Device Code Phishing Surges 1,380% — MFA Won't Save You
Device code phishing attacks jumped 1,380% in early 2026. EvilTokens and 17 other PhaaS kits now offer turnkey identity theft that bypasses MFA and passkeys.
Device code phishing attacks jumped 1,380% in early 2026. EvilTokens and 17 other PhaaS kits now offer turnkey identity theft that bypasses MFA and passkeys.
Threat actor '888' offers 35GB of Accenture data for sale including source code, RSA keys, SSH keys, and Azure tokens. Third major breach for the IT giant.
Malicious Python PoC repositories on GitHub deliver ChocoPoC RAT to security researchers. The trojan steals credentials and provides remote access via Mapbox dead drops.
CVE-2026-40138 and CVE-2026-40139 (CVSS 9.2) enable pre-auth bypass in BeyondTrust Remote Support and PRA. Flaws found using Claude AI during internal audit.
Ubiquiti warns of CVE-2026-50746 (CVSS 10.0) and six other critical vulnerabilities affecting UniFi OS devices. 100,000 instances exposed online require immediate patching.
CERT/CC warns of CVE-2026-11405, an undocumented authentication backdoor in Tenda router firmware. The vendor remains unreachable with no fix in sight.
CVE-2026-10134 enables unauthenticated RCE in Langflow OSS through public flows. Attackers can run arbitrary Python on servers via the build endpoint.
JetBrains fixes CVSS 9.8 account takeover bug in Hub and multiple RCE vulnerabilities across IntelliJ, GoLand, and other IDEs. Update immediately.
Kaspersky uncovers Umbrij, a .NET tool used by APT group ToddyCat to steal Gmail OAuth tokens through browser remote debugging—no credentials needed.
Researchers demonstrate TrojPix, an attack that turns invisible pixel changes into radio signals leaking data at 8.1 Mbps from air-gapped systems up to 208 meters away.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.