Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Windows Report

Tycoon2FA Returns With New Microsoft 365 Device-Code Phishing Attacks

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Services

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.

WordPress 7.0 Launches With Native AI Integration

WordPress 7.0 arrives without real-time collaboration, but its native AI infrastructure was always going to be the defining ...
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

TestMu AI Expands Real Device Testing With Multi-Language Playwright Support and Advanced Audio Testing for iOS

TestMu AI (formerly LambdaTest), the world’s first full-stack Agentic AI Quality Engineering platform, today announced two ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
Indianapolis Business Journal

Congressional committee asks telecoms to do more to prevent scams as losses surge

A powerful congressional committee is urging major telecommunications companies to do more to protect Americans against scams, part of a widening investigation into the role that U.S. companies play ...
Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...