CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.
The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...
Android

A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

A security researcher decompiled the White House’s new official app and found some alarming stuff buried in the code, including a hidden GPS tracking pipeline, JavaScript loaded from a random GitHub ...
Missoulian

On this day 50, 25 years ago: Jury picked for unsolved murders, Marc Racicot addresses UM grads

Jurors picked to help solve unsolved murders, former governor addresses the class of 2001.
Security Boulevard

Reducing Authentication Errors in Enterprise Environments: A Human-Centric Approach

Learn how a human-centric approach can reduce authentication errors in enterprise environments while improving security and ...
Missoulian

On this day 50, 25 years ago: Housing out of reach, dot-com bubble bursts

Buying a new house was out of reach for average citizens, and UM grads were entering the workforce during the dot-com crash.

Official White House app contains code to bypass GDPR banners and paywalls

The app contains multiple features that have sounded alarm bells in this security researcher's analysis.
Cyber Daily

Aussie schools breach: The Instructure hack ‘transcends an isolated IT incident’

Schools and universities across Australia have been caught up in a global IT breach, with possibly lifelong impacts for ...

Google accidentally published a four-year-old Chromium security bug, then tried to hide it again

Google recently published – and then quickly hid – a potentially dangerous bug found in the Chromium web browser. The ...

Hackers deface school login pages after claiming another Instructure hack

The cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure ...