Uncategorized

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called “Direct Send” to evade detection by email security and steal credentials. Direct Send is a Microsoft 365 feature that allows on‑premises devices, applications, or cloud services to send emails through a tenant’s smart host as if they originated from the organization’s domain. It’s…

Microsoft has fixed a known issue that will cause the classic Outlook email client to crash when opening emails or starting a new message. The bug impacts users across all Microsoft 365 Office channels who updated Outlook for Microsoft 365 earlier this month. “When you open or start a new email, classic Outlook crashes. This…

Microsoft has confirmed that its Family Safety parental control service is blocking users from launching Google Chrome and other web browsers on Windows systems. Microsoft Family Safety helps parents monitor their children’s activity across desktop and mobile devices, providing screen time management, content filtering, app controls, location tracking, communication monitoring, and activity reports. Redmond acknowledged the…

CISA has confirmed that a maximum severity vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks. The MegaRAC BMC firmware provides remote system management capabilities for troubleshooting servers without being physically present, and it’s used by several vendors (including HPE, Asus, and ASRock) that supply equipment to cloud service…

A British national known online as “IntelBroker” has been charged by the U.S. for stealing and selling sensitive data from victims worldwide, causing an estimated $25 million in damages. The indictment, revealed today by the U.S. Attorney’s Office for the Southern District of New York, accuses Kai West, a 25-year-old British man, of using the handle…

Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client’s  Authenticode signature. ConnectWise ScreenConnect is a remote monitoring and management (RMM) software that allows IT admins and managed service providers (MSPs) to troubleshoot devices remotely. When a ScreenConnect installer is built, it can be customized…

A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft’s ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. The hackers rely on legitimate AWS cloud services (AWS, Cloudfront, API Gateway, Lambda) to keep the command and control (C2) infrastructure hidden. ClickOnce is a…

A new wave of North Korea’s ‘Contagious Interview’ campaign is targeting job seekers with malicious npm packages that infect dev’s devices with infostealers and backdoors. The packages were discovered by Socket Threat Research, which reports they load the BeaverTail info-stealer and InvisibleFerret backdoor on victims’ machines, two well-documented payloads associated with DPRK actors. The latest…

Google has released Gemini 2.5 Pro-powered Gemini CLI, which allows you to use Gemini inside your terminal, including Windows Terminal. Gemini CLI is written in Typecript and it works across all platforms, including Windows, macOS and Linux. If you’re a developer, you can follow Gemini CLI’s guidelines and plug it into scripts and extend capabilities of existing tools….

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. “Exploits of CVE-2025-6543 on unmitigated appliances have been observed,” warns Citrix’s advisory. Tracked internally as CTX694788, CVE-2025-6543 is a critical flaw impacting NetScaler ADC and NetScaler Gateway and…