Microsoft Entra OAuth Consent Grant Attack Simulation in the PhishU Framework https://phishu.net/blogs/blog-microsoft-entra-oauth-consent-grant-phishu-framework.html
PROTOCOLO DELTA SWORD: Full Disclosure de Persistência Zero-Day e Omissão Corporativa (Google/Samsung) https://drive.google.com/drive/folders/1S5BTn5KxTmDEgrkjr2pIk3xanL05C9PG
Navia breach exposed HackerOne employee PII due to a BOLA-style access in third-party system https://thecybersecguru.com/news/hackerone-data-breach-navia-solutions/
Alleged OVHcloud data of 1.6M customers and 5.9M websites posted on popular forum for sale. CEO Comments https://thecybersecguru.com/news/ovhcloud-data-breach-2026/
e open-sourced 209 security tests for multi-agent AI systems (MCP, A2A, L402/x402 protocols) https://www.cteinvest.com/blog/209-tests-ai-agent-security-what-we-built.html
Remote Command Execution in Google Cloud with Single Directory Deletion https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/
EmEditor Supply Chain Analysis: Why "Publisher Authorization" isn't the silver bullet we think it is https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/when-trust-becomes-the-attack-vector-analysis-of-the-emeditor-supply-chain-compr/4499552
Lookout's LLM-assistance findings in DarkSword iOS exploit kit: a source-by-source breakdown of what each research team actually said https://blog.barrack.ai/darksword-llm-ios-exploit
Roundcube Webmail: three more sanitizer bypasses enable email tracking and phishing https://nullcathedral.com/posts/2026-03-18-roundcube-round-two-three-more-sanitizer-bypasses/
_