Originally published by Valence Security. Written by John Filitz. A sophisticated attack vector known as “consent phishing” has emerged as a significant SaaS security threat. Unlike traditional phishing that targets credentials directly, consent phishing exploits legitimate authorization protocols that use OAuth 2.0 to gain persistent access to corporate SaaS resources. Late last year it was […]
In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex […]
Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake. ESET, which first discovered the hacking group’s intrusions targeting the entity in March 2023 and again a year later, said the activity leverages spear-phishing emails using
Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. “RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,”
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI. The names of the Python packages are below – checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 […]
OpenAI is planning to combine multiple products (features or models) into its next foundational model, which is called GPT-5. […]
Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. […]
19
May
May
Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 26200.5603 (KB5058488) to the Dev Channel. Changes in Dev Channel builds and updates are documented in two buckets: new features, improvements, and fixes that are being gradually rolled out for Insiders who have turned on the toggle to get the latest updates as […]
19
May
May
Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 26120.4151 (KB5058486) to the Beta Channel for Windows Insiders on Windows 11, version 24H2. IMPORTANT NOTE: Build 22635.5305 was the last update released to the Beta Channel based on Windows 11, version 23H2. All Insiders in the Beta Channel will now be upgraded automatically to […]
19
May
May
We’re launching the new NotebookLM app, designed to help people understand anything, anywhere.