Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft.

Amazon is shutting down an employee-created leaderboard that promoted excessive use of AI. An Amazon spokesperson said it "was never intended to promote the use of AI for usage's sake." Amazon's move ...

The tech giant deprecated its employee-built "KiroRank" ranking system after concluding it was pushing staff to inflate AI activity rather than solve genuine business problems, as major corporations ...

A newly discovered supply-chain attack on npm is targeting software developers using OpenAI Codex. Codex is OpenAI’s coding assistant and software engineering agent that can write and review code, fix ...

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...

The Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (PSA) to warn the public about an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, first seen in April ...

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass ...

AI is turning out to be more expensive than enterprises expected, and CFOs are now trading future headcount for tokens. Roughly 95% of enterprise AI still runs on the priciest frontier models even for ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself ...