WinBuzzer

Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA

Cybercriminals have launched a widespread phishing campaign exploiting Microsoft's OAuth device code flow to bypass MFA and ...
SecurityWeek

Fortinet Patches Critical Authentication Bypass Vulnerabilities

Fortinet patched two critical flaws in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager leading to authentication bypass.
Bleeping Computer

Critical auth bypass bug in CrushFTP now exploited in attacks

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. The security ...
Forbes

New Windows Security Bypass Alert For Chrome And Edge Users

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. I first warned Forbes readers of the threat from something ...
Dark Reading

'Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs

A novel cyberattack method dubbed "Conversation Overflow" has surfaced, attempting to get credential-harvesting phishing emails past artificial intelligence (AI)- and machine learning (ML)-enabled ...
Bleeping Computer

Trend Micro fixes critical vulnerabilities in multiple products

Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption ...
Forbes

PayPal Scam Warning—Dangerous Invoice Bypasses Email Security

Update, March 10, 2025: This story, originally published March 8, has been updated with in-depth mitigation advice from PayPal regarding attack attempts and tactics, as well as a recommendation that ...