New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials.…
Securing AI Models – Risk and Best Practices
Generative AI (Artificial Intelligence) has turned out to be a game changer after the introduction of ChatGPT, DALL-E, Bard, Gemini,…
Microsoft testing Windows 11 support for third-party passkeys
Microsoft is now testing WebAuthn API updates that add support for support for using third-party passkey providers for Windows 11…
Hackers abuse Avast anti-rootkit driver to disable defenses
A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take…
Faux ChatGPT, Claude API Packages Deliver JarkaStealer
Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be…
Security plugin flaw in millions of WordPress sites gives admin access
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both…
T-Mobile confirms it was hacked in recent wave of telecom breaches
T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain…
The Future of Cybersecurity: Predictions for 2025 and Beyond
by Gary S. Miliefsky, CISSP, fmDHS As the publisher of Cyber Defense Magazine, I have a great honor and pleasure…
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited…
Leave the oil to me: Trump vows to unleash US energy, undo key Biden rules in 2nd term
President-elect Trump has vowed to overhaul his predecessor's biggest climate and clean energy achievements, but it's unclear how much he'll…