Device code phishing attacks surge 37x as new kits spread online
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. In this…
Author: Cybernoz
Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild
Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat…
Anthropic Ends Claude Subscription Access for Third-Party Tools Like OpenClaw
Anthropic has officially shut down third-party AI agent access to its Claude subscription services, pulling the plug on unauthorized external integrations. This move marks a…
UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles
A coordinated group of hackers is currently targeting Open Source Maintainers, particularly those managing Node.js and npm, following a high-profile attack on the popular Axios…
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation…
The State of Trusted Open Source Report
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption…
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
A threat actor has been exploiting vulnerable Next.js applications to compromise systems and exfiltrate credentials at scale, Cisco’s Talos security researchers warn. Tracked as UAT-10608,…
Hong Kong Hospital Authority apologises for data breach involving 56,000 patients
Hong Kong’s privacy watchdog and police are investigating a large-scale data leak involving more than 56,000 patients served by the Hospital Authority, which reported the…
Claude Code is still vulnerable to an attack Anthropic has already fixed
The leak of Claude Code’s source is already having consequences for the tool’s security. Researchers have spotted a vulnerability documented in the code. The vulnerability,…
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Mikko Hyppönen is pacing back and forth on the stage, with his trademark dark blonde ponytail resting on an impeccable teal suit. A seasoned speaker,…
NERC CIP-014 Standard Explained | Huntress
We sat down with Brian Harrell, VP of Security at AlertEnterprise, and talked about the NERC CIP-014 Standard. If you aren’t familiar with CIP-014 or…
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
Starting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. According to the company’s…