Feds take notice of iOS vulnerabilities exploited under mysterious circumstances

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch three critical iOS vulnerabilities that were exploited over a 10-month span in hacking campaigns conducted by ...

Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks

A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks.
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
IEEE

Toward Efficient Deobfuscation via Large Language Models

Abstract: Obfuscation modifies code structure to impede reverse engineering and is widely used to protect intellectual property and evade malware detection. However, existing deobfuscation techniques ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Infosecurity-magazine.com

OysterLoader Evolves With New C2 Infrastructure and Obfuscation

A multi-stage malware loader known as OysterLoader has continued to evolve into early 2026, refining its command-and-control (C2) infrastructure and obfuscation methods. The C++-based threat, also ...
IEEE

DualGuard: Obfuscated Federated Learning With Two-Party Secure Robust Aggregation

Abstract: Federated learning (FL) is a promising privacy-preserving distributed machine learning paradigm. However, data privacy leakage and Byzantine clients are common challenges in the FL ...