03 Jul, 2026

Hackers target Microsoft 365 accounts with 81 million login attempts

An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. The threat actor tried to authenticate via Microsoft’s Azure command-line interface (CLI) using still valid username and password combinations that had been exposed in past breaches. Microsoft’s Azure CLI is used for managing Azure cloud resources, […]

2 mins read

Over 900 Oracle E-Business instances exposed to ongoing attacks

Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. The vulnerability (tracked as CVE-2026-46817) was found in the File Transmission component of EBS’s Oracle Payments product and allows malicious actors without privileges and with HTTP network access to take over vulnerable systems through low-complexity attacks. […]

2 mins read

Microsoft fixes GIF functionality in the Windows Emoji Panel

Microsoft has fixed the GIF functionality in the Emoji Panel for Windows 11 users after the provider shut down its service. According to Microsoft, the GIF feature stopped working suddenly on June 30 for some users after Google’s Tenor GIF search engine retired its application programming interface (API). “Starting on June 30, 2026, you might […]

2 mins read

Amazon fined $2.25M for withholding evidence from fraud victims

The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims’ access to transaction records. As alleged in a complaint filed with the Justice Department, Amazon failed to provide many fraud victims with records of fraudulent transactions made in their names, as […]

2 mins read

Adobe patches seven max severity ColdFusion, Campaign flaws

Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. All these vulnerabilities can be exploited in low-complexity attacks that don’t require user interaction and were tagged with priority 1, indicating a high risk of being targeted. “This update resolves vulnerabilities being […]

2 mins read

Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

Anthropic is now rolling out Sonnet 5, and it’s almost as good as the Opus range, but it is designed to be cheaper than the company’s flagship model. In a blog post, Anthropic said Claude Sonnet 5 is “built to be the most agentic Sonnet model yet,” and added that it comes with advanced features, such […]

3 mins read

Anthropic to restore Claude Fable access on Wednesday

Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude’s two most powerful models, Fable 5 and Mythos 5. In a post on X, Anthropic confirmed that it will begin restoring access to Fable 5 on Wednesday. On the other hand, Mythos will remain exclusive to select companies. “We’ve received notice that the Department of […]

2 mins read

New BioShocking attack manipulates AI browser into data theft

A new prompt injection attack dubbed “BioShocking” could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. A proof-of-concept (PoC) for the attack, devised by researchers at LayerX, was successfully tested against six mainstream agentic browser products (ChatGPT Atlas, Comet, Fellou, Genspark Browser, […]

2 mins read

Microsoft accelerates quantum-safe roadmap as risks grow

Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today’s encryption standards sooner than previously expected. Although today’s quantum computers cannot crack modern encryption, security researchers have warned about “harvest now, decrypt later” attacks. In these attacks, encrypted data that is stolen today […]

2 mins read

Malicious PyPI packages give hackers control of Telegram bot servers

A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. At least eight packages have been published on the Python Package Index (PyPI) with a hidden backdoor that is activated by helper modules when importing Pyrogram or […]

3 mins read