Krebs on Security

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

According to an analysis of Starkiller by the security firm Abnormal AI, the service lets customers select a brand to impersonate (e.g., Apple, Facebook, Google, Microsoft et. al.) and generates a ...

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code ...
The Hacker News

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

ZeroDayRAT is a cross-platform mobile spyware sold on Telegram that enables live surveillance, OTP theft, and financial data ...
IEEE

P-MDTA: Multi-Stage Trust Evolution Method for Physical Layer Satellite Link Authentication

Abstract: Satellite communication links leveraging multi-source physical layer features provide critical authentication technology for secure satellite networks. However, existing physical layer ...
GitHub

Magic link continuation auth

Currently, the magic link continuation flow allows users to complete authentication simply by clicking the magic link. This proposal requests an additional security layer where users must provide ...
PC World

Don’t click that Google email! Gmail address change could be a scam

PCWorld reports that cybercriminals are exploiting Google’s new Gmail address change feature to send convincing phishing emails that appear to originate from legitimate Google systems. These ...
Bleeping Computer

SmarterMail auth bypass flaw now exploited to hijack admin accounts

Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. An authentication bypass ...