Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Multiple sophisticated phishing kits are now focusing on harvesting device codes to breach accounts without a password, according to researchers at LevelBlue. “Device code phishing exploits a legitimate Microsoft authentication flow to harvest Microsoft 365 access and refresh tokens without ever capturing a password,” the researchers explain. “The core mechanic is straightforward: whoever initiates the authentication request receives the resulting tokens.

A few years ago, the goal was simple: rank on page one of Google. If your website appeared among the first 10 blue links, people would find you. That equation is changing. Search behavior is shifting from keyword lookups to answer-led queries. Instead of scanning a list of results, more people are turning to AI-powered search tools that read across the web, consolidate information, and deliver a direct answer. ChatGPT, Google AI Overviews, Perplexity, and Claude all work this way.

Security operations teams are facing a familiar, but growing, challenge. As threat actors leverage AI and automation to move faster, alerts continue to expand in volume and complexity. Even mature security teams struggle to keep up with investigation timelines, maintain institutional knowledge, and ensure consistent response quality. At the same time, buyers are demanding more from their security platforms. They want solutions that go beyond detection.

Shopping for security testing, you’d have probably noticed that almost every vendor now promises continuous autonomous pentesting. The word sounds reassuring, suggesting round-the-clock surveillance, patching and making sure nothing slips through. But when you ask for what is being surveilled, when, how frequently, your levers in reporting and support, the milk starts to get curdy. This curd is the word “Continuous”.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! LastPass hit again…

Leading Managed Service Provider (MSP) distributors aren’t just adding identity tools to their marketplace. They are redefining the criteria for partnership within their ecosystems. For years, joining a major distributor’s marketplace was primarily a commercial transaction. Submit your business details, pass some basic onboarding checks and sell away. Identity security was an afterthought, a product category rather than a partnership requirement. Those days are gone.

Your DLP controls are correctly configured. Classification policies are in place. Sensitive data is labeled. And your AI tools are quietly building a picture of your organization that none of those controls can see. Most AI-related data exposure does not arrive as a file transfer event.

Attestation is a security process that enables one system or entity to prove its state or characteristics to another. This typically involves generating verifiable evidence about the software, hardware, or configuration of a device or environment. The primary goal is to ensure that systems are operating as expected and have not been tampered with. Attestation is important for building trust in distributed environments, where direct oversight and control are not always possible.

Manual security operations don't just slow teams down. They make breaches more expensive. Organizations that implement advanced security automation cut breach response time by over 100 days and save an average of $3.05 million per incident, according to JumpCloud's 2024 analysis. That number reframes the conversation. Automation in security isn't a convenience feature for mature SOCs. It's an operating model.

For over twenty years, the global security community has operated under a single, comfortable assumption: that a centralized public source could help track, analyze, and enrich the world’s software vulnerabilities at the pace the industry needed. When the National Vulnerability Database (NVD) was established, the open source vulnerability lifecycle moved at a radically different pace.