Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

Are magic links secure? A security analyst breaks down token entropy, replay protection, expiry, device binding, and email compromise risks for MojoAuth users.

Structured data capture in Revvity Signals One turns lab data into searchable, auditable records for real-time analytics and ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not laced with malicious code. In 2025, those odds got significantly worse.

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another ...

A simple account update could help some Outlook users regain access after widespread disruption hit the email service. Millions of Microsoft Outlook users faced disruption at the start of the week ...

Microsoft Outlook, a major email app, said its services were recovering after several hours of outage reports. Downdectector, a real-time outage monitoring program, reported over 1,500 outages around ...

Microsoft is offering voluntary retirement buyouts for the first time in its 51-year history, per reports from CNBC and Bloomberg. According to an internal memo, employees will be eligible if their ...

The CloudZ Trojan steals data through Microsoft Phone Link. The campaign has been active since at least January 2026.  Follow our practices to protect yourself from the CloudZ Trojan. Cisco Talos ...

Microsoft's one-time retirement program will be open to U.S. workers at the senior director level and below whose years of employment and age add up to 70 or more. The company is also decoupling stock ...