Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with…
Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication
Aug 29, 2025Ravie LakshmananThreat Intelligence / Malware Amazon on Friday said it…
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
Cybersecurity researchers have detailed a new cluster of activity where threat actors…
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Jul 31, 2025Ravie LakshmananPhishing / Threat Intelligence Cybersecurity researchers have disclosed details…
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a "zero-click"…
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Jun 04, 2025Ravie Lakshmanan Threat Intelligence / Data Breach Google has disclosed…
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
May 23, 2025Ravie LakshmananCloud Security / VulnerabilityThe U.S. Cybersecurity and Infrastructure Security…
Mastering the Shared Responsibility Model
Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental…
PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices
Feb 27, 2025Ravie LakshmananVulnerability / Network Security A new malware campaign has…