A critical security vulnerability in Azure Active Directory affects over 50,000 users, exposing sensitive data via an unsecured API endpoint in a JavaScript file. Discovered by CloudSEK, it allows unauthorized access to Microsoft Graph with broad permissions, revealing detailed employee records, including executive information. The incident highlights significant security oversights and risks associated with misconfigured web applications.
AMOS macOS Stealer Distributed Via Clickfix Bypasses macOS Security & Execute Malware
A malware campaign is targeting macOS users through fake domains that impersonate US telecommunication provider, Spectrum. The attack uses a new version of Atomic macOS
