Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login flows.

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Neither brother is currently in Texas; both are in federal prison. Sohaib was found guilty at trial last week, while Muneeb ...

As part of the reconciliation bill, the senators have allocated $108 million over three years to add nearly 200 specialists ...

Encountering a website that seems like it was designed to frustrate might leave you saying ‘there oughta be a law,’ but to ...

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

Authorities say Olena Oblamska was one of the founders of Forsage, a cryptocurrency platform allegedly used as part of a ...

From yesterday's decision by Judge Anthony Trenga (E.D. Va.) in Fseisi v. O'Keefe Media Group: The Complaint alleges the ...