FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
May 22, 2026
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture
News
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture persistent OAuth tokens.
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Lenovo BootRepair.sys exposes IOCTL 0x222014, letting unprivileged BYOVD attackers terminate CrowdStrike Falcon at kernel level with no administrative rights.
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
Splunk CVE-2026-20239 writes active session cookies to the _internal index in plaintext, exposing analyst tokens to any user or process reading that index.
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
OX Security found DPRK-linked npm packages using postinstall hooks to deploy a keylogging infostealer that exfiltrates credentials via the Hugging Face API.
Deleted Google API Keys Stay Active for Up to 23 Minutes
Aikido Security found deleted Google API legacy keys stay functional up to 23 minutes after revocation, a significant window during active incident response.
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Google published PoC exploit code for an unpatched 42-month Chromium Service Worker flaw enabling persistent JavaScript execution after the browser is closed.
Texas AG Sues Meta Over WhatsApp Encryption Claims
Texas AG Ken Paxton sued Meta and WhatsApp in May 2026, alleging the companies falsely claimed end-to-end encryption while retaining private message access.
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
SHADOW-WATER-063 deploys Banana RAT via fraudulent Brazilian NF-e invoice lures, hijacking Pix QR codes to redirect instant payments to attacker-held accounts.
UNG0002 Hides Cobalt Strike in macOS Folder Structures
Seqrite Labs exposed UNG0002 hiding Cobalt Strike inside macOS-style nested folder structures to evade Windows scanners while targeting Changzhou University.
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
CRIL documented INJ3CTOR3 deploying new JOMANGY webshell alongside a six-layer self-healing persistence mechanism against FreePBX VoIP systems for toll fraud.
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
May 22, 2026
Lenovo BootRepair.sys exposes IOCTL 0x222014, letting unprivileged BYOVD attackers terminate CrowdStrike Falcon at kernel level with no administrative rights.
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
May 22, 2026
Splunk CVE-2026-20239 writes active session cookies to the _internal index in plaintext, exposing analyst tokens to any user or process
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
May 22, 2026
OX Security found DPRK-linked npm packages using postinstall hooks to deploy a keylogging infostealer that exfiltrates credentials via the Hugging
Deleted Google API Keys Stay Active for Up to 23 Minutes
May 22, 2026
Aikido Security found deleted Google API legacy keys stay functional up to 23 minutes after revocation, a significant window during
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
May 22, 2026
Google published PoC exploit code for an unpatched 42-month Chromium Service Worker flaw enabling persistent JavaScript execution after the browser
Texas AG Sues Meta Over WhatsApp Encryption Claims
May 22, 2026
Texas AG Ken Paxton sued Meta and WhatsApp in May 2026, alleging the companies falsely claimed end-to-end encryption while retaining
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
May 22, 2026
SHADOW-WATER-063 deploys Banana RAT via fraudulent Brazilian NF-e invoice lures, hijacking Pix QR codes to redirect instant payments to attacker-held
UNG0002 Hides Cobalt Strike in macOS Folder Structures
May 22, 2026
Seqrite Labs exposed UNG0002 hiding Cobalt Strike inside macOS-style nested folder structures to evade Windows scanners while targeting Changzhou University.
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
May 22, 2026
CRIL documented INJ3CTOR3 deploying new JOMANGY webshell alongside a six-layer self-healing persistence mechanism against FreePBX VoIP systems for toll fraud.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.