Morning Overview on MSN

Microsoft just confirmed attackers are exploiting an Exchange Server zero-day to silently hijack inboxes — CVE-2026-42897 lets them rewrite emails and steal sessio…

Organizations running Microsoft Exchange Server face an active threat after a zero-day vulnerability was confirmed to allow ...

Google Chrome’s New Feature Takes Aim at Cookie Theft, Account Hijacking

Chrome’s DBSC update binds login sessions to user devices, making stolen session cookies harder to reuse in account hijacking ...
Computerworld

Chrome Token-Theft Extensions, Nadella Europe Sovereignty, ChatGPT Age-Checks | Ep. 41

In today’s 2-Minute Tech Briefing, researchers flag fake Chrome productivity extensions stealing session tokens from Workday, NetSuite, and SuccessFactors. Satya Nadella argues Europe’s sovereignty ...
Windows Report

FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens

The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.
SecurityWeek

The Credential Crisis: How Stolen Credentials Defeat Modern Security

Stolen credentials and AI-driven attacks are allowing cybercriminals to bypass traditional security defenses and operate as ...
Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.