Over Security

Over Security

33608 bookmarks
Custom sorting
Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages
Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages
Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft.
·group-ib.com·
Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages
VS Code zero-day lets hackers steal GitHub tokens in one click
VS Code zero-day lets hackers steal GitHub tokens in one click
A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link.
·bleepingcomputer.com·
VS Code zero-day lets hackers steal GitHub tokens in one click
Microsoft's Coreutils project brings Linux commands to Windows
Microsoft's Coreutils project brings Linux commands to Windows
Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications.
·bleepingcomputer.com·
Microsoft's Coreutils project brings Linux commands to Windows
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
OpenAI says it's rolling out a new update that improves the existing GPT-5.5 Instant model, and this move comes ahead of the scheduled retirement of multiple legacy models, including o3.
·bleepingcomputer.com·
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
Critical Kirki flaw exploited to hijack WordPress admin accounts
Critical Kirki flaw exploited to hijack WordPress admin accounts
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.
·bleepingcomputer.com·
Critical Kirki flaw exploited to hijack WordPress admin accounts
AI-built ransomware toolkit automates EDR evasion, AD discovery
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions.
·bleepingcomputer.com·
AI-built ransomware toolkit automates EDR evasion, AD discovery
Microsoft Exchange Online outage causes email delays, failures
Microsoft Exchange Online outage causes email delays, failures
Microsoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America and Germany.
·bleepingcomputer.com·
Microsoft Exchange Online outage causes email delays, failures
Why the browser is now the front line for AI security
Why the browser is now the front line for AI security
AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance.
·bleepingcomputer.com·
Why the browser is now the front line for AI security
CISA flags two-year-old Oracle flaw as actively exploited in attacks
CISA flags two-year-old Oracle flaw as actively exploited in attacks
CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks.
·bleepingcomputer.com·
CISA flags two-year-old Oracle flaw as actively exploited in attacks
Wardriving assessment across Mexico: Preparing for the 2026 World Cup
Wardriving assessment across Mexico: Preparing for the 2026 World Cup
In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks.
·securelist.com·
Wardriving assessment across Mexico: Preparing for the 2026 World Cup
Red Hat npm packages compromised to steal developer credentials
Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma."
·bleepingcomputer.com·
Red Hat npm packages compromised to steal developer credentials
Spain arrests doxer leaking sensitive data of govt employees
Spain arrests doxer leaking sensitive data of govt employees
The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE).
·bleepingcomputer.com·
Spain arrests doxer leaking sensitive data of govt employees