Phishing poses as big-brand job interview to steal Google accounts

Phishing poses as big-brand job interview to steal Google accounts

A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. The operation is abusing the legitimate cloud-based PeopleForce human resources platform and a domain associated with the Salesforce Marketing Cloud service before

Read More »
Fake IT support calls on Microsoft Teams push EtherRAT malware

Fake IT support calls on Microsoft Teams push EtherRAT malware

Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. The campaign, reported by Palo Alto Networks’ Unit 42, combines phishing emails, Microsoft Teams voice calls, legitimate remote management tools, and

Read More »
Software Is Now Written at the Speed of Thought. Security Isn't.

Software Is Now Written at the Speed of Thought. Security Isn’t.

Every major evolution in software development has reduced the friction between an idea and a deployable solution. Waterfall optimized execution against a plan. Agile optimized adaptation to change. DevOps optimized continuous delivery. Today, generative artificial intelligence and Vibe Coding optimize creation for anyone, anywhere. But as software creation approaches the

Read More »
Max severity Adobe ColdFusion flaw now exploited in attacks

Max severity Adobe ColdFusion flaw now exploited in attacks

Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. ColdFusion is a commercial web app development platform designed to help build and deploy enterprise-grade websites. The CVE-2026-48282 security flaw affects ColdFusion versions 2025.9, 2023.20, and earlier, and can be exploited by

Read More »
JadePuffer ransomware used AI agent to automate entire attack

JadePuffer ransomware used AI agent to automate entire attack

Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. According to cloud security company Sysdig, JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges,

Read More »
ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit

A new phishing-as-a-service (PhaaS) platform dubbed “ARToken” appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. Cisco Talos researchers discovered the platform while investigating phishing infrastructure used in an incident response engagement and identified a

Read More »