Dark Reading

Chinese Cyber Threat Lurks In Critical Asian Sectors for Years

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows ...
Security Boulevard

The Developer’s Practical Guide to Passwordless Authentication in 2026

Why Passwords Are Still a Developer's Problem in 2026. The case against password-based authentication is well-established in the IAM community, but the practical implications for ...
eWeek

OpenAI Accidentally Leaks GPT-5.4 (And We Tested It)

Error logs and GitHub pull requests hint at GPT-5.4 quietly rolling out in Codex, signaling faster iteration cycles and continuous AI model deployment.

LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability

LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell ...
The Hacker News

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

New hacking cluster exploits web servers and Mimikatz to infiltrate Asian infrastructure for long-term espionage in aviation, energy, and govt sectors ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

How a Brute Force Attack Unmasked a Ransomware Infrastructure Network

A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ...