Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login flows.

Active Microsoft Exchange zero-day leaves organisations exposed By Nicola Mawson, Contributing journalistJohannesburg, 19 May 2026An exploit in on-premises Microsoft Exchange servers has already been ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...

Warp’s cloud agent orchestration platform now supports Claude Code and Codex alongside Warp Agent, giving enterprise engineering teams a single control plane to orchestrate coding agents across models ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Debugging isn’t just guessing.

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Developers are responding to a wealth influx in a historic community, adding major projects that are poised to shift the ...

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...