Robert Simmons on Muck Rack

Robert Simmons

West Chester
As seen in: Color Research & Application, Scribd, Wiley Online Library, MDPI, Post and Courier, American Thinker, Libsyn, River Bender, ReversingLabs, The Edge Magazine and
Is this you? As a journalist, you can create a free Muck Rack account to customize your profile, list your contact preferences, and upload a portfolio of your best work. Claim your profile

Get in touch with Robert

Contact Robert, search articles and posts on X, monitor coverage, and track replies from one place.

Learn more about Muck Rack

Actions

Share this page

Is this you?

As a journalist, you can create a free Muck Rack account to customize your profile, list your contact preferences, and upload a portfolio of your best work.
Claim your profile

Articles

Device code phishing bypasses password stealing

|
By Robert Simmons
| ReversingLabs
RL has discovered an active Microsoft 365 device code phishing campaign that abuses Microsoft's legitimate OAuth 2.0 Device Authorization Grant flow to obtain access to victim accounts. Rather than stealing passwords through a counterfeit login page, the phishing kit persuades victims to complete a legitimate Microsoft authentication process that authorizes an attacker-controlled device.
Open in Who Shared Issue with article?

How to defend ARM64 cloud infrastructure from ITScape

|
By Robert Simmons
| ReversingLabs
ITScape (CVE-2026-46316) is a guest-to-host escape vulnerability in the vGIC-ITS (Interrupt Translation Service) emulation within KVM/arm64, disclosed by researcher Hyunwoo Kim (V4bel) via oss-security on June 10. The root cause is a race condition in the vgic_its_invalidate_cache() function that produces a double-put use-after-free, ultimately enabling host kernel code execution.
Open in Who Shared Issue with article?

Researcher's Notebook: Hunting Megalodon Fossils

|
By Robert Simmons
| ReversingLabs
The "megalodon" supply chain attack starting on approximately May 18, 2026 compromised numerous GitHub Action YAML configuration files with a base64 encoded malicious script. The C2 used in this campaign was hosted on the IP address 216.126.225[.]129. By analyzing the response content from the web server running on this IP, the campaign is found to be related to an earlier attack that included a similar credential stealer script as well as a coin miner in a malicious Docker container.
Open in Who Shared Issue with article?
See all 23 articles
 •  Privacy  •  Terms  •  Security and Legal  •   •   •   • 

© 2026 Muck Rack

SOC 2® Certified