Security news.
Today's security news highlights new attack vectors, including automated OAuth abuse targeting Azure and AI-powered phishing kits. Additionally, a cybersecurity firm confirmed a source code breach, and authorities sentenced individuals for facilitating ransomware attacks.
ConsentFix v3 Attacks Target Azure with Automated OAuth Abuse
A new attack type, ConsentFix v3, is circulating on hacker forums, enhancing previous techniques with automation and scalability to target Azure environments.
Trellix Confirms Source Code Breach With Unauthorized Repository Access
Cybersecurity company Trellix announced a breach that allowed unauthorized access to a portion of its source code repository.
New Bluekit Phishing Kit Features AI Assistant
A new phishing kit, Bluekit, is under development and offers automated domain registration and an AI assistant to its users.
Edu Tech Firm Instructure Discloses Cyber Incident
Instructure, the company behind the Canvas learning platform, has disclosed a recent cybersecurity incident and is investigating its impact.
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
A Vietnamese-linked operation, codenamed AccountDumpling, used Google AppSheet as a "phishing relay" to compromise approximately 30,000 Facebook accounts.
76% of All Crypto Stolen in 2026 Is Now in North Korea
North Korean threat actors are responsible for a significant majority of cryptocurrency heists in 2026, with AI potentially aiding their operations.
Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Ryan Goldberg and Kevin Martin were each sentenced to four years in prison for their role in facilitating BlackCat ransomware attacks against U.S. companies.
Malicious Ad for Homebrew Leads to MacSync Stealer
A malicious advertisement for Homebrew has been observed leading to the deployment of the MacSync Stealer.