Please turn on your JavaScript for this page to function normally.
Microsoft Entra ID
Researchers warn of ongoing Entra ID account takeover campaign

Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have …

hand
Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group

The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in …

WordPress
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)

A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated …

Microsoft 365 phishing
Attackers phish OAuth codes, take over Microsoft 365 accounts

Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics …

phishing
If you think you’re immune to phishing attempts, you’re wrong!

Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained …

GitHub
GitHub project maintainers targeted with fake security alert

A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and …

account takeover
Account takeover detection: There’s no single tell

Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one …

Microsoft 365 phishing
Threat actors are using legitimate Microsoft feature to compromise M365 accounts

Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) …

russian flag
How Russian hackers went after NGOs’ WhatsApp accounts

Star Blizzard, a threat actor tied to the Russian Federal Security Service (FSB), was spotted attempting to compromise targets’ WhatsApp accounts through a clever …

Europe
European companies hit with effective DocuSign-themed phishing emails

A threat actor looking to take over the Microsoft Azure cloud infrastructure of European companies has successfully compromised accounts of multiple victims in different …

package
Solana’s popular web3.js library backdoored in supply chain compromise

A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player …

Hot Topic
Hot Topic breach: Has your credit card info been compromised?

If you’re wondering whether your personal and financial data has been compromised in the massive Hot Topic breach, you can use two separate online tools to check: Have I …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools