Fake Avast Website Targets Users With €499 Phishing Refund Scam
Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data.
Entra ID OAuth Consent Can Grant ChatGPT Access to Emails
OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access.
Report Finds Just 1% of Security Flaws Drive Most Cyberattacks in 2025
New VulnCheck research reveals that while thousands of CVEs are discovered yearly, only 1% drive real-world impact.
US Sanctions Russian Exploit Broker Over Stolen US Cyber Tools
The US Treasury targets Sergey Zelenyuk and his firm Operation Zero for the illegal trade of stolen government cyber tools following the sentencing of Peter Williams.
$300 a Month Android Malware ‘Oblivion’ Uses Fake Updates to Hijack Phones
Cybersecurity researchers at Certo reveal Oblivion, a new Android Trojan targeting major brands like Samsung and Xiaomi. It bypasses security to steal passwords and bank codes.
Amazon: Low-Skill Hacker Used AI Tools to Breach FortiGate Devices Globally
Amazon says a Russian speaking low-skill hacker used AI tools to breach hundreds of FortiGate devices worldwide, showing how AI can scale cyberattacks with basic methods.
Romanian Hacker Extradited to US Admits Hacking Oregon State Network
Catalin Dragomir admits to hacking an Oregon government office and selling network access. Read more on the $250k fraud case and his 2026 sentencing.
Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks
16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks.
PayPal Confirms Six-Month Data Exposure Linked to Loan System Error
PayPal has confirmed a data leak in its Working Capital loan system that exposed names, dates of birth, and Social Security numbers for six months.
Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs
A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys.