Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide.

Passwords 124

Passwords Accountability Authentication Malware 124

The Hacker News

JUNE 11, 2025

Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts.

Accountability 115

Accountability Penetration Testing Cybersecurity 115

Penetration Testing

JUNE 11, 2025

GitLab issues urgent updates for high-severity flaws in CE/EE, including HTML injection (account takeover) and CI/CD code injection. Upgrade to 18.0.2, immediately.

Accountability 106

Accountability Cybersecurity 106

Krebs on Security

DECEMBER 3, 2024

A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024. ”

Cybercrime 300

Cybercrime Phishing Accountability Internet 300

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking 294

Hacking Accountability Government Social Engineering 294

Malwarebytes

APRIL 16, 2025

In a new version of the old Hello pervert emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems. The scammer says they know your password or compromised your account. Often youre only allowed one day to pay.

Accountability 124

Accountability Scams Passwords Phishing 124

The Hacker News

JUNE 8, 2025

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things.

Accountability 127

Accountability Media Technology Malware 127

The Hacker News

JUNE 10, 2025

Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's account recovery feature.

Accountability 117

Accountability Risk 117

Malwarebytes

NOVEMBER 22, 2024

Meta provided insight this week into the company’s efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Never give money to anyone you’ve met online Get a second opinion from someone you trust If in doubt, back away and report the account.

Accountability 132

Accountability Scams Cryptocurrency Identity Theft 132

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Schneier on Security

NOVEMBER 6, 2024

“This scale, combined with quick operational turnover of compromised credentials between CovertNetwork-1658 and Chinese threat actors, allows for the potential of account compromises across multiple sectors and geographic regions.” The average uptime for a CovertNetwork-1658 node is approximately 90 days.

Passwords 309

Passwords IoT Accountability Internet 309

Krebs on Security

NOVEMBER 1, 2024

.” “That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued. SecureWorks said these attacks had been going on since at least March 2023.

Phishing 276

Phishing Accountability Artificial Intelligence Cybercrime 276

Penetration Testing

JUNE 9, 2025

CVSS vulnerability in PayU CommercePro for WordPress allows unauthenticated admin account takeover. A critical 9.8 No patch available, immediate removal advised.

Accountability 82

Accountability Cybersecurity 82

Krebs on Security

OCTOBER 30, 2024

.” But in June 2024 testimony to the Senate Finance Committee, it emerged that the intruders had stolen or purchased credentials for a Citrix portal used for remote access, and that no multi-factor authentication was required for that account. Last month, Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.) Mark Warner (D-Va.)

Healthcare 300

Healthcare Insurance Computers and Electronics Data breaches 300

Penetration Testing

JUNE 10, 2025

allows account takeover via PoC, impacting all versions. A critical CVSS 9.8 flaw (CVE-2025-49653) in Backend.AI Vendor has not issued a patch.

Accountability 70

Accountability Cybersecurity 70

The Hacker News

MAY 19, 2025

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI.

Accountability 110

Accountability Cybersecurity 110

Schneier on Security

OCTOBER 30, 2024

Typically, I create the public and private keypair on my laptop and upload the public key to Amazon, which bakes my public key into the server’s administrator account. My laptop and that remove server are thus entangled, in that the only way to log into the server is using the key on my laptop.

Accountability 298

Accountability Risk Malware Hacking 298

Krebs on Security

NOVEMBER 21, 2024

That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina. Click to enlarge.

Identity Theft 269

Identity Theft Phishing Cryptocurrency Accountability 269

Schneier on Security

FEBRUARY 19, 2025

Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account.

Phishing 218

Phishing Authentication Accountability Passwords 218

Krebs on Security

FEBRUARY 4, 2025

The email address used for those accounts was f.grimpe@gmail.com. Constella says that email address is tied to a Twitter/X account for Shoppy Ecommerce in Israel. Indeed, both StarkRDP and FloraiN have posted to their accounts on Telegram that there were no charges levied against the proprietors of 1337 Services GmbH.

eCommerce 218

eCommerce Cybercrime Accountability Passwords 218

Krebs on Security

JANUARY 22, 2025

Caturegli said while he does have an account on Bugcrowd, he has never submitted anything through the Bugcrowd program, and that he reported this issue directly to MasterCard. The Russian search giant Yandex reports this user account belongs to an “Ivan I.” MasterCard’s request to Caturegli, a.k.a.

DNS 362

DNS Internet Internet Risk 362

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking 259

Hacking Government Identity Theft Accountability 259

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. With our law enforcement partners, we will continue to aggressively investigate, pursue, and hold accountable the crooks who perpetrate frauds online, wherever they are.”

Accountability 143

Accountability Banking Internet Internet 143

Schneier on Security

JANUARY 13, 2025

They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use. It was a sophisticated scheme: The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft’s AI services, the suit alleged.

Hacking 271

Hacking Authentication Accountability 271

Malwarebytes

MARCH 4, 2025

The Docusign Application Programming Interface (API) allows customers to send emails that come from genuine Docusign accounts, and they can use templates to impersonate reputable companies. Weve identified an unauthorized transaction made from your PayPal account to Coinbase: Amount: $755.38

Scams 139

Scams Accountability Phishing Banking 139

Malwarebytes

APRIL 22, 2025

Cybercriminals are abusing Googles infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. The difference is that anyone with a Google account can create a website on sites.google.com. Instead create an account on the service itself.

Risk 145

Risk Accountability Scams Phishing 145

Troy Hunt

FEBRUARY 25, 2025

It's those credentials that are then sold in the stealer logs and later used to access the victim's accounts, which is the second exploitation. Another path had "ve", so it was off to Caracas and the Venezuelan victim's account was confirmed. You get the idea.

Passwords 362

Passwords Accountability VPN Malware 362

Krebs on Security

NOVEMBER 19, 2024

The Telegram account that abyss0 listed in their sales thread appears to have been suspended or deleted. Likewise, abyss0’s account on BreachForums no longer exists, and all of their sales threads have since disappeared. Maybe abyss0 found a buyer who paid for their early retirement.

Data breaches 308

Data breaches Banking Cybercrime Advertising 308

Troy Hunt

DECEMBER 7, 2024

I post lots of pics to my Facebook account , and if none of that is interesting, here's this week's video on more infosec-related topics: References Sponsored by:  Cyberattacks are guaranteed. Is your recovery?

InfoSec 260

InfoSec Government Accountability 260

Krebs on Security

DECEMBER 11, 2024

wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work The site Verif dot work, which processes payments through Cryptomus, sells financial accounts, including debit and credit cards. work and kopeechka[.]store store ; -anonymity or “proxy” providers like crazyrdp[.]com

Cryptocurrency 288

Cryptocurrency Banking Cybercrime Advertising 288

Krebs on Security

DECEMBER 19, 2024

” According to Intel 471, this same Discord account was advertised in 2019 by a person on the cybercrime forum Cracked who used the monikers “ ORN ” and “ ori0n.” In 2022, Araneida told fellow Breached members they could be reached on Discord at the username “ Ornie#9811.” 2023 on the forum Cracked.

Hacking 249

Hacking Cybercrime Advertising Data breaches 249

Krebs on Security

JANUARY 31, 2025

“Those payments would instead be redirected to a financial account the perpetrators controlled, resulting in significant losses to victims,” the DOJ wrote. “These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes.

Phishing 273

Phishing Cybercrime Advertising Malware 273

Security Affairs

NOVEMBER 30, 2024

A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. “It is true our accounts were hacked into but not to the extent of what is being reported. billion shillings and that the stolen funds were transferred into accounts in Japan and the UK.

Banking 143

Banking Government Accountability Hacking 143

Malwarebytes

DECEMBER 3, 2024

While hard to measure precisely, tech support scams accounted for $924M, according to the FBI’s 2023 Internet Crime Report. We’ve identified specific advertiser accounts that make up the bulk of fraudulent ads we have reported to Google this past year.

Scams 136

Scams Advertising Accountability Engineering 136

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. The ransomware gang claims to have stolen sensitive data including accounting info and contracts. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware 127

Ransomware Hacking Accountability Cyber Attacks 127

Security Affairs

JANUARY 2, 2025

The “DoubleClickjacking” exploit bypasses protections on major websites, using a double-click sequence for clickjacking and account takeover attacks. Attackers can exploit the technique to facilitate clickjacking attacks and account takeovers on almost all major websites. ” Paulos Yibelo wrote.

Accountability 121

Accountability Authentication Hacking Information Security 121