BiDi Swap: How Bidirectional Unicode Is Being Used to Make Fake URLs Appear Legitimate What the BiDi Swap trick is and why it matters Security researchers at Varonis have documented a renewed phishing technique they call “BiDi Swap,” in which attackers abuse Unicode bidirectional (BiDi) control characters to make malicious URLs display as if they…
Qilin Ransomware Deploys Linux Payloads and BYOVD Tactics in Hybrid Attacks Overview and key facts Security researchers have observed the Qilin ransomware operation — also tracked under the names Agenda, Gold Feather and Water Galura — using a hybrid attack approach that pairs a Linux-capable payload with a BYOVD (Bring Your Own Vulnerable Driver) exploitation…
CoPhish: Copilot Studio Agents Used to Steal OAuth Tokens via Trusted Microsoft Domains Overview Security researchers have identified a new phishing technique named “CoPhish” that leverages Microsoft Copilot Studio agents to deliver fraudulent OAuth consent prompts via legitimate Microsoft domains. The campaign uses the trust provided by Microsoft-owned infrastructure to present users with what appear…
194,000+ Domains Tied to Global Smishing Campaign, Unit 42 Warns Summary of the Finding Palo Alto Networks Unit 42 has attributed more than 194,000 malicious domains to a large-scale, ongoing smishing campaign that has been active since January 1, 2024. The campaign, as reported by the security vendor, targets a wide range of services and…
Toys “R” Us Canada confirms customer records stolen and later leaked — what organizations and customers should do next Summary of the incident Toys “R” Us Canada has notified customers that threat actors leaked customer records they had previously stolen from the retailer’s systems. The company’s breach notification, shared with affected customers, indicates an incident…
Critical Adobe Commerce/Magento Vulnerability Exploited in Over 250 Attack Attempts What happened Security researchers at e-commerce protection firm Sansec reported that threat actors have begun actively exploiting a recently disclosed vulnerability affecting Adobe Commerce and Magento Open Source. The flaw is tracked as CVE-2025-54236 and carries a CVSS score of 9.1. Sansec recorded more than…
TP-Link Fixes Four Omada Gateway Vulnerabilities, Two Allow Arbitrary Code Execution What the update fixes TP-Link has released security updates addressing four vulnerabilities in its Omada gateway devices, including two critical flaws that can lead to arbitrary code execution. One of the flaws has been publicly identified as CVE-2025-6541 (CVSS 8.6), an operating system command…
DNS0.EU Public DNS Service Shuts Down Citing Sustainability Constraints What happened DNS0.EU, a non-profit public DNS resolver that served primarily European users, announced an immediate shutdown, attributing the decision to time and resource constraints. The project’s operators said they were unable to continue running the service under current conditions and ceased operations with immediate effect.…
TikTok “ClickFix” Videos Deliver Info‑Stealers via Fake Activation Guides Summary of the campaign Security researchers are tracking a surge of so‑called “ClickFix” attacks that use short TikTok videos posing as free activation or “fix” guides for popular software — including Windows, Spotify and Netflix — to trick users into downloading information‑stealing malware. The videos present…
OpenAI: GPT-6 Will Not Ship in 2025 — Implications for Developers, Enterprises, and Policymakers What OpenAI confirmed OpenAI has confirmed that GPT-6 will not be shipped in 2025. The company’s statement clarified that while a major labelled release is not planned for this calendar year, this does not preclude the release of other models, updates,…