Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...

Critical security flaws targeting Windows and Office users allow hackers to take complete control of a victim's computer by clicking a malicious link or opening a file. Patch now.

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security ...

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...

Hackers are moving from smart contract vulnerabilities to exploiting human behavioural weaknesses, according to the co-founder of Web3 cybersecurity firm CertiK. Cryptocurrency hackers are moving away ...

For the first time in history, cyber malicious actors have used Anthropic’s Claude Code, a generative AI coding assistant, to conduct cyber-attacks. The attackers are likely Chinese state-sponsored ...

Qiang Tang receives funding from Google via Digital Future Initiative to support the research on this project. Moti Yung works for Google as a distinguished research scientist. Yanan Li is supported ...