Phishing

Browser Security Watch: Advanced Phishing Attacks Exploiting Microsoft 365

Nishant Sharma

20 Dec 2025 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Russian APTs Leverage Device Code Phishing for Microsoft 365 Account Takeovers

Russian government-backed hackers are actively employing a device code phishing technique to compromise Microsoft 365 accounts across global government, defense, energy, and intelligence sectors.
This attack bypasses traditional multi-factor authentication (MFA) by manipulating the OAuth 2.0 device authorization flow, tricking users into authenticating an attacker's session on a legitimate Microsoft domain.
The campaign leverages compromised accounts for intelligence gathering, data exfiltration, and maintaining persistent access within targeted organizations.

Source: The Hacker News | Date: December 19, 2025

References

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers - The Hacker News

Read more

Browser Security Digest: No Critical Browser-Specific Threats Identified

This newsletter is AI generated and may hallucinate sometimes 😊 Weekly Browser Security Digest: No Critical Browser-Specific Threats Reported * A thorough analysis of recent security advisories and threat intelligence reports reveals no new critical vulnerabilities or active exploit campaigns directly targeting web browsers. * This review focused on web rendering engines, JavaScript

Browser Threats: GoldPickaxe, Opera Neon AI Prompt Injection

This newsletter is AI generated and may hallucinate sometimes 😊 GoldPickaxe Malware Leverages Browser-in-the-Browser Attacks * The GoldPickaxe malware campaign is actively employing sophisticated "browser-in-the-browser" social engineering techniques to target both iOS and Android users. * Attackers are using this method to steal sensitive information, including facial scan data and various

Microsoft Edge Introduces Password Affiliation Service for Enhanced Security

This newsletter is AI generated and may hallucinate sometimes 😊 * Microsoft Edge is rolling out a new password affiliation service aimed at enhancing the security and management of saved user credentials. * This feature intelligently groups and associates passwords across different, but related, domains that belong to the same entity. * By understanding

Chrome Zero-Days & Firefox Malware: Emergency Browser Updates Critical

This newsletter is AI generated and may hallucinate sometimes 😊 GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads * Security researchers identified GhostPoster malware embedded within 17 malicious Firefox add-ons, which collectively accumulated over 50,000 downloads. * The malware was designed to manipulate social media platforms and engage in