Invisible Threats: Source Code Exfiltration in Google Antigravity – FireTail Blog
TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source code By...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks
Attackers are abusing normal OAuth error redirects to send users from a legitimate Microsoft or Google login URL to...
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook Pierluigi Paganini March 04, 2026 APT group Silver Dragon,...
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 04, 2026...
Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals
Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals Pierluigi Paganini March 04, 2026 A ransomware attack...
Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement
This article was originally published in Cyber Defense Magazine on 02/09/26 by Charlie Sander. The Illuminate incident serves as...
Shadow AI vs Managed AI: What’s the Difference? – FireTail Blog
Quick Facts: Shadow AI vs. Managed AI Shadow AI is a visibility gap: It refers to any AI tool...
Google Workspace vs. Microsoft 365: What’s the best office suite for business?
* Paid annually ** Mobile apps available for Android and iOS *** Require additional subscriptions* Mobile apps available for Android...
New RFP Template for AI Usage Control and AI Governance
The Hacker NewsMar 04, 2026Artificial Intelligence / SaaS Security As AI becomes the central engine for enterprise productivity, security leaders...
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Ravie LakshmananMar 04, 2026Threat Intelligence / Application Security Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities...
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Ravie LakshmananMar 04, 2026Malware / Windows Security Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed...
Secure Authentication Architecture for Ecommerce and Retail Platforms
Authentication has become one of the most critical infrastructure components for modern retail and ecommerce platforms. Retail organizations must...
The Worm Turns – When the Hunter Becomes the Hunted Mass Surveillance and the Weaponization of the Data We Voluntarily Create
The Art of War famously teaches that the most effective strategy is to defeat an adversary by turning the...
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
Ravie LakshmananMar 04, 2026Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently...
The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest
TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects...