Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
Security Boulevard

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access. The post The Trivy Compromise: The Fallacy of Secrets ...

New EvilTokens service fuels Microsoft device code phishing attacks

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft ...
Opinion
Cloud Security AllianceOpinion

The Agentic Trust Deficit: Why MCP's Authentication Vacuum Demands a New Security Paradigm

Enterprises have tethered their most consequential operations to AI agents & neglected to secure the ingress. This article explains the gravity of this threat.
Geeky Gadgets

Claude Code 2.0 Adds Multi-Agent Code Review for Team & Enterprise Plans

Claude Code 2.0 as it has been labelled by some introduces new features aimed at improving coding workflows and handling complex tasks more effectively. One notable addition is the “By the Way” ...

What is DeerFlow 2.0 and what should enterprises know about this new, powerful local AI agent orchestrator?

The primary condition for use is the technical readiness of an organization’s hardware and sandbox environment.
eWeek

Anthropic Leaks Claude Code, a Literal Blueprint for AI Coding Agents

Anthropic’s Claude Code leak reveals how modern AI agents really work, from memory design to orchestration, and why the ...