Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
May 17, 2026
Security & Infrastructure Tools
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
Tycoon2FA, a well-known phishing toolkit, has added device-code phishing to its arsenal, using Trustifi tracking URLs to hijack Microsoft 365 accounts via the OAuth device login flow. After an international police disruption in March, the operation rebuilt its infrastructure and returned to normal activity with added obfuscation. In late April, Tycoon2FA campaigns leveraged the device authorization grant to gain OAuth tokens, granting attackers access to victims’ emails, calendars, and cloud storage. Researchers warn that device-code phishing is surging and recommend defenses such as disabling the device-code flow when not needed, restricting OAuth permissions, requiring admin approval for third-party apps, enabling Continuous Access Evaluation, and monitoring Entra logs for deviceCode activity, along with applying published IoCs.
By TechLogHub
May 17, 2026
Security & Infrastructure Tools
Microsoft rejects critical Azure vulnerability report, no CVE issued
Security researcher Justin O'Leary alleges a critical privilege-escalation flaw in Azure Backup for AKS that could let a user with only the Backup Contributor role gain cluster-admin rights via the Trusted Access mechanism. Microsoft says the behavior was expected and that no product changes or CVE were issued, despite O'Leary's claims and evidence of new permission checks and failed exploits after disclosure. CERT/CC independently validated the issue, assigned a tracking ID, and initially scheduled public CVE disclosure, but Microsoft lobbied MITRE to block a CVE and CERT/CC closed the case under CNA rules. After the disclosure, the attacker path reportedly no longer works; Microsoft now requires manual Trusted Access configuration and added permission checks, suggesting the vulnerability was fixed without a public advisory. The episode underscores the 'validation gap' and the challenge defenders face when CVEs or public advisories are absent.
By TechLogHub
May 16, 2026
Security & Infrastructure Tools
Russian hackers turn Kazuar backdoor into modular P2P botnet
Russian hacker group Secret Blizzard has upgraded the Kazuar backdoor into a modular, peer-to-peer botnet designed for long-term persistence, stealth, and data exfiltration. The malware now uses three modules—Kernel (leader election and task orchestration), Bridge (external C2 proxy), and Worker (keylogging, screenshots, data harvesting, and reconnaissance)—with around 150 configurable options, including AMSI, ETW, and WLDP bypasses. Communications are AES-encrypted and protobuf-serialized via IPC. Microsoft warns this evolution increases evasion, urging defenses to emphasize behavioral detection. The botnet targets government and critical infrastructure across Europe, Asia, and Ukraine.
By TechLogHub
May 15, 2026
Security & Infrastructure Tools
Critical Funnel Builder WordPress Plugin Bug Exploited to Steal Credit Card Data on WooCommerce Checkouts
Security researchers revealed a critical unauthenticated vulnerability in Funnel Builder for WordPress that injects malicious JavaScript into WooCommerce checkout pages, enabling theft of credit card data. The flaw affects all versions prior to 3.15.0.3 and can be triggered through an exposed checkout endpoint to modify the plugin’s External Scripts setting, loading a skimmer that collects card numbers, CVVs, billing addresses, and other customer data. The malicious payload is disguised as a fake Google Tag Manager/Analytics script and communicates with an attacker-controlled server. FunnelKit released version 3.15.0.3 to fix the issue; admins should update immediately and audit External Scripts for rogue entries. The attack was detected by Sansec and reportedly affects more than 40,000 sites.
By TechLogHub