Extortion crew hijacks Microsoft 365 accounts via fake passkey setup
The Pink cyber extortion crew is tricking employees into giving them access to their Microsoft 365 accounts by faking Entra passkey enrollment requests. The attack The attack …
Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)
Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation …
5,811 arrests, $293 million seized over social engineering scams
Criminals who pose as police officers, romantic partners, and business suppliers have built fraud operations that reach across continents. A four-month enforcement campaign …
Your coding agent says no in chat and yes in the code
Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own …
AWS centralizes access, spending, and governance for Claude
Claude apps gateway for AWS is a self-hosted control plane that gives organizations a single point of control over access, costs, and policies for Claude Code and Claude …
Malicious AI agent skills can slip past the scanners built to stop them
Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. …
The fake report message that ends with a stolen Reddit account
A direct message arrives on Reddit from a stranger, and it invites a reply. That reply is the point. This scheme runs on social engineering, with no malware and no malicious …
Open-source collaboration is growing worldwide and putting pressure on maintainers
Developers are pushing code and opening pull requests across economy borders at a rate GitHub has rarely seen. Outbound collaboration, the sum of git pushes and pull requests …
Product showcase: Protect your iPhone with McAfee Mobile Security
McAfee Mobile Security for iOS combines scam protection, web protection, VPN, Wi-Fi security, and device security checks in a single app. It is also available for Android. …
Wireshark 4.6.7 patches a dozen security flaws
Network analysts who open packet captures in Wireshark push untrusted data through a large set of protocol dissectors, and each parser is a spot where a malformed frame can …
Messaging fraud trends point to smarter attacks, stronger blocking
Fraudsters spent 2025 investing in scale. New routes, new tools, and higher message volumes moved through the SMS, voice, and chat channels that businesses rely on to reach …
A single malware file can outweigh an entire AI dataset
Antivirus vendors and security startups keep shipping AI features that promise to read malware the way a seasoned analyst would. The results inside security teams tell a …
Featured news
Resources
Don't miss
- SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
- “Context bombs” can frustrate AI-driven attacks, researchers found
- No one knows how many old shims can still bypass UEFI Secure Boot
- The best defense against AI attacks turns out to be a skeptical human
- Your vendor’s vendor might be the real breach risk