RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
May 8, 2026
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension
Identity and Access Management
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension prompt injection vulnerability in Claude ...
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Researchers disclosed PamDOORa, a commercial Linux backdoor sold on the Russian Rehub forum that exploits the PAM authentication framework to install covert SSH access and ...
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing MFA by stealing authenticated session ...
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer malware.
When Amazon Sends the Phishing Email
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning AWS's own email infrastructure against ...
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
Stolen credentials often lead to unchecked privilege escalation and security breaches, but identity-first Zero Trust offers a strategic solution.
Stolen Credentials Are Turning Authentication Systems Into Attack Surfaces
Discover how wearable biometric authentication is reshaping identity verification by focusing on the user, rather than the session.
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
A critical vulnerability in Flowise lets attackers execute arbitrary code using improperly validated JavaScript.
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
May 8, 2026
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
May 8, 2026
Researchers disclosed PamDOORa, a commercial Linux backdoor sold on the Russian Rehub forum that exploits the PAM authentication framework to
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
May 6, 2026
Microsoft disclosed an AiTM phishing campaign targeting 35,000 users in 13,000 organizations across 26 countries between April 14–16, 2026, bypassing
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
May 5, 2026
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
May 5, 2026
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer
When Amazon Sends the Phishing Email
May 5, 2026
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
April 15, 2026
Stolen credentials often lead to unchecked privilege escalation and security breaches, but identity-first Zero Trust offers a strategic solution.
Stolen Credentials Are Turning Authentication Systems Into Attack Surfaces
April 10, 2026
Discover how wearable biometric authentication is reshaping identity verification by focusing on the user, rather than the session.
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
April 8, 2026
A critical vulnerability in Flowise lets attackers execute arbitrary code using improperly validated JavaScript.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.