715 matches found
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...
Inside an AI‑enabled device code phishing campaign
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Indicators of compromise IOC 4. References 5. Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the Device Code Authentication flow to compromise organizational...
Inside an AI‑enabled device code phishing campaign
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Indicators of compromise IOC 4. References 5. Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational...
JesterSploit
JesterSploit – Advanced WiFi Penetration Testing Framework !...
Ofensive-security
This repository contains my Offensive Cyber Security / Penetrati...
Malicious code in node-calculator-x7k9-evil (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc5725b959d72dc6ed33866064dda06f32d3c37b6f86310eba08d256c7ef9dc8 The package node-calculator-x7k9-evil was found to contain malicious code...
MAL-2025-192846 Malicious code in node-calculator-x7k9-evil (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc5725b959d72dc6ed33866064dda06f32d3c37b6f86310eba08d256c7ef9dc8 The package node-calculator-x7k9-evil was found to contain malicious code...
Stealth and Evasion in Rogue AP Attacks: An Analysis of Modern Detection and Bypass Techniques
Wireless networks act as the backbone of modern digital connectivity, making them a primary target for cyber adversaries. Rogue Access Point attacks, specifically the Evil Twin variant, enable attackers to clone legitimate wireless network identifiers to deceive users into connecting. Once a...
Malicious code in evil-rce2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 63a6a4d1f5ad55b3b2b836b95a7153f322bb4ea2f718f665a51a4a94f32576d5 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...
EUVD-2025-201564
Malicious code in evil-rce2 PyPI...
EUVD-2025-201551
Malicious code in evil-rce PyPI...
Malicious code in evil-rce (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 74a74a4133ed8082eba8452bb59a82dcf6975e1e8c4d6630a47088c17d6b6cca Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...
Evil Twin Wi‑Fi Hacker Jailed for Stealing Data Mid‑Flight
An Australian man who used fake “evil‑twin” Wi‑Fi networks at airports and on flights to steal travellers’ data has been jailed for 7 years and 4 months...
UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp
The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stasvl,” ran a long-running bulletproof hosting operation used by top ransomware groups...
CVE-2025-61661
A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...
EUVD-2025-117407
Malicious code in evil-gold-yak npm...
EUVD-2025-79306
Malicious code in evilmanateez3n npm...
EUVD-2025-64233
Malicious code in evilbasiliskz3n npm...
EUVD-2025-54527
Malicious code in evil-harlequin-coyote npm...
EUVD-2025-54526
Malicious code in evil-orange-lynx npm...