The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five…
Latest Cybersecurity News — Page 193
View all →
Hot, or not? Why are there so few datacentre waste heat projects in the UK?
Datacentres in Nordic countries are connected to multiple district heating networks. The UK’s neighbouring countries, Ireland and France, also have projects. But the UK hasn’t…
Event Cinemas owner EVT to make network software-defined
Entertainment and travel group EVT has started moving to software-defined networking in a bid to boost its data capacity and reduce its reliance on physical…
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
Vulnerability exploitation was the most common access vector for data breaches in 2025, the latest installment of Verizon’s annual Data Breach Investigations Report (DBIR) shows.…
Microsoft dismantled Malware-signing network Fox Tempest
Microsoft dismantled malware-signing network Fox Tempest Pierluigi Paganini May 19, 2026 Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with…
CISA credential leak raises alarms, and Capitol Hill demands answers
Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an…
Contractor’s public GitHub account exposed GovCloud and CISA credentials
Veteran consultant Robert Enderle of the Enderle Group noted that this kind of exposure happens with alarming frequency. “Developers are often under immense pressure to…
CIRT insights: How to help prevent unauthorized account removals from AWS Organizations
The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often…
At Mythos Speed: A Defender’s Playbook for the AI Vulnerability Surge in 2026
Key Takeaways Discovery has been commoditized. Frontier AI models like Mythos and GPT 5.5 are making vulnerability discovery cheap, fast, and broadly accessible. The defender’s…
Threat Advisory: Hackers Are Selling Access to MSPs
Our CEO, Kyle, recently received the ad below, found on an online forum frequented by cybercriminals. The body of the ad, translated into English, reads:…
Max-severity flaw in ChromaDB for AI apps allows server hijacking
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw…
UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery
A newly documented attack chain linked to the threat group UAC-0184 has been observed using Windows’ built-in bitsadmin tool and HTA files to sneak malicious…