Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code ...
The Hacker News

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA adds a critical ASUS Live Update vulnerability to its KEV list, citing active exploitation linked to a past supply chain ...

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc

Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years ...
CSO Online

CISA orders immediate patching as GeoServer flaw faces active exploitation

Federal agencies told to fix critical XXE vulnerability (CVE-2025-58360) in GeoServer after attackers gain a head start.