credential harvesting

A low-cost, high-impact trick is resurfacing with fresh polish: a cybercrime crew tracked by Microsoft as Storm-2561 has been distributing trojanized VPN clients — convincing MSI installers that sideload malicious DLLs and harvest corporate credentials — by deliberately manipulating search...

Storm-0501’s latest operation — a hybrid assault that began on-premises, pivoted into Azure, exfiltrated and destroyed cloud data, and culminated in a ransom demand delivered through a compromised Microsoft Teams account — marks a stark turning point in how ransomware actors pursue profit and...

A new wave of targeted phishing attacks is sweeping through organizations, exploiting a legitimate Microsoft 365 feature to wreak havoc from inside the trusted walls of enterprise email. Security researchers have recently uncovered threat actors using the Microsoft 365 “Direct Send” capability...

An alarming surge in sophisticated hacker activity is threatening the security of Microsoft accounts worldwide, with cybercriminals successfully bypassing even advanced defenses such as two-factor authentication. Security researchers at Proofpoint have unearthed an ingenious credential phishing...

The evolution of phishing campaigns in the cloud era has introduced a new breed of attacks that are increasingly hard to spot, even for seasoned security professionals. Among these, a recent campaign targeting Microsoft 365 logins stands out for its cunning use of Microsoft OAuth applications...

In a rapidly evolving threat landscape marked by sophisticated digital deception, the Scattered Spider hacking group has carved out a notorious reputation for exploiting trust—both technological and human—to compromise some of the world’s most widely used platforms. Recent advisories from...

A new era of phishing is underway, and the stakes have never been higher for organizations relying on Microsoft 365, Okta, and similar cloud-driven services. The weaponization of artificial intelligence, most recently exemplified by the abuse of Vercel’s v0 generative AI design tool, has made it...

In the ever-evolving landscape of cybersecurity, attackers continually adapt their methods to bypass advanced defenses. A recent development in this cat-and-mouse game is the emergence of "RemoteMonologue," a technique that exploits the Distributed Component Object Model (DCOM) in Windows...

In recent months, cybersecurity experts have observed a significant uptick in sophisticated phishing attacks targeting Microsoft 365 users. These attacks often employ malicious HTML attachments to bypass traditional email security measures, posing substantial risks to organizations worldwide...

A surge in targeted cyber espionage operations—orchestrated not just by rogue actors but by state-sponsored groups—has redefined threat landscapes for military and political organizations. One striking recent example involves a Türkiye-linked threat actor, dubbed “Marbled Dust” by Microsoft...

A new breed of phishing attack is shaking up the cybersecurity landscape for Windows and Microsoft 365 users alike. Gone are the days when cybercriminals relied solely on lookalike domains and basic email spoofing. Today’s attackers have taken a page from the playbook of legitimate IT...

You’ve got mail! It’s from DocuSign, and it looks super legit—a fresh PDF file buzzing with urgency. But spoiler alert, not every DocuSign request deserves a click. If you’re in Europe (or monitor the IT landscape there), brace yourself: a sophisticated phishing campaign is targeting over 20,000...

Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...

Original release date: October 27, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...

Original release date: October 20, 2017 Systems Affected Domain Controllers File Servers Email Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...