'Anyone Could Edit Marks': 19-Year-Old Ethical Hacker Alleges Major Security Flaws In CBSE Evaluation System

Amid mounting student complaints over CBSE’s new On-Screen Marking system, a Class 12 student and cybersecurity researcher ...

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

MFA verifies who logged in. It has no idea what they do next.

What happens after MFA succeeds? How session token theft lets attackers move laterally through enterprise networks without ...
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Services

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.