← Latest brief

Security news.

·Afternoon Brief

Today's security news highlights new attack vectors, including automated OAuth abuse targeting Azure and AI-powered phishing kits. Additionally, a cybersecurity firm confirmed a source code breach, and authorities sentenced individuals for facilitating ransomware attacks.

BLEEPINGPATCH
May 2READ

ConsentFix v3 Attacks Target Azure with Automated OAuth Abuse

A new attack type, ConsentFix v3, is circulating on hacker forums, enhancing previous techniques with automation and scalability to target Azure environments.

THNBREACH
May 2READ

Trellix Confirms Source Code Breach With Unauthorized Repository Access

Cybersecurity company Trellix announced a breach that allowed unauthorized access to a portion of its source code repository.

SECURITYWEEKPHISHING
May 2READ

New Bluekit Phishing Kit Features AI Assistant

A new phishing kit, Bluekit, is under development and offers automated domain registration and an AI assistant to its users.

BLEEPING
May 1READ

Edu Tech Firm Instructure Discloses Cyber Incident

Instructure, the company behind the Canvas learning platform, has disclosed a recent cybersecurity incident and is investigating its impact.

THNPHISHING
May 1READ

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

A Vietnamese-linked operation, codenamed AccountDumpling, used Google AppSheet as a "phishing relay" to compromise approximately 30,000 Facebook accounts.

DARK READINGBREACH
May 1READ

76% of All Crypto Stolen in 2026 Is Now in North Korea

North Korean threat actors are responsible for a significant majority of cryptocurrency heists in 2026, with AI potentially aiding their operations.

SECURITYWEEKRANSOMWARE
May 1READ

Two US Security Experts Sentenced to Prison for Helping Ransomware Gang

Ryan Goldberg and Kevin Martin were each sentenced to four years in prison for their role in facilitating BlackCat ransomware attacks against U.S. companies.

SANS INTERNET STORM CENTERMALWARE
May 1READ

Malicious Ad for Homebrew Leads to MacSync Stealer

A malicious advertisement for Homebrew has been observed leading to the deployment of the MacSync Stealer.

Generated twice daily from public security RSS feeds. Informational only.