Microsoft

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek.
Security Boulevard

Web Single Sign-On: Understanding WS-Federation

Master WS-Federation for enterprise SSO. Learn how Passive Requestor Profiles bridge legacy ASP.NET, SharePoint, and ADFS ...

APsystems: Cloud vulnerability allowed firmware exchange

APsystems inverters communicate with the manufacturer's cloud systems. A vulnerability allowed firmware smuggling.
Cybernews

Hackers target Mac users with fake CleanMyMac, empty crypto wallets

Hackers have launched a convincing, fraudulent CleanMyMac website to trick Mac users into installing SHub Stealer, a malware that drains cryptocurrency wallets, steals data, and leaves a backdoor.
Cybernews

AI-driven hacking uses booking.com and Microsoft Teams in vibe coding and “flat pack” malware campaigns

AI is helping cybercriminals to rapidly assemble malware with flat-pack efficiency. It’s almost like buying a sofa from Ikea, ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
Security Boulevard

Invisible Threats: Source Code Exfiltration in Google Antigravity

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions ...
Nature

Quantum-dot-tagged microbeads for multiplexed optical coding of biomolecules

Recent advances in bioanalytical sciences and bioengineering have led to the development of DNA chips 1,2, miniaturized biosensors 3,4, and microfluidic devices (e.g., microelectromechanical systems ...