Attackers phish OAuth codes, take over Microsoft 365 accounts
Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics …
When confusion becomes a weapon: How cybercriminals exploit economic turmoil
It begins with a simple notification: “Markets in Free Fall.” Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Across …
SWE-agent: Open-source tool uses LLMs to fix issues in GitHub repositories
By connecting powerful language models like GPT-4o and Claude Sonnet 3.5 to real-world tools, the open-source tool SWE-agent allows them to autonomously perform complex tasks: …
The dark side of YouTube: Malicious links, phishing, and deepfakes
With billions of users, YouTube has become a tempting target for cybercriminals. They post malicious links in video descriptions and comments. Some send phishing emails to …
Phishing emails delivering infostealers surge 84%
Cybercriminals continued to shift to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined, according to IBM. …
Cybersecurity jobs available right now: April 23, 2025
Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. Application Security Analyst Greenway Health | India | …
54% of tech hiring managers expect layoffs in 2025
54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to …
PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All …
The legal blind spot of shadow IT
Shadow IT isn’t just a security risk, it’s a legal one. When teams use unsanctioned tools, they can trigger compliance violations, expose sensitive data, or break contracts. …
Email authentication simplified: How PowerDMARC makes DMARC effortless
Email is still the top way attackers get into organizations. Now, big players like Google, Yahoo, and Microsoft are cracking down. They’re starting to require email …
The C-suite gap that’s putting your company at risk
New research from EY US shows that cyber attacks are creating serious financial risks. C-suite leaders don’t always agree on how exposed their companies are or where the …
What school IT admins are up against, and how to help them win
School IT admins are doing tough, important work under difficult conditions. From keeping Wi-Fi stable during exams to locking down systems from phishing emails, their job is …
Featured news
Resources
Don't miss
- CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
- Deepfake attacks could cost you more than money
- Coinbase suffers data breach, gets extorted (but won’t pay)
- Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
- Building cybersecurity culture in science-driven organizations