Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.
The Manila Times

Belarus-aligned FrostyNeighbor attacks Ukrainian government, again - ESET Research discovers

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns targeting governmental organizations in Ukraine.This latest ...

Microsoft warns of Exchange zero-day flaw exploited in attacks

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...
SecurityWeek

Chrome 148 Update Patches Critical Vulnerabilities

Google has released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity security defects.

Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...
CSO Online

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to ...
The Caledonian-Record

Quantum BioPharma Reaches Key Midpoint Milestone in Groundbreaking Imaging Study with ...

Quantum BioPharma Ltd. (NASDAQ: QNTM) (CSE: QNTM) (FRA: 0K91) (“Quantum” or the “Company”), a biopharmaceutical company focused on advancing innovative therapies and technologies, ...
Mashable

Thieves are using 'informed delivery' to spy on mail and commit fraud

Welp, another day and another way for thieves to violate your privacy and commit credit card fraud. Scammers have figured out how to view your mail before it even arrives at your house, and have used ...
Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...