Scammers are abusing an internal Microsoft account to send spam links
For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used…
Month: May 2026
Fighting Log4Shell with Huntress Managed EDR
Nothing says happy Friday afternoon quite like finding a Cobalt Strike implant in your network. Such was the case for our partners at Blue Tree…
Police seize “First VPN” service used in ransomware, data theft attacks
A virtual private network service called ‘First VPN,’ used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement…
Flipper Unveils New Flipper One Modular Linux Cyberdeck
Flipper Devices has unveiled Flipper One, a modular Linux cyberdeck aimed at becoming a fully open, mainline-first ARM platform for hackers, researchers, and makers The…
Proton Launches Credential Tokens to Tackle AI Agent Security Gap
A growing tension sits at the heart of enterprise AI deployments: organisations want agents to act autonomously, yet handing over passwords and API keys to…
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively…
Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass
A critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE) via a single HTTP…
Android Malware Spotted Subscribing Victims to Paid Services Without Consent
A global mobile billing fraud campaign has been targeting Android users by silently subscribing them to expensive premium text services. Zimperium zLabs, which reported this…
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The…
TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety
A damaging new report from Ofcom, the UK’s communications regulator, has delivered a stark verdict: TikTok and YouTube’s content feeds are “not safe enough” for children.…
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and…
Fujitsu finally thrown out of Post Office in £500m Horizon replacement deals
The Post Office is set to sign £500m in contracts that will finally end use of the controversial Horizon system and its supplier, Fujitsu. Accenture…