Dark Reading

Exploits Turn Windows Defender into Attacker Tool

Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are ...
SecurityWeek

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass.
SecurityWeek

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers used AppleScript and ClickFix in recent attacks targeting macOS systems at financial organizations.
Dark Reading

North Korea Uses ClickFix to Target macOS Users' Data

North Korea's Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
Microsoft

Detection strategies across cloud and identities against infiltrating IT workers

The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing ...