account takeover

Russian state-linked cyber operators are again leaning on a familiar but still highly effective tactic: phishing the person instead of breaking the platform. The latest warning from CISA and the FBI says campaigns tied to Russian intelligence services have been targeting commercial messaging...

Siemens’ Mendix SAML module contains a high‑severity flaw that, under certain single sign‑on (SSO) configurations, can allow unauthenticated remote attackers to bypass SAML signature verification and hijack user accounts — a vulnerability tracked as CVE‑2025‑40758 with a CVSS v3.1 base score of...

Cybercriminals are once again redefining the threat landscape, this time by exploiting trusted email security mechanisms to compromise Microsoft 365 accounts. In a sophisticated new campaign, threat actors have weaponized link-wrapping services—previously considered pillars of safe email...

Phishing campaigns have always shaped themselves around the contours of new technology, but the latest surge targeting Microsoft OAuth applications marks a seismic shift in both attacker strategy and the effectiveness of their exploits. In 2025, security researchers uncovered a wave of hybrid...

Sophisticated cyber adversaries have shifted tactics in recent months, exploiting fake Microsoft OAuth applications in tandem with advanced phishing toolkits such as Tycoon and ODx to compromise Microsoft 365 accounts worldwide. These attacks, tracked by researchers and security vendors...

A new and deeply concerning evolution in cyberattack methodology is putting Microsoft Entra ID (formerly known as Azure Active Directory) users and organizations at unprecedented risk. This surge in account takeover (ATO) campaigns exploits TeamFiltration—a legitimate penetration testing tool...

Arkose Labs, a leader in fraud prevention, has recently deepened its collaboration with Microsoft by participating in the Microsoft Security Copilot Partner Private Preview. This initiative aims to integrate Arkose Labs' advanced bot management solutions with Microsoft's AI-driven security...

The recent report from Security Magazine uncovers a cunning phishing campaign that exploits Microsoft 365 infrastructure—a move that demonstrates how modern threat actors leverage trusted platforms to launch sophisticated attacks. In this campaign, malicious actors manipulate legitimate...

In a stark reminder of the ever-changing landscape of cybersecurity, new research from Proofpoint exposes a worrying trend for Microsoft 365 users. It turns out, 78% of these users have been targeted by account takeover attempts. At the heart of these new-age attacks is a group of seemingly...

Microsoft 365 users have become the latest target in a rapidly evolving cyber battleground. A recent study by cybersecurity firm Proofpoint has revealed that a staggering 78% of Microsoft 365 accounts have been subjected to account takeover attempts. The driving force behind these breaches...

In an era where Microsoft 365 environments have become the lifeblood of businesses, a new threat vector is emerging as cybercriminals adapt their tactics by leveraging HTTP client tools. A recent report reveals that over three-quarters of Microsoft 365 tenants experienced at least one account...

Ah, the digital age—a time where your email inbox holds more secrets than your diary ever could. But what happens when those secrets are no longer yours to keep? Welcome to 2025, where cyber marauders have found new ways to finesse their way into Microsoft 365 accounts using nothing more obscure...

Greetings Windows enthusiasts and cyber warriors! Buckle up as we delve into the dark alleys of cybercrime, where villains are getting more innovative every day. Today we're unpacking a new method of attack on the beloved Microsoft 365 platform using HTTP client tools to commandeer accounts...