Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
The Hacker News

Investigating a New Click-Fix Variant

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.
The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure.

Java 26 with JVM optimizations, HTTP/3, and finally no Applet API

The current OpenJDK 26 is strategically important and not only brings exciting innovations but also eliminates legacy issues like the outdated Applet API.