3 Articles Today
150 This Month
6 Categories
150 Total Articles

Latest News

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The

Summer of Clearinghouses Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

Summer of Clearinghouses

Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it โ€” built quietly months earlier, heads down, taking findings and shipping fixes, because customers kept asking us to. We only announced it now because everyone else started announcing theirs,

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub 'ghost' accounts that are often years old, or compromised OAuth tokens and personal

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users Malware The Hacker News
The Hacker News Jul 10, 2026 1 min read

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed

Lawmakers Demand Answers as CISA Tries to Contain Data Leak Data Breaches Krebs on Security
Krebs on Security Jul 10, 2026 6 min read

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.

Showing 101โ€“110 of 149 articles
Prev 1 ... 9 10 11 12 13 ... 15 Next