Hackers Pose as IT Staff in Microsoft Teams to Install Malware

Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks.
The Hacker News

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Nine “LeakyLooker” flaws in Google Looker Studio allowed cross-tenant SQL access across GCP services before being patched.

State-linked actors targeted US networks in lead-up to Iran war

Researchers found backdoors installed on U.S. company networks in the weeks prior to the U.S. and Israeli bombing campaign.

Hackers abuse .arpa DNS and ipv6 to evade phishing defenses

Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade ...
Opinion
Blue HeadlineqOpinion

MCP Server Security Benchmark 2026: How to Test Prompt Injection, Secret Leakage, and Permission Abuse

A practical MCP security benchmark for 2026: scoring model, risk map, and a 90-day hardening plan to prevent prompt injection, secret leakage, and permission abuse.
The Hacker News

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Researchers uncover APT28-linked phishing attacks against Ukrainian targets deploying BadPaw loader and MeowMeow backdoor for ...

Explained: What is Discord's age verification backlash in the UK linked to Peter Thiel-backed company Persona

Discord announced earlier this month that all users will soon be defaulted to teen experiences until their ages are verified. Soon after, the messagin.
Bleeping Computer

Poland arrests suspect linked to Phobos ransomware operation

Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server ...