Malicious campaigns abuse OAuth redirect behavior to bypass phishing defenses and deliver malware
Microsoft researchers warned that attackers are abusing OAuth error handling redirection flows to redirect victims from legitimate authentication pages to attacker-controlled phishing websites. Because the redirect originates from trusted identity infrastructure, the link may appear legitimate and bypass traditional phishing detection controls.
Researchers observed that the campaigns primarily targeted government and public sector organizations, where compromised credentials could provide access to cloud services, collaboration platforms and internal enterprise systems used for sensitive operations.
Identity infrastructure has become an attractive attack surface because a successful compromise can grant access to multiple enterprise applications through a single authentication workflow, enabling lateral movement or additional credential theft.
China‑linked UAT 9244 deploys a new malware toolkit against telecom networks in long‑term espionage efforts
Security researchers reported that the China linked threat actor UAT 9244 targeted telecommunications providers in South America using a previously undocumented malware toolkit designed to support long term espionage activity.
The attackers deployed implants including TernDoor, PeerTime, and BruteEntry, which enable remote command execution, persistence and reconnaissance within compromised telecom infrastructure environments.
Telecommunications providers represent strategic targets because access to their infrastructure can expose network traffic, subscriber information and downstream organizational connections, creating opportunities for surveillance or follow on attacks.
Anubis ransomware operators claim theft of 170GB of AkzoNobel files, prompting incident response
The multinational chemical company AkzoNobel confirmed a cyber incident affecting one of its U.S. locations after the Anubis ransomware group published samples of allegedly stolen internal files on its data leak site.
Attackers claimed to have exfiltrated roughly 170GB of corporate information, including documents and internal communications that could expose confidential operational or business data.
The case reflects the continued use of double extortion ransomware tactics, where attackers combine data theft with the threat of public disclosure to pressure victims into negotiations.
Clinical services at the Mississippi Medical Center return online following remediation of a ransomware incident
The University of Mississippi Medical Center restored clinical operations after a ransomware attack disrupted hospital IT systems and temporarily blocked access to electronic medical records.
The incident forced the organization to cancel imaging appointments and outpatient procedures while incident response teams worked to contain the intrusion and recover affected systems.
Health care organizations remain frequent targets for ransomware attacks on critical infrastructure, where operational disruption can create pressure to quickly restore services.
Google says threat actors abused 90 zero‑day flaws in 2025, many targeting core infrastructure systems
Researchers from Google Threat Intelligence Group reported that attackers exploited 90 zero-day vulnerabilities in real world attacks during 2025.
A significant portion of these vulnerabilities affected enterprise technologies such as networking equipment, operating systems, and security appliances deployed across corporate environments.
Threat actors often target infrastructure platforms because successful exploitation can provide privileged access to internal networks and sensitive enterprise resources.