SecurityWeek

Russian Ransomware Operator Pleads Guilty in US

A 43-year-old Russian national has pleaded guilty in a US court to charges stemming from his role in the Phobos ransomware operation.
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Endor Labs launches free tool AURI after study finds only 10% of AI-generated code is secure

Endor Labs launches AURI, a free security platform that embeds directly into AI coding assistants like Cursor and Claude to ...
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
SecurityWeek

Hackers Weaponize Claude Code in Mexican Government Cyberattack

A threat actor has weaponized Anthropic’s Claude Code to breach the Mexican government’s systems and steal over 150GB of data ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...