Security News > 2025 > April

Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion...

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. [...]

Hallucinated package names fuel 'slopsquatting' The rise of LLM-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in...

Redmond hopes you’ve forgotten or got over why everyone hated it the first time After temporarily shelving its controversial Windows Recall feature amid a wave of backlash, Microsoft is back at it...

Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts. [...]

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched....

A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them...

​Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs. [...]

Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. [...]

Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector...