DXC Security Threat Intelligence Report

Hackers are using Flipper Zero, a popular and relatively cheap hacking tool, to spam iPhones with annoying pop-ups that prompt the user to connect to a nearby AirTag, Apple TV, AirPod or other Apple device.

TikTok is shifting its European users’ data to new servers in Dublin, Ireland. The move is part of the video-sharing platform’s response to data-privacy concerns around its links to China.

QR code phishing campaigns have been observed targeting the Microsoft credentials of users from a wide array of industries. The most notable target, a major U.S. energy company, saw nearly 30% of 1,000+ emails containing malicious QR codes.

Phishing attempts can already be made indistinguishable from legitimate emails by using AI, eliminating red flags. Now some security experts are fighting back with AI to get ahead of the attackers.

Networks, including those of the U.S. government networks, have reportedly been breached by Chinese hackers. The attackers gained access to user email using forged authentication tokens, including a stolen Microsoft Azure account consumer signing key.

Hackers are abusing Cloudflare’s legitimate tunneling feature to create stealthy HTTPS connections from compromised devices, bypass firewalls and maintain long-term persistence.

This Microsoft code editor and development environment contains a flaw that lets malicious extensions retrieve authentication tokens stored in Windows, Linux and macOS credential managers.