Windows Report

FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens

The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.
Bleeping Computer

VMware fixes vCenter Server bugs allowing code execution, auth bypass

VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. vCenter Server is the control ...
Bleeping Computer

Critical auth bypass bug in CrushFTP now exploited in attacks

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. The security ...

FBI sounds alarm on phishing tool that steals Microsoft 365 accounts without passwords

The FBI is warning that a new hacking platform is allowing cybercriminals to hijack Microsoft 365 accounts — including ...
Homeland Security Today

FBI Warns Phishing Kit is Bypassing Microsoft Multi-Factor Authentication Through OAuth ...

The Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (PSA) to warn the public about an emerging ...

FBI warns of hacking campaign stealing Microsoft 365 accounts without passwords

Cybercriminals are exploiting a new 'Phishing-as-a-Service' tool, Kali365, to bypass Microsoft 365 security, including ...
Dark Reading

Cox Biz Auth-Bypass Bug Exposes Millions of Devices to Takeover

An API authorization-bypass flaw in the infrastructure of a leading US broadband provider exposed millions of business customer devices to attacks, giving threat actors access to permissions on the ...
Dark Reading

GitLab Warns of Max Severity Authentication Bypass Bug

Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week.