Filtering Unknown Callers
If it’s not saved in your contacts… it can wait. Protect your peace and let your phone handle the nonsense.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA
Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA).
Voice Phishing Kits Give Threat Actors Real-Time Control Over Attacks
Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice phishing (vishing) attacks that can bypass multifactor authentication. “The most critical of these features are client-side scripts that allow threat actors to control the authentication flow in the browser of a targeted user in real-time while they deliver verbal instructions or respond to verbal feedback from the targeted user,” Okta says.
Training Humans and AI Agents
Managing the risks associated with the increasing use of AI agents and co-pilots is critical for every organization. A key challenge is that AI agents draft documents and influence decisions but they operate without a true understanding of a company's rules, culture, or risk. Like humans, AI agents are susceptible to failure. Humans are socially engineered, while AI agents are prompt engineered, and AI agents may "hallucinate" when context is missing, similar to how humans guess.
New Malware Kit Promises Guaranteed Publication in the Chrome Web Store
A new malware-as-a-service (MaaS) kit called “Stanley” is offering users guaranteed publication in the Chrome Web Store, bypassing Google’s security verification process, according to researchers at Varonis. “For $2,000 to $6,000, Stanley provides a turnkey website-spoofing operation disguised as a Chrome extension, with its premium tier promising guaranteed publication on the Chrome Web Store,” Varonis says.
The Phishing-as-a-Service Economy is Thriving
Commodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry out advanced attacks at scale.
Attackers Can Use LLMs to Generate Phishing Pages in Real Time
Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on seemingly innocuous webpages. “Once loaded in the victim's browser, the initial webpage makes requests for client-side JavaScript to popular and trusted LLM clients (e.g., DeepSeek and Google Gemini, though the PoC could be effective across a number of models),” the researchers write.
Mastering Post-Quantum Cryptography and AI-Driven Cyber Threats
The cybersecurity landscape is undergoing a paradigm shift driven by two unstoppable forces: Generative AI and Shor’s Algorithm-capable Quantum Computing. As we approach "Q-Day," the window for organizations to transition to quantum-resistant architectures is closing. Modern threat actors are no longer just using brute force; they are utilizing Quantum-AI convergence to automate vulnerability discovery and bypass legacy encryption. This session provides a roadmap for transitioning from traditional cybersecurity to a Post-Quantum Cryptography (PQC) framework.
Report: One in Ten UK Companies Wouldn't Survive a Major Cyberattack
A new survey by Vodafone Business found that more than 10% of companies in the UK would likely go out of business if they were hit by a major cyber incident, such as a ransomware attack, Infosecurity Magazine reports. Additionally, 71% of business leaders believe at least one of their employees would fall for a convincing phishing attack, and fewer than half (45%) of organizations have ensured that all of their employees have received basic cyber awareness training.
Warning: A LinkedIn Phishing Campaign is Targeting Executives
A phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The messages attempt to trick victims into opening an archive file, which will install a legitimate pentesting tool. “A critical element of this attack was the use of a legitimate, open-source Python script designed for pen-testing,” ReliaQuest says.