CNET

The Feds Took Down a 'Full-Service Cybercrime Platform' Behind $20M in Phishing

The W3LL phishing kit helped criminals steal tens of thousands of account credentials, primarily targeting Microsoft 365 ...
The Next Web

Roblox splits its user base into three age-gated tiers as lawsuits mount over child safety

Select (9-15), and standard (16+) tiers starting mid-May, gating content and chat by age as eight US states sue over child ...

FBI takedown of W3LL phishing service leads to developer arrest

The FBI Atlanta Field Office and Indonesian authorities have dismantled the "W3LL" global phishing platform, seizing ...
CSO Online

Seven IBM WebSphere Liberty flaws can be chained into full takeover

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution.

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.