A sophisticated method to bypass Content Security Policy (CSP) nonces, a widely-used web security mechanism designed to prevent cross-site scripting (XSS) attacks.
The breakthrough technique exploits browser caching mechanisms combined with CSS injection to circumvent one of the web's most trusted security features.
Content Security...
A recent security investigation by Semperis has uncovered a critical vulnerability in Microsoft Entra ID (formerly Azure Active Directory) integrations, which can lead to complete account takeover in certain Software-as-a-Service (SaaS) applications.
The flaw, dubbed “nOAuth abuse,” enables attackers to hijack user accounts across tenant...
A major security vulnerability in the Android stalkerware service Catwatchful has exposed the plaintext login credentials of over 62,000 users, revealing the extensive reach of consumer spyware applications.
The breach, discovered through a SQL injection vulnerability, highlights ongoing security concerns surrounding commercially available surveillance...
A new credential-harvesting malware known as “123 | Stealer” has surfaced on a prominent English-speaking cybercrime forum, with the threat actor operating under the handle koneko marketing subscriptions at US $120 per month.
According to the sales thread, the developer distributes the stealer through...
In a striking example of the evolving landscape of cyber warfare, Iranian state-linked hackers have launched a highly sophisticated global spear-phishing campaign targeting high-profile individuals, especially in Israel, but with a footprint far broader in scope.
Known as Educated Manticore (also tracked as APT42,...
Cybercriminals are rapidly adopting artificial intelligence (AI) technologies, specifically large language models (LLMs), to streamline and amplify their illicit activities.
The surge in generative AI has not only transformed legitimate sectors but has also provided malicious actors with powerful new tools.
LLMs, capable of generating...