News
-
Coordinated action disrupts Tycoon 2FA phishing service that targeted tens of thousands of organisations
A coordinated operation in early March 2026 disrupted Tycoon 2FA, a subscription phishing platform that generated tens of millions of emails monthly and enabled unauthorized access to nearly 100,000 organisations worldwide.
-
Microsoft warns OAuth redirect abuse used to deliver malware to government targets
Microsoft warned that phishing campaigns are abusing OAuth redirect features to deliver malware to government and public sector targets, using malicious OAuth apps, ZIP payloads, PowerShell and DLL sideloading. Organizations are advised to limit consent and review app permissions.
-
Drone strikes damage AWS data centers in UAE and Bahrain
Drone strikes damaged three AWS facilities in the UAE and one in Bahrain, causing outages that affect dozens of cloud services. Structural, power and water damage were reported and recovery work is under way.
-
Star Citizen developer discloses January breach that exposed user account details
Cloud Imperium Games disclosed a January 21 2026 breach that gave attackers read only access to backup systems containing basic account details for an undisclosed number of users. No financial data or passwords were affected.
-
Microsoft warns of OAuth redirect abuse used to deliver malware to public sector
Microsoft warned that attackers are abusing OAuth redirect features to bypass phishing defenses and direct government and public sector users to attacker controlled domains that deliver malware or intercept credentials.
-
Ransomware attack on University of Hawaii Cancer Center exposed data for nearly 1.2 million people
A ransomware gang breached the University of Hawaii Cancer Center Epidemiology Division in August 2025 and stole data for nearly 1.2 million people, including Social Security and driver’s license numbers, the university said in a notice.
-
SloppyLemming deploys BurrowShell and Rust keylogger against Pakistan and Bangladesh
SloppyLemming attacked government and critical infrastructure in Pakistan and Bangladesh from January 2025 to January 2026, deploying the BurrowShell backdoor and a Rust keylogger through spear-phishing PDF and Excel lures.
-
Google issues patches for 129 Android flaws including actively exploited Qualcomm zero day
Google released updates that fix 129 Android vulnerabilities, including an actively exploited zero day in a Qualcomm display component. The bulletin adds two March patch levels and addresses 10 critical flaws that can enable remote code execution.
-
Starkiller phishing suite proxies live login pages to bypass MFA
Researchers disclosed Starkiller, a phishing suite that proxies live login pages through attacker controlled headless browsers to capture keystrokes, session tokens and MFA codes. The toolkit centralises deployment and uses URL masking to hide destinations.
-
CyberStrikeAI observed on infrastructure tied to FortiGate campaign, researchers say
A Team Cymru report says the open source CyberStrikeAI platform was observed on infrastructure tied to a campaign that compromised more than 500 FortiGate firewalls. The report found 21 IPs running the tool between January 20 and February 26, 2026.
