Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Morning Overview on MSN

Suspected North Korean hackers compromise widely used US software

Suspected North Korean hackers have compromised Axios, one of the most widely used JavaScript libraries in American software ...