Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign

A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat actor begins by registering domains that include the term “passkey” (for example, assignpasskey[.]com, deploypasskey[.]com, passkeydeploy[.]com, passkeyadd[.]com,…

GhostApproval Attack Impacts Amazon Q, Claude Code, Cursor, Google Antigravity, and Windsurf

A newly disclosed vulnerability pattern known as “GhostApproval” is exposing significant flaws in the trust boundary of leading AI coding assistants, including Amazon Q Developer, Anthropic Claude Code, Cursor, Google Antigravity, Augment, and Windsurf. This issue demonstrates how attackers can…

Microsoft Patches Defender ‘RoguePlanet’ Vulnerability

The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update. The post Microsoft Patches Defender ‘RoguePlanet’ Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Microsoft…

Google Chrome Update Patches 27 Security Vulnerabilities Including Critical Use-After-Free Flaws

Google has released a critical security update for Chrome, upgrading the Stable channel to version 150.0.7871.114/.115 on Windows and macOS, and to version 150.0.7871.114 on Linux. This update addresses 27 vulnerabilities, including several critical use-after-free flaws that could potentially enable…