Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online

Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online ...
Nieman Journalism Lab

Why “magic links” and passcodes are taking over news logins

"This is really useful for small publishers who have no business wanting to store a whole bunch of random passwords." ...