OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
OAuth consent attacks in Microsoft Entra ID are giving threat actors a stealthy path to cloud email, and even trusted apps like ChatGPT can become…
Month: February 2026
Microsoft adds domain libraries and Copilot integration to the quantum development kit
The Microsoft Quantum Development Kit (QDK) is an open-source toolkit that runs on laptops and in common development environments. It includes code, simulators, libraries, and…
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
Ravie LakshmananFeb 25, 2026Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to…
Threat Actors Exploit Apache ActiveMQ Server Vulnerability to Gain RDP Access and Deploy LockBit Ransomware
A critical vulnerability in Apache ActiveMQ has been actively exploited by threat actors, leading to a full LockBit ransomware deployment across an enterprise network. Attackers…
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft has warned that threat actors are weaponizing malicious Next.js repositories to compromise developers through what appear to be legitimate projects and recruiting‑style technical assessments.…
Airline brands become launchpads for phishing, crypto fraud
Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike…
GitHub Copilot Exploited to Perform Full Repository Takeover via Passive Prompt Injection
GitHub Copilot Exploited A critical AI-driven vulnerability in GitHub Codespaces, dubbed RoguePilot, that enabled attackers to silently hijack a repository by embedding malicious instructions inside…
US Sanctions Network of Exploit Brokers That Stole US Government Cyber Tools
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on February 24, 2026, designated Russian national Sergey Sergeyevich Zelenyuk and his St.…
Anthropic digs in heels in dispute with Pentagon
Artificial intelligence lab Anthropic has no intention of easing its usage restrictions for military purposes, a person familiar with the matter said, adding talks continue…
Seven years’ prison for Australian who sold zero-days to Russia
Peter Williams, the former general manager of United States defence contractor L3Harris’s cyber security arm Trenchant, was today sentenced to seven years and three months…
Telstra quietly stops LEOsat rollout across remote mobile sites
Telstra has stopped migrating its remote small cell mobile base stations onto low earth orbit satellites backhaul until its constellation provider, Eutelsat OneWeb, can get…
US seeks healthy trade relations with China but does not trust it, lawmakers clarify
Just hours apart on Capitol Hill on Tuesday, two congressional hearings laid bare the United States’ calibrated yet deeply sceptical approach to China, with senior…