New CoPhish attack steals OAuth tokens via Copilot Studio agents

Published on October 25, 2025

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. [...]

Continue reading on website
Other news

Hackers launch mass attacks exploiting outdated WordPress plugins

October 24, 2025
A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). [...]

Hackers steal Discord accounts with RedTiger-based infostealer

October 26, 2025
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. [...]