Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick users into ...

Google threat researchers in May publicized the Russian-based threat group Coldriver's LostKeys credential-stealing malware. However, five days later, the bad actors launched three new malware families that they developed rapidly and used ...

Amazon researchers disrupted a watering hole campaign by Russian-linked cyberespionage group APT29 designed to use compromised websites to trick users into giving the threat actors access to their Microsoft accounts and data ...

Satya says NO: Redmond blames Windows users, rather than solve 30-year-old bug—exploited since 2017 ...

Amost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017 ...

Absolutely un-fabulous: Smells like Russia is responsible, but reality is a bit more complicated ...

Cloud computing giant AWS, tipped off by Ukrainian security experts, seized domains that were being used by Russian threat group APT29 to send phishing emails to government officials and enterprises that contained ...

GoldenJackal, a threat group possibly from Russia, has been attacking embassies and other government agencies from Europe, South Asia, and the Middle East with two distinct malicious toolsets designed to steal information ...

The DOJ and Microsoft in a joint effort seized dozens of domains from a Russian-based threat group known as Star Blizzard, which for more than a year was targeting civil society groups ...

Pragmatic politics: Anger as Putin gets back two notorious cybercriminals ...