How infostealers turn stolen credentials into real identities

Modern infostealers have expanded credential theft far beyond usernames and passwords. Over the past year, campaigns have accelerated, targeting users with little distinction between corporate employees and individuals on personal devices. These infections routinely harvest credentials alongside broader session data and user activity. The resulting datasets are aggregated and sold by initial access brokers, then […]

AI platforms can be abused for stealthy malware communication

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. Researchers at cybersecurity company Check Point discovered that threat actors can use AI services to relay communication between the C2 server and the target machine. Attackers can exploit this mechanism to deliver commands and retrieve […]

Telegram channels expose rapid weaponization of SmarterMail flaws

Flare researchers monitoring underground Telegram channels and cybercrime forums have observed threat actors rapidly sharing proof-of-concept exploits, offensive tools, and stolen administrator credentials related to recently disclosed SmarterMail vulnerabilities, providing insight into how quickly attackers weaponize new security flaws. The activity occurred within days of the vulnerabilities being disclosed, with threat actors sharing and selling […]

Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages

Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns. As Microsoft explains in a preliminary post-incident report published this week, a software error in its email security system incorrectly flagged thousands of legitimate URLs as phishing links for nearly […]

Data breach at fintech firm Figure affects nearly 1 million accounts

Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. Founded in 2018, Figure uses the Provenance blockchain for lending, borrowing, and securities trading, and has unlocked over $22 billion in home equity with over 250 partners, including […]

Microsoft says bug causes Copilot to summarize confidential emails

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information. According to a service alert seen by BleepingComputer, this bug (tracked under CW1226324 and first detected on January 21) affects the Copilot […]

Chinese hackers exploiting Dell zero-day flaw since mid-2024

A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. Security researchers from Mandiant and the Google Threat Intelligence Group (GTIG) revealed today that the UNC6201 group exploited a maximum-severity hardcoded-credential vulnerability (tracked as CVE-2026-22769) in Dell RecoverPoint for Virtual Machines, a solution […]

Microsoft Teams outage affects users in United States, Europe

​Microsoft is working to resolve an ongoing outage affecting Microsoft Teams users, causing delays and preventing some from accessing the service. According to user reports on the outage-tracking platform DownDetector, this ongoing incident is causing problems when joining meetings with the Teams desktop client, accessing the Teams app, and signing in. “Users may experience delays and […]