Bleeping Computer

Microsoft Sway abused in massive QR code phishing campaign

A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials.
Bleeping Computer

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...