Device code phishing attacks exploiting OAuth 2.0 Device Authorization Grant flow have increased over 37 times this year, enabling attackers to hijack cloud accounts. Organizations must apply vendor patches, enforce MFA, and monitor OAuth logs to mitigate this rising threat.
Data privacy labels on mobile apps aim to improve transparency but often contain inaccuracies and under-report data collection. Security teams should not rely solely on these labels and need to implement additional monitoring and validation tools to ensure compliance and protect user data.
The BrowserGate report reveals Microsoft's LinkedIn uses hidden JavaScript to scan visitors' browser extensions and collect device data without user consent. This covert profiling technique raises privacy concerns and may aid targeted attacks. Organizations should monitor browser behaviors and apply mitigation strategies.
The BrowserGate report reveals that Microsoft's LinkedIn uses hidden JavaScript to scan visitors' browser extensions and collect device data, raising privacy concerns. Although not a traditional vulnerability, this data collection can aid profiling and tracking, urging organizations to consider mitigation strategies.
Since mid-2025, the China-aligned threat actor TA416 has resumed targeting European government and diplomatic organizations after a two-year lull. The group employs spear-phishing, exploits Microsoft Office vulnerabilities, and uses multi-stage malware to conduct espionage. Detection and defense require patch management, email filtering, and endpoint monitoring.
Microsoft Defender researchers uncovered a method where PHP web shells on Linux servers use HTTP cookies as covert channels for remote code execution. This technique bypasses traditional detection methods, enabling stealthy attacks that complicate incident response.
Organizations have disclosed breaches stemming from TeamPCP's supply chain compromise, with threat actors ShinyHunters and Lapsus$ claiming involvement. These attacks exposed sensitive data through injected malicious code in software updates, affecting numerous enterprises. Affected users should audit software integrity, reset credentials, and enable multi-factor authentication.
Software supply chains face critical vulnerabilities exploited by sophisticated attacks, necessitating their treatment as critical infrastructure. Implementing multi-layered security controls, including code signing, access restrictions, and continuous monitoring, is essential to mitigate these risks.
Chainguard's rebuilt platform introduces continuous reconciliation of open source artifacts across containers, libraries, agent skills, and GitHub Actions to strengthen supply chain security. This update supports compliance with cybersecurity frameworks and mitigates risks from supply chain attacks.
A water treatment facility was hit by ransomware exploiting a CVE-2023-34362 vulnerability, resulting in data encryption and leakage. Concurrently, a ChatGPT data leak exposed user logs, and a new Android rootkit exploiting CVE-2024-21045 was discovered. Additional security updates and FBI incident classifications were reported.
Microsoft and CrowdStrike have shifted from competitors to partners through a collaboration rooted in their shared involvement in Formula 1. This alliance integrates their cybersecurity tools and threat intelligence, enhancing protection for enterprise customers. Organizations using both platforms should prepare to leverage combined capabilities and update configurations accordingly.
Microsoft is investigating intermittent mailbox access issues affecting Exchange Online users on Outlook mobile and macOS platforms. The problem disrupts email connectivity and synchronization, impacting user productivity. Administrators should monitor service health and apply updates as Microsoft works on a fix.