OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...

PowerShell can do far more than most users realize. Explore 10 hidden capabilities that save time, improve reporting, and supercharge your workflow.

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks.

Alibaba unveiled Qwen3.5, an open-weight, 397-billion-parameter mixture-of-experts model that only wakes up 17 billion neurons per prompt. The payoff? You get 60% lower inference ...

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

As the SharePoint Embedded connector was released last night, I thought it would be useful to start a series of posts about ...