Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.

"In 2026, most cyber attacks will be carried out using AI," he said. — According to foreign industry agencies, the number of such attacks in the world has increased by 70% in a year.

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Lawmakers in the predominantly Democratic bipartisan House majority said they were concerned the state didn't push back ...

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

A multi-stage malware loader known as OysterLoader has continued to evolve into early 2026, refining its command-and-control (C2) infrastructure and obfuscation methods.

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

Daniel Mercier has lots of experience with the legal system as a lawyer — and as a defendant. After I revealed he was hired ...

Mobile platforms operate under fundamentally different trust assumptions than we relied on for web security. Your mobile ...

Artificial Intelligence - Catch up on select AI news and developments since the workweek ended February 20. Stay in the know.

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.