passkey Architecture: Passwordless, But Not Attackless
Passwordless authentication was meant to end account takeovers. By replacing passwords with cryptographic keys tied to physical devices, it promised a future where stolen credentials […]
FCC Bans Foreign-Made Routers Over Cybersecurity Risks
In a sweeping move to protect U.S. communications infrastructure, the Federal Communications Commission (FCC) has banned the import of new foreign-made consumer routers, citing unacceptable […]
CVE‑2026‑4681: Critical RCE Threat Hits PTC Windchill and FlexPLM
PTC Inc. has issued an urgent warning about a critical remote code execution (RCE) vulnerability affecting its widely used Windchill and FlexPLM platforms. Tracked as […]
Microsoft’s MX Record Change: Stronger Email Security Ahead
In July 2026, Microsoft will roll out a major change to its MX (Mail Exchange) records, the backbone of email routing. This update is designed […]
Citrix NetScaler Flaw Could Leak Sensitive Data (CVE‑2026‑3055)
Citrix has released security updates for NetScaler ADC and NetScaler Gateway, addressing two vulnerabilities — including a critical flaw that could allow unauthenticated attackers to […]
TeamPCP Expands Supply Chain Attacks to Checkmarx GitHub Actions
The threat actor group TeamPCP, already linked to the Trivy supply chain compromise, has now poisoned two GitHub Actions workflows maintained by Checkmarx. This marks […]
Fake ChatGPT Invites Target Android Users With Malware
Cybercriminals are running a phishing campaign that disguises malicious Android apps as beta‑testing opportunities for ChatGPT and Meta advertising tools. What looks like a legitimate […]
Chrome Update Fixes 8 Critical RCE Flaws
Google has rolled out an urgent update to the Chrome browser, patching eight high‑severity vulnerabilities that could allow attackers to execute arbitrary code remotely. With […]