Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 ...
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
GitHub

A modern binary serialization library for Rust - the successor to bincode.

OxiCode is a compact encoder/decoder pair that uses a binary zero-fluff encoding scheme. The size of the encoded object will be the same or smaller than the size that the object takes up in memory in ...

基于深度学习的电信级反垃圾与反钓鱼短信防护系统研究

本文旨在系统性地研究基于深度学习的电信级反垃圾与反钓鱼防护机制。文章将首先分析当前短信诈骗的技术特征与演化趋势,随后构建一个包含数据预处理、特征工程、模型训练及实时推理的完整技术架构。重点探讨如何利用自然语言处理技术提取短信文本的深层语义特征,以及如 ...
The Hacker News

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...
GitHub

predict-woo/qwen3-tts.cpp

Benchmark Snapshot (PyTorch vs qwen3-tts.cpp): Basic 3.19x faster, Clone 4.07x faster. Peak RSS delta: Basic +19.0%, Clone +7.7%. C++ inference for Qwen3-TTS using the GGML tensor library. Runs the ...

基于多模态感知与行为分析的二维码钓鱼防御机制研究

在数字化转型的浪潮中,电子邮件系统作为企业内外部信息交互的枢纽,始终是网络攻防博弈的主战场。长期以来,针对邮件系统的攻击主要集中于文本内容的混淆、恶意附件的伪装以及URL链接的隐匿。为了应对这些威胁,企业普遍部署了基于签名库、启发式规则及沙箱技术的邮件安全网关(SEG),形成了相对成熟的防御体系。然而,攻击者的战术始终随着防御技术的升级而动态演进。近年来,一种利用二维码作为攻击媒介的新型钓鱼手法— ...