Login Subscribe

7secure Coverage

Articles

Search and filter the broader reporting stream across incidents, AI security, policy, and operational coverage.

Vulnerabilities & Exploits

Microsoft Authenticator Leak Exposes MFA Codes Until App Update

Microsoft Authenticator Leak Exposes MFA Codes Until App Update

A vulnerability was discovered in the Microsoft Authenticator mobile app that could unintentionally reveal the time‑based one‑time passwords (TOTPs) it generates. The flaw allowed the codes to be displayed in clear text under certain conditions, making them accessible to anyone with physical or remote access to the device

Vulnerabilities & Exploits

Critical Android Graphics Driver Flaw Lets Attackers Bypass Lock Screen in Seconds

Critical Android Graphics Driver Flaw Lets Attackers Bypass Lock Screen in Seconds

Malwarebytes has identified a critical zero‑day vulnerability in Android’s graphics driver stack. By delivering a specially crafted image or malicious app, an adversary can trigger the bug and force the device to unlock in under a minute, bypassing PIN, password, or biometric protections without user interaction. The flaw

Identity & Access Management

IoT Devices Using Default Admin Logins Pose Critical Lateral Movement Risk

IoT Devices Using Default Admin Logins Pose Critical Lateral Movement Risk

A recent SANS diary entry highlighted that a large number of Internet‑of‑Things devices are still deployed with administrative accounts that use default or weak passwords. These credentials are often hard‑coded into the firmware and allow direct admin‑level access to the device’s management interface. Attackers who

AI‑driven attack automation escalates supply‑chain risk 🚀. Mobile OS and MFA flaws expose credential theft vectors 🔓.

AI‑driven attack automation escalates supply‑chain risk 🚀. Mobile OS and MFA flaws expose credential theft vectors 🔓.

Good morning, March 12 2026 – here’s the latest intelligence you need. Today's headlines * GreyNoise adds real‑time blocklists to Google SecOps and CrowdStrike platforms. * IoT devices with default admin credentials remain a critical entry point. * Android lock‑screen flaw can be bypassed in under a minute. * Microsoft

Threat Intelligence

Google’s Groundsource Uses Gemini to Turn Crisis News into Structured Threat Intel

Google’s Groundsource Uses Gemini to Turn Crisis News into Structured Threat Intel

Google Research unveiled Groundsource, a pipeline that leverages the Gemini large‑language model to ingest free‑form news articles about crises—natural disasters, conflicts, pandemics—and output them as machine‑readable entities such as locations, dates, actors, and incident types. By automatically structuring this unverified “ground truth” data, the system

Threat Intelligence

Surge in Legacy Brute‑Force and New Port‑Scan Tactics Spotted Globally

Surge in Legacy Brute‑Force and New Port‑Scan Tactics Spotted Globally

The March 12, 2026 ISC Stormcast report shows a sharp rise in brute‑force attempts targeting legacy services such as SMB 1.0, Telnet, and older SSH implementations. Attackers are leveraging credential‑stuffing botnets to flood these outdated endpoints, causing repeated login failures and increasing the risk of successful compromise