The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...