credential
-
Threat Actors Use “Atlantis AIO” Tool to Automate Credential Stuffing Attacks
In a concerning development for cybersecurity professionals, threat actors are increasingly utilizing a powerful tool called Atlantis AIO to automate…
Read More » -
Cloudflare Attributes Service Outage to Faulty Password Rotation
Cloudflare experienced a significant service outage that affected several of its key offerings, including R2 object storage, Cache Reserve, Images,…
Read More » -
Hackers Use Fake Meta Emails to Steal Ad Account Credentials
A recent phishing campaign uncovered by the Cofense Phishing Defense Center (PDC) has been exploiting fake Meta emails to deceive…
Read More » -
RansomHub Affiliate Deploys New Custom Backdoor “Betruger” for Persistent Access
Symantec’s Threat Hunter team has identified a sophisticated custom backdoor named “Betruger” linked to a RansomHub affiliate. This newly discovered…
Read More » -
AWS SNS Exploited for Data Exfiltration and Phishing Attacks
Amazon Web Services’ Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service that facilitates communication between applications and…
Read More » -
Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft
The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware, a sophisticated infostealer designed to…
Read More » -
Implementing Identity First Security for Zero Trust Architectures
Zero Trust is a security framework that operates under the assumption that no implicit trust exists within a network. Every…
Read More » -
Google Launches Shielded Email to Keep Your Address Hidden from Apps
Google is rolling out a new privacy-focused feature called Shielded Email, designed to prevent apps and services from accessing users’ primary…
Read More » -
New GitHub Scam Uses Fake “Mods” and “Cracks” to Steal User Data
A sophisticated malware campaign leveraging GitHub repositories disguised as game modifications and cracked software has been uncovered, exposing a dangerous…
Read More » -
Chinese Hackers Exploit Check Point VPN Zero-Day to Target Organizations Globally
A sophisticated cyberespionage campaign linked to Chinese state-sponsored actors has exploited a previously patched Check Point VPN vulnerability (CVE-2024-24919) to…
Read More » -
New Pass-the-Cookie Attacks Bypass MFA, Giving Hackers Full Account Access
Multi-factor authentication (MFA), long considered a cornerstone of cybersecurity defense, is facing a formidable new threat: “Pass-the-Cookie” attacks. Recent findings reveal…
Read More » -
MITRE Releases OCCULT Framework to Address AI Security Challenges
MITRE has unveiled the Offensive Cyber Capability Unified LLM Testing (OCCULT) framework, a groundbreaking methodology designed to evaluate risks posed…
Read More » -
Nagios XI Flaw Exposes User Details and Emails to Unauthenticated Attackers”
A security vulnerability in Nagios XI 2024R1.2.2, tracked as CVE-2024-54961, has been disclosed, allowing unauthenticated attackers to retrieve sensitive user…
Read More » -
PoC Exploit Released for Ivanti EPM Vulnerabilities
A recent investigation into Ivanti Endpoint Manager (EPM) has uncovered four critical vulnerabilities that could allow unauthenticated attackers to exploit…
Read More » -
Zacks Investment Data Breach Exposes 12 Million Emails and Phone Numbers
A cybersecurity incident at Zacks Investment Research has exposed sensitive data belonging to 12 million users, marking the second major…
Read More » -
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins
A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication…
Read More » -
Real-World AD Breaches and the Future of Cybersecurity
Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning and automation capabilities to simulate sophisticated…
Read More »