News

Cookie-Bite attack PoC uses Chrome extension to steal session tokens
Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, ...
Microsoft Entra account lockouts caused by user token logging mishap
Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens ...
Phishers abuse Google OAuth to spoof Google in DKIM replay attack
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from ...
7 Steps to Take After a Credential-Based cyberattack
Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your ...
State-sponsored hackers embrace ClickFix social engineering tactic
ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced ...
New Android malware steals your credit cards for NFC relay attacks
A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks ...
SonicWall SMA VPN devices targeted in attacks since January
A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active ...
Windows NTLM hash leak flaw exploited in phishing attacks on governments
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing ...
FBI: Scammers pose as FBI IC3 employees to 'help' recover lost funds
The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other ...
Chinese hackers target Russian govt with upgraded RAT malware
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail ...
Cisco Webex bug lets hackers gain code execution via meeting links
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain ...
Apple fixes two zero-days exploited in targeted iPhone attacks
Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated ...