Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with…
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining…
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
Aug 27, 2025Ravie LakshmananCloud Security / Threat Intelligence A widespread data theft…
What Attackers Are Doing With Them
When an organization's credentials are leaked, the immediate consequences are rarely visible—but…
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
Aug 02, 2025Ravie LakshmananThreat Detection / SSH Security Cybersecurity researchers have flagged…
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Jul 31, 2025Ravie LakshmananPhishing / Threat Intelligence Cybersecurity researchers have disclosed details…
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
Jul 29, 2025Ravie LakshmananPhishing / Developer Security The maintainers of the Python…
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
Jul 28, 2025Ravie LakshmananMalware / Developer Tools In what's the latest instance…
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials
Jul 23, 2025Ravie LakshmananWindows Security / Cryptocurrency The Windows banking trojan known…