Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.โฆ
The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.โฆ
Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while leaving migrants unable to prove their lawful status.โฆ
Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.โฆ
Terraform Labs founder Do Kwon will spend 15 years in jail after pleading guilty to committing fraud.โฆ
My father got tricked into calling scammers after a hidden Google logout URL made him think his computer was hacked. Turns out, Google lets any website instantly log you out of Gmail, YouTube, and Drive just by loading a simple link - no warning, no confirmation. I made a petition, and I want to know if this is something worth signing and sharing, or if it's not realistic.
CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There's some bad news and some good news here.โฆ
It looks harmless enough.
A digital party invitation lands in your inbox or phone. You click to see the details. Then it asks you toย log in or create an accountย before revealing the event.ย
Thatโsย where theย scamย begins.ย
Fake e-viteย phishingย scamsย are on the rise, and they take advantage of something simple:ย social trust.ย Youโreย far more likely to click an invitation than a generic โaccount alertโ or โdelivery notice.โย
And thatโs exactly why scammers are using them.ย
In fact, hereโs a screenshot of a fake phishing email I recently got this holiday season:

When you click the โopen invitationโ link, it immediately asks you to sign in or create an account with your personal information. Thatโs the step where scammers steal your private data.ย
A fake e-viteย scamย is a phishing attack that pretends to be a real invitation from platforms like Paperless Post or other digital invitation services.ย
The goal is to trick you into:ย
Once scammers have your login information, they can:ย
Hereโsย the most common flow:ย
Because this starts with something familiar and social, many people donโt realizeย itโsย phishing until accounts are already compromised.ย Plus, scammers then use your email and name to trick friends and family into trusting more fake e-vites from your account.
Paperless Post has publicly acknowledged theseย scamsย and shared what legitimate messagesย actually lookย like.ย
Legitimate Paperless Post Emails Will Never:ย
Official Paperless Post Email Domains:ย
Legitimate invitations and account messages only come from:ย
Official support emails only come from:ย
If the sender does not match one of these exactly,ย itโsย aย scam.ย
Paperless Post also notes that verified emails may display aย blue checkmarkย in supported inboxes to confirm authenticity.ย ย
If you see any of the following, do not click:ย
Modern phishing attacksย donโtย rely on sloppy design anymore. Many now use:ย
Invitation phishing is especially powerful because:ย
If you entered any information into a suspicious invitation page:ย
The faster you act, the more damage you can prevent.ย
The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.
Weโve been testing AI agents in blue-team scenarios (log triage, recursive investigation steps, correlation, incident reconstruction). A recurring issue surfaced during testing:
Pay-per-use models canโt handle the load.
Deep reasoning tasks trigger non-linear token spikes, and we found that Competitor-style metered billing either slowed down workflows, caused interruptions, or became too expensive to use during real incidents โ especially when dealing with iterative analysis under pressure.
We published a case study summarizing the data, the reasoning patterns behind the token spikes, and why unlimited usage models are better suited for continuous defensive operations.
Sharing here in case it helps others experimenting with AI in blue team environments
Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world's most popular browser's eighth zero-day bug of 2025.โฆ
The UK's Information Commissioner's Office (ICO) says LastPass must cough up ยฃ1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users.โฆ
A security researcher specializing in tracking China threats claims two of Salt Typhoon's members were former attendees of a training scheme run by Cisco.โฆ
Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank.โฆ
Exclusive Seven months after a landmark cyberattack, the UK's Legal Aid Agency (LAA) says it's returning to pre-breach operations, although law firms are still wrestling with buggy and more laborious systems.โฆ
Scanned 1.3M npm packages + top GitHub repos: Dify, LobeChat, Umami are affected and maybe exploited
Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.โฆ