Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...

New EvilTokens service fuels Microsoft device code phishing attacks

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

Why your QR Codes shouldn’t always lead to the same place

Uniqode reports that dynamic QR Codes can route users to different destinations based on context, enhancing marketing ...

Firewalla Supports AmneziaWG VPN Server And Smarter Device Protection

Latest version of the Firewalla app supports AmneziaWG VPN Server, a breakthrough VPN protocol that bypasses blocked networks ...

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google patches 21 Chrome vulnerabilities, including an actively exploited zero-day flaw that could enable code execution and ...
The Hacker News

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple expanded iOS 18.7.7 on April 1, 2026 after DarkSword disclosure, enabling auto security updates across more devices.
Infosecurity Magazine

New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs

A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated ...

Apple Issues Rare iOS 18 Security Update to Protect Against DarkSword Exploit

Apple today released a new build of iOS 18.7.7 and iPadOS 18.7.7, presumably with a fix for the DarkSword exploit. Apple told ...

This free app fixes the worst part of two-factor authentication

The problem with most 2FA apps is that they trap codes on a single device. That’s why I’ve ditched my old authenticator app ...