CSO Online

‘Silent’ Google API key change exposed Gemini AI data

API key exploitation is more than hypothetical. In a different context, a student who reportedly exposed a GCP API key on GitHub last June was left nursing a $55,444 bill (later waived by Google) ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Why The Core Of Modern Cybersecurity Is Bridging Identity And Data

The traditional "identity first" approach is struggling because it treats access as a binary state—either you’re in or you’re out.
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

Let me see some ID: age verification is spreading across the internet

Apple is bringing age verification to the UK, as the latest iOS 26.4 beta prompts users to verify that they’re over 18 following installation. As shown in screenshots posted to Reddit, Apple says ...