That fragmentation matters because attackers do not move through environments one
Category Added in a WPeMatico Campaign
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials
The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad actors have begun
Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads
A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support
The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site and let the students who came to dodge
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths
The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it.
In
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs.
“It validates the victim’s login password locally before
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain.
The
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
That’s the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too
New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
When it works, the person reads an ordinary-looking reply and never learns their assistant was tampered with.
The
