Across recent incident response cases, the dominant initial-access vector is no longer password spray or basic phishing. Instead, adversaries are abusing OAuth application consent and token theft to...
Apple has shipped urgent security updates to address CVE-2025-43300, an out-of-bounds write in the ImageIO framework that can be triggered by a maliciously crafted image. Apple says it is aware of...
Google has shipped an emergency update for Chrome to fix CVE-2025-10585, a high-severity type confusion flaw in the V8 JavaScript engine that is already being exploited in the wild. The issue was...
Summary: A new campaign is abusing GitHub Pages and search-engine poisoning to rank high for queries like “Install on Mac.” The pages impersonate well-known software vendors and redirect...
News • Expert Insights Threat actors are abusing paid search ads and SEO-poisoned pages to distribute trojanized installers for popular tools (e.g., editors, media apps,...
News • Expert Insights Attackers embed QR codes in PNG images to evade text/URL scanning and redirect victims to credential-harvesting pages. Emails contain PNG...