Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...
The Hacker News

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

SloppyLemming targeted Pakistan and Bangladesh with BurrowShell, a Rust keylogger, and 112 Cloudflare Workers domains in 2025 ...

Endor Labs launches free tool AURI after study finds only 10% of AI-generated code is secure

Endor Labs launches AURI, a free security platform that embeds directly into AI coding assistants like Cursor and Claude to catch vulnerabilities in AI-generated code before they ship to production.
SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data ...