Please turn on your JavaScript for this page to function normally.
Microsoft Russia
Microsoft: Russian hackers accessed internal systems, code repositories

Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country’s Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft …

Spoutible
Spoutible API exposed encrypted password reset tokens, 2FA secrets of users

A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the …

Mastodon
Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)

Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have …

GitLab
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)

A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have …

Securities and Exchange Commission
SEC’s X account hacked to post fake news of Bitcoin ETF approval

Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the …

Microsoft
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns

Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications …

warning scam
Booking.com customers targeted in hotel booking scam

Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. …

GenAI
Rise in automated attacks troubles ecommerce industry

Automated attacks on application business logic, carried out by sophisticated bad bots, were the leading threat for online retailers, according to Imperva. In addition, …

Microsoft
Microsoft Authenticator suppresses suspicious MFA notifications

Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. …

Okta breach post mortem reveals weaknesses exploited by attackers

The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our …

malware
Compromised Skype accounts deliver DarkGate malware to employees

A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. “Versions of DarkGate …

Facebook
Requests via Facebook Messenger lead to hijacked business accounts

Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing …

Don't miss

Cybersecurity news