account hijacking
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: …
Open-source Rafel RAT steals info, locks Android devices, asks for ransom
The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money …
361 million account credentials leaked on Telegram: Are yours among them?
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials …
How fraudsters stole $37 million from Coinbase Pro users
A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – …
Okta warns customers about credential stuffing onslaught
Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential …
Microsoft: Russian hackers accessed internal systems, code repositories
Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country’s Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft …
Spoutible API exposed encrypted password reset tokens, 2FA secrets of users
A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the …
Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)
Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have …
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have …
SEC’s X account hacked to post fake news of Bitcoin ETF approval
Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the …
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns
Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications …
Booking.com customers targeted in hotel booking scam
Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. …
Featured news
Sponsored
Don't miss
- Windows users targeted with fake human verification pages delivering malware
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
- FBI forced Flax Typhoon to abandon its botnet
- Differential privacy in AI: A solution creating more problems for developers?
- How digital wallets work, and best practices to use them safely