Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
MUO on MSN

I gave Claude, ChatGPT, and Gemini the same broken JavaScript to debug — only one found the actual cause

Debugging isn’t just guessing.
Morning Overview on MSN

The TanStack supply chain attack hit OpenAI — hackers reached two employee devices and forced the company to rotate all its code-signing certificates

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
Nature

How to vibe code in science: early adopters share their tips

He was brainstorming ideas with an artificial-intelligence tool and getting it to code and create them quickly. Together, ...