Another week, another array of peculiar security incidents that unfolded within a span of seven days. From ingenious tactics to lazy exploits, the landscape of cybersecurity witnessed a mix of old tricks refined, vulnerabilities exposed, and unsettling revelations of successful attacks.
The trend observed this week seemed all too familiar, with a hint of annoyance. The resurgence of old tactics, debunking of assumptions, and eyebrow-raising instances of successful breaches made for an intriguing read.
Amidst the chaos, the ecosystem exhibited its eccentricities — from impeccably professional infrastructure to tools finding their way into unauthorized hands, and the perennial issue of human error in clicking on dubious links.
For those curious about the recent activities of threat actors, researchers, and the mischievous internet entities, The Hacker News brings you the highlights in this week’s ThreatsDay Bulletin. Let’s dive in.
-
OAuth consent abuse
Wiz, a cloud security firm, issued a warning about the risks associated with malicious OAuth applications, emphasizing the concept of “consent fatigue” that could enable attackers to gain access to sensitive data by misleading users into granting permissions to rogue apps disguised as legitimate ones. A large-scale campaign in early 2025 saw 19 OAuth applications impersonating reputable brands, such as Adobe and OneDrive, to target multiple organizations, as reported by Proofpoint in August 2025.
-
Messaging account takeover
Russian-linked hackers have been attempting to compromise Signal and WhatsApp accounts of government officials, journalists, and military personnel globally using social engineering tactics to trick individuals into divulging security verification codes. The attackers masquerade as Signal Support chatbots to extract codes and gain unauthorized access to accounts. Similar warnings were issued by Germany, highlighting the sophistication of phishing campaigns aimed at obtaining sensitive information.
These incidents serve as a reminder that cybersecurity threats continue to evolve, presenting new challenges for defenders. Stay informed, stay vigilant, and adapt to the ever-changing landscape of digital security.
For more insights into the world of cybersecurity, keep exploring The Hacker News for the latest updates and trends. Stay safe online!
