News

The Hacker News1h
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
The ongoing campaign, first detected in early 2025, is designed to use the OAuth applications as a gateway to obtain ...
The Hacker News2h
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
In the npm ecosystem, postinstall scripts are often overlooked attack vectors—they run automatically after a package is ...
The Hacker News3h
You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them
The solution lies in fundamentally reimagining security data architecture around what AI models actually need to perform effectively. This means transitioning from legacy data feeds to what could be ...
The Hacker News6h
Storm-2603 Exploits SharePoint Flaws to Deploy Ransomware via DNS-Controlled Backdoor
The activity has been attributed to Storm-2603, which, according to Microsoft, is a suspected China-based threat actor that ...
The Hacker News21h
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies
Russian APT Secret Blizzard uses ISP-level AitM attacks to deploy ApolloShadow malware on embassy devices in Moscow.
The Hacker News23h
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Threat actors abuse Proofpoint and Intermedia link wrapping to deliver phishing emails and steal Microsoft 365 credentials.