Cybernews researchers found an exposed database with 24 billion credential records, raising fresh risks from password reuse ...

As banks have adopted multifactor customer authentication systems, they have inadvertently made it more difficult for many ...

A new phishing campaign is targeting banks and other high-value organizations with Phantom Stealer, a commercially available infostealer that runs in memory to avoid traditional detection, according ...

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...

Modern infostealers don't just steal passwords—they harvest the digital identities and context that enable attackers to blend ...

A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access repositories.

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The ...

An automated security testing tool for REST APIs, focused on authentication, authorization, and OWASP Top 10 vulnerabilities. Built for penetration testers and security engineers who need fast, ...

AI-assisted software development is exploding in adoption, promising unmatched speed and efficiency. Often called ‘vibe coding’ or sometimes AI-assisted engineering, this practice has really picked up ...