account hijacking
How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise …
Identity crimes reach all-time high
The Identity Theft Resource Center (ITRC) has published a report that looks at the identity crimes committed against individuals as reported by the victims of those crimes. In …
DigitalOcean customers affected by Mailchimp “security incident”
A recent attack targeting crypto-related users of Mailchimp has ended up affecting users of cloud infrastructure provider DigitalOcean, the latter company has announced on …
GM, Zola customer accounts compromised through credential stuffing
Customers of automaker General Motors (GM) and wedding planning company Zola have had customer accounts compromised through credential stuffing, and the criminals have used …
Hijacking of popular ctx and phpass packages reveals open source security gaps
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …
Account pre-hijacking attacks possible on many online services
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on …
Record level of bad bot traffic contributing to rise of online fraud
Bad bots, software applications that run automated tasks with malicious intent, accounted for a record-setting 27.7% of all global website traffic in 2021, up from 25.6% in …
Popularity of online payment goes hand-in-hand with fraud
NICE Actimize has released a report that identifies and analyzes the leading fraud threats and patterns that impacted leading global financial institutions in 2021. Noting …
New npm flaws let attackers better target packages for account takeover
In this video for Help Net Security, Yakir Kadkoda, Lead Security Researcher, and Assaf Morag, Lead Data Analyst at Aqua Security, talk about new npm flaws that allow …
Traditional identity fraud losses soar, totalling $52 billion in 2021
A study shows that traditional identity fraud losses, caused by criminals illegally using victims’ information to steal money, exploded in 2021 to $24 billion — an alarming …
Attackers have come to love APIs as much as developers
Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed in the last half of …
Phishing kits that bypass MFA protection are growing in popularity
The increased use of multi-factor authentication (MFA) has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. A current …
Featured news
Resources
Don't miss
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)