Log Poisoning in OpenClaw
A few weeks ago, OpenClaw suddenly started popping up everywhere. An open-source AI assistant with deep system and…
From Helper to Adversary: The Dual-Use Risks of AI Canvases
Adversaries are becoming more creative by the day, constantly seeking new ways to misuse emerging technologies. That’s why…
Microsoft login page abused as phishing redirector
Eye Security has observed threat actors using links to login.microsoftonline.com in phishing emails. These are not device code phishing or consent phishing attempts. Rather, the threat actors are using the legitimate login page to redirect to a malicious phishing page.
AitM Block: Preventing Modern M365 Phishing Attacks
Modern adversary-in-the-middle phishing attacks proxy the real Microsoft 365 login experience, making traditional detection techniques mostly ineffective. M365…
When Updates Backfire: RCE in Windows Update Health Tools
What if a Microsoft‑tool meant to protect Windows machines, actually opened up remote code execution (RCE) by re-using…
Battling Shadow AI: Prompt Injection for the Good
LLMs and AI agents have become an integral part of businesses worldwide, altering the way we communicate, conduct…
WSUS Deserialization Exploit in the Wild (CVE‑2025‑59287)
Today, our morning coffee was rudely interrupted by a critical alert from a customer’s Windows Server Update Services…
ClickFix Block: protect against fake CAPTCHA attacks | Eye Security
Rise of the “ClickFix” Social Engineering Attack In recent months, we here at Eye Security and other cybersecurity…
Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
This blog is about how I got access to over 22 internal Microsoft services and how you might…
How we Rooted Copilot
Read how we explored the Python sandbox in Copilot and got root on the underlying container