Cyber Daily

Australian Signals Directorate warns of device code phishing activity targeting Microsoft 365 users

Aussie victims are being tricked into giving malicious actors access to their Microsoft 365 environments with the help of AI ...
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Services

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.
eWeek

Google AI Studio Cheat Sheet: Features, Pricing, and More

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
TMCnet

TestMu AI Expands Real Device Testing With Multi-Language Playwright Support and Advanced Audio Testing for iOS

With the latest release, TestMu AI now supports running Playwright tests on real devices using Java, Python, and C# in addition to existing capabilities. This allows enterprise teams to adopt ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...
Windows Report

Tycoon2FA Returns With New Microsoft 365 Device-Code Phishing Attacks

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
The Eastern Herald

Microsoft Exchange Zero-Day Under Active Attack Sparks Emergency Warning for On-Prem Servers

A dangerous new zero-day vulnerability targeting on-premises Microsoft Exchange Server deployments has triggered alarm across the cybersecurity industry after Microsoft confirmed the flaw is already ...