Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
来自MSN

SmarterMail patches critical unauthenticated RCE flaw rated CVSS 9.3

SmarterMail administrators have an urgent security update to prioritize: a critical unauthenticated remote code execution (RCE) vulnerability with a CVSS score of 9.3 has been patched. The flaw is ...