FBI warns of Kali phishing scam hitting Microsoft OAuth tokens — warns 'Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures'
THE SO WHAT
Kali365 turns AI-generated phishing into a turnkey SaaS — the skill barrier drops, the volume of credible lures spikes, and OAuth tokens become the new crown jewels. Lock down consent flows and third-party app access this week, or assume your Microsoft estate is only as secure as your least-trained employee on Telegram.
READ THE SOURCE
MORE FROM THE WIRE
Deep & Emerging TechResearchers Issue Warning About Tech That Could Turn Every Router ‘Into a Potential Means for Surveillance’
WiFi-based human detection turns your commodity router into a passive motion sensor — the surveillance surface just jumped from cameras you can see to infrastructure you forget exists. If you're deploying dense WiFi in offices, warehouses, or retail, assume location and presence inference is now technically trivial and start writing policy before regulators do it for you.
Deep & Emerging TechNew 'scareware' attack hits 2.8 million victims, pretending to lock them out of your browser — here’s how you can stay safe
Scareware like CypherLoc doesn't need exploits — it weaponizes UX and support channels at scale, as 2.8M victims just learned. If you run a helpdesk or customer support org, train them this week that 'locked browser' plus 'call this number' is a fraud pattern, not a ticket to resolve.
Deep & Emerging TechTrend Micro users beware - dangerous Apex One zero-day exploited in the wild
Apex One landing in CISA’s KEV list means this zero-day is now a compliance and board issue, not just an IT ticket. If you run Trend Micro anywhere near crown-jewel data, treat patching and compensating controls as this week’s priority, not next quarter’s hardening plan.
Deep & Emerging TechSeQure Quantum: The First Quantum-Safe Link in Critical Electrical Infrastructure in Chile
Quantum-safe networking is moving from whitepapers into grid infrastructure — once utilities start swapping links, every adjacent critical system gets a de facto upgrade deadline. If you operate in energy, transport, or telco, assume your next major infra RFP will bake in post-quantum requirements and start lining up vendors now.