Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Gmail increases attachment limit to 50 MByte – for Enterprise customers

Google Workspace Enterprise Plus now includes sending attachments up to 50 MByte. However, the new limit must be enabled by ...
Crowdfund Insider

Regtech SlowMist Exposes Supply Chain Threats in ClawHub’s AI Plugin Ecosystem

SlowMist indicated that in a surge of interest surrounding open-source AI agent framework OpenClaw, its repository, ClawHub, ...
Security Boulevard

Web Single Sign-On: Understanding WS-Federation

Master WS-Federation for enterprise SSO. Learn how Passive Requestor Profiles bridge legacy ASP.NET, SharePoint, and ADFS ...
Regtechtimes on MSN

MacSync malware spreads through Google ads, exposing over 15,000 Mac users

A large-scale macOS malware campaign is spreading through sponsored Google search results and trusted online platforms. More than 15,000 users have already been exposed to the malicious content, ...
CSO Online

Leaky Chrome extensions with 37M installs caught divulging your browsing history

Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal ...

Smart Banner Hub Opens Clustrauth™ API — Quantum-Safe Document Signing for Developers at $5 Per Signature

New REST API gives developers programmatic access to NIST FIPS 204 post-quantum document authentication — sign any ...
Security Boulevard

Dust Specter APT Targets Government Officials in Iraq

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...