1-855-263-7328
Security Portal Login
1-855-263-7328
Security Portal Login

Author: InfoSec News

Microsoft 365 credentials

Screenshot 2026 01 07 233732

A new phishing campaign is exploiting trusted cloud infrastructure-and it changes the threat model entirely. Attackers are abusing Google Cloud services to bypass traditional email security controls and steal Microsoft 365 credentials. Any organisation running Microsoft 365 is a potential target. This is not classic phishing. This is trusted cloud abuse. Phishing attacks no longer […]

Phishing Campaign Abuses Google Infrastructure

Screenshot 2026 01 06 225335

This is not spoofing. This is platform abuse. A newly identified phishing campaign marks a dangerous shift in how attackers exploit trust on the internet. Instead of impersonating Google through fake domains or lookalike emails, threat actors are now abusing legitimate Google infrastructure itself to conduct large-scale credential theft. Thousands of organizations worldwide have already […]

Shai Hulud Variant

Screenshot 2026 01 03 234503

A known malware strain has resurfaced-with purpose, planning, and continued investment. Security researchers have identified a new, heavily modified variant of the Shai Hulud malware, and this is not a recycled threat or a low-effort fork. The changes observed indicate active maintenance, deliberate obfuscation, and functional refinement by the original threat actors. Most critically, development […]

npm Packages Became Phishing Infrastructure

Screenshot 2025 12 29 225718

This was not a malware campaign. There were no trojans, no ransomware, no weaponized installers. Instead, attackers turned a trusted software supply chain platform into phishing infrastructure. A sustained campaign abused the npm ecosystem to harvest credentials, bypassing traditional malware delivery entirely. The primary targets were not developers, but sales and commercial teams inside organizations […]

Chrome extension breach

Screenshot 2025 12 27 230646

The Trust Wallet Chrome extension breach was not a failure of cryptography. It was not a blockchain exploit. It was not a smart contract bug. It was a software supply chain attack-and it succeeded precisely because it targeted the most trusted layer in the stack. Within hours, millions of dollars were drained from user wallets. […]

Parrot OS 7.0

Screenshot 2025 12 26 235021

Parrot OS 7.0 is not a routine Linux upgrade. It is a full system rewrite designed for the realities of modern security testing. For penetration testers, red teams, security consultants, and enterprise labs, this release marks a baseline shift in how offensive and defensive security environments are built and maintained. This is not about new […]

MongoDB Vulnerability

Screenshot 2025 12 24 171636

A newly disclosed vulnerability in MongoDB highlights a dangerous and often underestimated class of risk: unauthenticated memory disclosure. Tracked as CVE-2025-14847, this flaw allows attackers to extract sensitive server memory without credentials, alerts, or obvious signs of compromise. For organizations running exposed MongoDB instances, the risk is immediate and real. This is not a denial-of-service […]

Controls Become the Exploit

Screenshot 2025 12 22 233909

AI safety dialogs are designed to protect users from dangerous actions.A newly identified attack technique shows how that very protection can be turned into an execution path for malicious code. The technique, known as Lies-in-the-Loop, exposes a fundamental weakness in how AI code assistants implement human approval workflows. Any organization relying on AI-assisted development should […]

University of Sydney Data Breach

Screenshot 2025 12 20 221213

The University of Sydney data breach did not involve a sophisticated zero-day exploit. There was no advanced malware or nation-state capability on display. Instead, thousands of personal records were exposed because of something far more common—and far more dangerous: a forgotten system. Hackers accessed a legacy IT code library used for software development. Inside it […]

AI-Assisted Vulnerability Discovery

Screenshot 2025 12 19 223122

The pace of software development has accelerated dramatically over the last decade, driven by cloud-native architectures, microservices, continuous deployment, and the growing adoption of AI across business functions. While these advances have enabled organizations to innovate faster, they have also introduced unprecedented complexity into modern applications. Codebases are larger, dependencies are deeper, and the attack […]