DarkReading
- Get link
- X
- Other Apps
"Tycoon 2FA Phishers Scatter adopt device code phishing."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 18 April 2026, 1627 UTC.
Content and Source provided by email subscription from https://feedly.com.
https://feedly.com/i/subscription/content/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
30
Yesterday
by Nate Nelson / 19h
In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
by Becky Bracken / 19h
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
by Robert Lemos / 1d
The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws.
Apr 16, 2026
by Alexander Culafi / 1d
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
by Nate Nelson / 1d
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.
by Arielle Waldman / 2d
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world.
by Jeffrey Schwartz / 2d
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.
Apr 15, 2026
While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption.
by Jai Vijayan / 2d
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.
by Alexander Culafi / 2d
Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle.
by Rob Wright / 3d
Quantum computers are coming and may impact systems in unexpected ways, and it will "take years to be fully quantum-safe, if ever," cryptography expert warns.
by Elizabeth Montalbano / 3d
Google, Meta, and Microsoft about half the time don't comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds.
by Matthew Andriani / 3d
Security teams can't test distributed denial-of-service defenses in a vacuum. They need to test during periods of high demand, such as tax-filing deadlines.
by Alexander Culafi / 3d
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
Apr 14, 2026
by Robert Lemos / 3d
The deal aims to accelerate AI adoption, train workers, and develop cybersecurity partnerships — the latest move by a hyperscaler to compete for sovereign AI and data centers.
Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix.
by Rob Wright / 3d
Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.
by Elizabeth Montalbano / 3d
In an educational game called "Capture the Narrative," students created bots to sway a fictional election, simulating influence in real-world political scenarios.
Apr 13, 2026
by Alexander Culafi / 4d
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos.
An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.
by Brad McInnis / 4d
OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security.
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.
Apr 10, 2026
by Nate Nelson / 7d
Threat actors breached the telehealth brand, and now they may know patients' personal health details. What could they do with that information?
by Jeanette Miller-Osborn / 7d
These are the fundamental detection model shifts cybersecurity teams need to make to keep up with the rising number of credential-based attacks.
by Robert Lemos / 8d
The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.
by Alexander Culafi / 8d
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the vendor said.
End of feed
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.