Microsoft

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of ...

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub’s engineering team developed a fix and deployed it just over an hour after identifying the root cause, protecting both ...
Dark Reading

Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error

The emerging ransomware has been deployed in the TeamPCP supply chain attacks, but victims should think twice before paying ...

New Linux ‘Copy Fail’ flaw gives hackers root on major distros

An exploit has been published for a local privilege escalation vulnerability dubbed "Copy Fail" that impacts Linux kernels ...
SecurityWeek

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors are abusing Hugging Face and ClawHub to distribute malware by injecting indirect prompts into malicious files.