Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...

Hackers have launched a massive campaign targeting Microsoft 365 and Entra ID (formerly Azure AD) users in a phishing and vishing attack.

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.

The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing ...

Locked out? Learn what an SSO code actually is, where to find your company domain, and how to solve common login errors in Zoom, Slack, and Salesforce.

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, ...

Vishing as the Front Door to MFA Bypass Threat reporting tied to ShinyHunters and Scattered Spider-linked activity shows voice phishing (vishing) being operationalized as a coordinated access vector ...

'PromptSpy' appears to be the first Android malware that uses generative AI in its execution flow, according to antivirus provider ESET.

StrongestLayer today released a new threat intelligence report, From Nation-States to Amateur Hackers: Why QR Code Phishing Evades Email Security, analyzing approximately 200 advanced QR code phishing ...

A data breach stemming from a social engineering attack on the fintech company Betterment has exposed the personal ...

Most mobile app risk comes from software your organization didn’t build, approve, or even know existed.

ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI in its execution flow to achieve persistence. It is the first time generative AI has been deployed in ...