SecurityWeek

Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

The cybersecurity company pointed out that the fresh campaign resembles December 2025 attacks targeting CVE-2025-59718 and CVE-2025-59719, two critical-severity defects impacting the FortiCloud SSO ...
WinBuzzer

Microsoft Releases Security Baseline V2512 for Microsoft 365 Apps with Enhanced Excel and Powerpoint Protections

Microsoft has released Security Baseline v2512 for Microsoft 365 Apps with enhanced Excel and PowerPoint protections, blocking unsafe external links and legacy automation components.
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
Forbes

2FA Code Attacks Surge As Russian Hackers Target Microsoft Users

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...
bitnewsbot

Russia-Linked Group Uses Device Code Phishing to Steal M365 Credentials

Since September 2025, a suspected Russia-aligned group known as UNK_AcademicFlare has executed a phishing campaign targeting Microsoft 365 credentials. The campaign mainly impacts entities in ...
The Hacker News

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover ...
IEEE

Bring Your Device Group (BYDG): Efficient and Privacy-Preserving User-Device Authentication Protocol in Multi-Access Edge Computing

Abstract: Authentication is an important security issue for multi-access edge computing (MEC). To restrict user access from untrusted devices, Bring Your Own Device (BYOD) policy has been proposed to ...
Wall Street Journal

Sam Altman’s Sprint to Correct OpenAI’s Direction and Fend Off Google

When OpenAI CEO Sam Altman made the dramatic call for a “code red” last week to beat back a rising threat from Google, he put a notable priority at the top of his list of fixes. The world’s most ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
Hosted on MSN

Pixnapping attack can steal 2FA codes from Android devices using onscreen pixels

Google reached out with clarification. As told to Android Police by a Google spokesperson: "We issued a patch for CVE-2025-48561 in the September Android security bulletin, which partially mitigates ...
Wired

A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds. The new attack, named ...