Malicious X Ad and ConsentFix Attack Target Mac and Windows Users

Attackers are exploiting a verified X ad to deliver Mac malware and using a new ConsentFix technique to steal Microsoft 365 account tokens.

The Latest

Breaking News and Alerts

Device Code Flow Exploit Lets Attackers Hijack Microsoft Accounts via Real Login Page

Attackers are exploiting Microsoft's Device Authorization Grant feature to steal account tokens without using a fake login page, bypassing traditional phishing warnings.

Spotlight

Cybersecurity Profiles and Stories

New Cavern Malware Framework Targets Israeli IT and Government Networks

Iranian state hackers are using a modular C2 framework called Cavern to infiltrate Israeli organizations through compromised IT supply chains.

RustDuck Botnet’s Rust Overhaul Targets Routers and Servers for DDoS Attacks

The RustDuck botnet uses a two-stage infection chain and sophisticated evasion techniques to hijack routers and servers for DDoS attacks, while its operators are actively rewriting the malware in Rust.

MCP Config File in Amazon Q Developer Opens Path to Credential Theft

A repository-carried config file in Amazon Q Developer could execute commands with a developer's live cloud session, but a patch now requires explicit user consent before MCP servers launch.

WhatsApp Username Feature Carries Privacy Risks Experts Warn

Consumer advocates warn that reusing Instagram or Facebook usernames on WhatsApp can link identities across Meta's platforms and increase social engineering risks.

Features

Research and Thought Leadership