Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...
The Hacker News

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.
The Hacker News

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

SloppyLemming targeted Pakistan and Bangladesh with BurrowShell, a Rust keylogger, and 112 Cloudflare Workers domains in 2025 ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
WinBuzzer

Microsoft Edge Will Auto-Launch Copilot on Outlook Links

Microsoft has announced Edge will automatically open the Copilot side pane when users click Outlook links, raising pushback ...