A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re given is actually Venom Stealer—a type … Read more
Researchers have published a proof-of-concept (PoC) that uses custom fonts to fool many popular Artificial Intelligence (AI) assistants, including ChatGPT, Claude, Copilot, Gemini, Leo, Grok, Perplexity, Sigma, Dia, Fellou, and Genspark. Imagine a book where the visible text is harmless, but hidden between the lines is a second message written in special, human-only ink. Humans … Read more
Google just dropped a bombshell for app developers with the latest version of its Android mobile operating system. The company can now prevent apps from installing if they try to use the system’s accessibility features. The new development, live in version 17.2 of Android, is all about security, explains the company. It stops certain kinds … Read more
As part of Microsoft’s March 2026 Security Update, an elevation of privilege vulnerability in Microsoft SQL Server, tracked as CVE-2026-21262, was disclosed and patched. The flaw arises from improper access control within SQL Server that allows an authenticated, low-privileged user to escalate their rights over the network to the highest built-in role on the database … Read more
Passwordless authentication replaces stored credentials with short-lived cryptographic tokens delivered through channels the user controls (email, SMS, device biometrics). A developer can implement a production-ready magic link or OTP flow using MojoAuth in a single day, without building token management, rate limiting, or email delivery infrastructure. Why Passwords Are Still a Developer’s Problem in 2026 … Read more
Overview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, Microsoft Office, and Visual Studio Code. These vulnerabilities include privilege escalation, remote code execution, and other high-risk vulnerabilities. In this monthly update, 5 vulnerabilities are rated as … Read more
By: Kahng An, Intelligence Team Cofense Intelligence has been tracking how threat actors are abusing Windows File Explorer’s ability to retrieve remote files over Web-based Distributed Authoring and Versioning (WebDAV), and HTTP-based file management protocol, to trick victims into downloading malware. WebDAV is a relatively unpopular method of file transfer and remote file storage nowadays, … Read more
On January 12, 2026, Apple made a decision that shocked Silicon Valley: they chose Google’s Gemini to power the next generation of Siri. Not OpenAI’s ChatGPT. Not their own in-house model. Google. The deal is reportedly worth $1 billion per year. That’s billion with a B—for what amounts to Apple admitting they can’t build competitive … Read more
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and … Read more
Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect clones of the Windows 11 download page. Click Download Now and instead of a Windows update, you get a malicious installer—one that silently steals saved passwords, browser sessions, and cryptocurrency wallet data. “I just wanted to update Windows” … Read more