Microsoft has alerted users to CVE-2025-21396, a critical authentication bypass vulnerability that allows attackers to spoof credentials and access Microsoft accounts. Experts recommend applying updates and strengthening authentication methods to mitigate risks. The flaw stems from inadequate validation of IP addresses and DNS names. Microsoft has released patches, and users are urged to implement robust security measures.
Beware of Fake DeepSeek PyPI packages that Delivers Malware
A malicious campaign compromised Python Package Index (PyPI) targeting two packages, deepseeek and deepseekai. Orchestrated by an alias, “bvk”, the packages, designed to steal sensitive
