Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign…
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Ravie LakshmananMar 25, 2026Browser Security / Threat Intelligence Cybersecurity researchers have flagged…
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
Ravie LakshmananMar 24, 2026Endpoint Security / Social Engineering A large-scale malvertising campaign…
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The North Korean threat actors behind the Contagious Interview campaign, also tracked…
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Ravie LakshmananMar 20, 2026Data Privacy / Mobile Security Google on Thursday announced…
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Ravie LakshmananMar 21, 2026Malware / Threat Intelligence The threat actors behind the…
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure…
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Ravie LakshmananMar 21, 2026Cyber Espionage / Threat Intelligence Threat actors affiliated with…
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence Oracle has released security updates…