Latest Threat Intel

Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. The malware can also steal credentials stored in the browser, cryptocurrency wallet data, and game accounts. RedTiger is a Python-based penetration testing suite for Windows and Linux that bundles options for scanning networks and cracking

The 2024 FinWise data breach serves as a stark example of the growing insider threats faced by modern financial institutions. Unlike typical cyberattacks originating from external hackers, this incident stemmed from unauthorized access by a former employee using retained credentials. On May 31, 2024, the ex-employee accessed FinWise Bank’s systems after leaving the company and

Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. On Messenger, the company has started testing more advanced scam-detection for suspicious chats that will warn users when a new contact sends a potentially scammy message, giving them the option to send recent messages for AI scam

North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. The threat group’s activity was detected in late March and targeted organizations involved in the development of unmanned aerial vehicle (UAV) technology. ‘Operation DreamJob’ is a long-running Lazarus campaign where the adversary, posing as

OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions. The AI Sidebar Spoofing attack was devised by researchers at browser security company SquareX and works on the latest versions of the two browsers. The researchers created three realistic attack scenarios where a

A new phishing technique dubbed ‘CoPhish’ weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. The technique was developed by researchers at Datadog Security Labs, who warned in a report earlier this week that Copilot Studio’s flexibility introduces new, undocumented phishing risks. Although CoPhish relies on social

By Ido Shlomo, CTO and Co-Founder, Token Security Agentic AI has arrived. From custom GPTs to autonomous copilots, AI agents now act on behalf of users and organizations, or even act as just another teammate, making decisions, accessing systems, and invoking other agents without direct human intervention. But, with this new level of autonomy comes

​The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. At Pwn2Own Ireland 2025, competitors targeted products in eight categories, including printers, network storage systems, messaging apps, smart home devices, surveillance equipment, home networking equipment, flagship smartphones (Apple iPhone 16, Samsung Galaxy S25, and Google Pixel 9), and

We all need to reset our passwords occasionally, whether it’s due to a simple memory lapse or wider security concerns. However, the process can rack up surprising expenses for organizations. This means self-service password resets (SSPR) aren’t just a ‘nice to have’, they are essential. Of course, password resets are a part of life for