GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. [...]

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. [...]

Phishing succeeds not because users are careless, but because attackers exploit human timing, context, and emotion. Flare shows how modern phishing has become industrialized, scalable, and increasingly hard to spot. [...]

Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month's Windows security updates. [...]