Stephen Weigand

Critical flaw in the Expo framework that allowed them to take over user accounts via the Open Authorization (OAuth) protocol. 

The first bug allows a remote attacker to break out of the Web Content sandbox, the second may disclose sensitive information and the third can lead to arbitrary code execution while processing maliciously crafted web content.

The number of identity crimes reported to the nonprofit Identity Theft Resource Center last year was 14,817, which is slightly off from the all-time high it received in 2021.

First-ever action by DOJ’s Disruptive Technology Task Force alleges “hostile nation-states” attempted to smuggles stolen trade secrets to advance authoritarian regimes and facilitate human rights abuses.

A new phishing-as-a-service called “Greatness” has been providing affiliates with assets to make convincing Microsoft 365 decoy and login pages.

Microsoft enabled number matching for all Authenticator push notifications for relevant services to users worldwide on May 8.

Researchers identified a new malware family infecting apps that were installed on more than 620,000 Android devices from the official Google Play store.

Cisco said bug in end-of-life device is critical and won't get patched.

Nearly three-quarters (73%) of survey respondents say their organization has an incident response playbook to guide decision-making during a cybersecurity incident.

Microsoft is warning that Iran is using a new set of preferred techniques that combine its traditional cyberattacks with cyber-enabled influence operations (IO) for greater geopolitical effect.