5 Key Takeaways from Inside the Shape-Shifting Inbox: A Modern Playbook for Security Leaders

Artificial intelligence is accelerating one of the most significant shifts the cybersecurity industry has seen in years. During Cofense’s webinar, Inside the Shape-Shifting Inbox:...

CFGI – 248,235 breached accounts

In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data...

Entra Agent ID: Inside a cross-tenant agent compromise

Continuing our Agent ID series, this post demonstrates how a privileged agent could be compromised through its third-party blueprint. This leads to a cross-tenant...

Building the Agentic SOC: A new model for financial services

As AI-powered threats accelerate, financial institutions are evolving toward agentic security operations. Unified data, contextual intelligence, and operational resilience are becoming foundational to the...

105K Chrome Installs Linked to Adware and Fake Google Traffic

Socket researchers linked 152 Chrome wallpaper extensions to hidden data logging, fake Google search traffic, and ad monetization. The post 105K Chrome Installs Linked to...

iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution

iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution A .NET deserialization vulnerability exists in iba ibaPDA and ibaDatCoordinator. An unauthenticated remote attacker can...

Introducing AWS Continuum: Security at machine speed

What we believe We’ve been thinking deeply about enterprise security. The operating model that served us for the past decade (collect telemetry, store it,...

From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker

Key Points The threat actor uses multiple channels to promote and distribute a Rust clipboard hijacker, starting with a dedicated phishing page as the...

Elon Musk, the IRS, and Your Bank Account: Anatomy of a Multi-Stage Financial Scam

By: Kahng An, Intelligence TeamRecently, the Cofense Intelligence team reported on an Internal Revenue Service (IRS)-spoofing email that claims to offer a $5,000 tax...

Latest article

Indian Govt Bans Apps Being Misused to Stop E-Rickshaws Remotely

The Indian government has directed Google and Apple to take down three mobile applications, BAT-BMS, Lossigy, and Epoch-i-ion, after they were allegedly misused to...

Microsoft 365 users fall victim to one-in-a-million password spray attack

Microsoft users have been hit by a massive, automated password spray attack. Among those targeted by the attack were clients...

Apple’s ‘Hide My Email’ Privacy Flaw Exposes Real Email Addresses

Researchers say Apple’s Hide My Email flaw may expose real addresses, despite two fixes. Here’s what users should know about the privacy risk. The post...

Catan and Mouse

Welcome to this week’s edition of the Threat Source newsletter.  “I do not know everything; still many things I understand.” ― Madeleine L'Engle, A Wrinkle...