credential theft

A new wave of highly sophisticated phishing scams has placed millions of Microsoft 365 users at increased risk, with recent campaigns focusing on colleges and universities such as Seton Hall. These scams exploit a deepening trust in digital communications and modern security tools, employing...

A newly disclosed exploit chain targeting Microsoft SharePoint servers is sending shockwaves across enterprise IT and cybersecurity circles, revealing a sophisticated blend of zero-day and known vulnerabilities that enable cyber attackers to gain near-total control of systems. Security agencies...

An alarming new wave of cybercrime has emerged, leveraging the very security tools designed to shield organizations from harm. Recent research reveals that phishing actors are now abusing link-wrapping and URL-rewriting services—trusted pillars of enterprise email protection—to sneak malicious...

Cybercriminals have developed a sophisticated method to compromise Microsoft 365 accounts by exploiting link-wrapping services, notably those provided by Proofpoint and Intermedia. This technique involves manipulating the very tools designed to protect users, thereby increasing the effectiveness...

A new wave of cyberattacks has exposed a dangerous flaw in trusted email security services, as hackers have successfully exploited protective link-wrapping features to orchestrate large-scale phishing campaigns targeting Microsoft 365 logins. By hijacking the mechanisms designed to keep users...

Cloudflare has issued a stark warning about a new and highly sophisticated wave of phishing attacks targeting Microsoft 365 users, drawing attention to a dangerous exploitation of a trusted email security feature: link wrapping. In recent weeks, both enterprise and consumer accounts have come...

A wave of highly sophisticated phishing attacks has put Microsoft 365 users—and the very foundations of modern email security—at risk, exposing a perilous paradox: the same technologies designed to protect cloud productivity platforms are now being systematically exploited to facilitate...

A sophisticated phishing campaign exploiting trusted email security tools has rattled the cybersecurity landscape, exposing a dismally clever strategy that turns protective mechanisms into attack vectors. Between June and July 2025, researchers at Cloudflare uncovered an operation wherein...

Attackers have found a chillingly effective way to subvert defenses integrated into the heart of enterprise email security. According to new research from Cloudflare, threat actors are actively exploiting “link wrapping” services—offered by reputable vendors like Proofpoint and Intermedia—to...

Cybercriminals are once again redefining the threat landscape, this time by exploiting trusted email security mechanisms to compromise Microsoft 365 accounts. In a sophisticated new campaign, threat actors have weaponized link-wrapping services—previously considered pillars of safe email...

Cybercriminals have once again proven their adaptability by leveraging trusted technology—from cybersecurity companies themselves—to bypass email defenses and target Microsoft 365 users. In a revealing discovery, threat actors have been exploiting link-wrapping services from well-known vendors...

Phishing campaigns continue to evolve, adapting to security systems and adopting new tactics to dupe even vigilant users. Recent findings have uncovered a sophisticated Microsoft MFA phishing scheme that leverages the OAuth authorization framework—specifically, Microsoft OAuth applications—to...

Phishing campaigns have always shaped themselves around the contours of new technology, but the latest surge targeting Microsoft OAuth applications marks a seismic shift in both attacker strategy and the effectiveness of their exploits. In 2025, security researchers uncovered a wave of hybrid...

Phishing campaigns have always evolved in tandem with advances in enterprise security, but the latest wave targeting Microsoft OAuth applications represents a stunning leap in both sophistication and effectiveness. This ongoing campaign, first identified in early 2025, exemplifies a new breed of...

Disaster resilience in the cloud era is often painted as a technical sprint towards ever-better backups, clever failovers, and bulletproof storage replication. But beneath the shiny surface of business continuity lies a quieter, sometimes overlooked foundational truth: identity is the keystone...

The npm JavaScript ecosystem has once again been rocked by a coordinated malware campaign, this time targeting both cross-platform and Windows-specific environments through widely trusted packages. The incident, centered around the highly popular "is" package and several linting tools associated...

Interlock ransomware has quickly ascended from a little-known name in late 2024 to a top-tier threat that’s been hammering organizations across North America and Europe through 2025. While other ransomware groups have faltered or faded, Interlock actors show a relentless willingness to innovate...

Britain’s cybersecurity landscape is once again in sharp focus after confirmation that the UK’s National Cyber Security Centre (NCSC) has detected a “limited number” of domestic victims in the recent Microsoft hack campaign. While not on the scale of some prior, sweeping incidents, the attack...

In recent developments, cybersecurity researchers have uncovered a sophisticated phishing toolkit named PoisonSeed, designed to circumvent the robust protections offered by FIDO2 authentication. This malicious tool targets users of Microsoft 365, Google Workspace, and Okta by redirecting their...

The UK National Cyber Security Centre (NCSC) has formally attributed the 'Authentic Antics' malware attacks to APT28, also known as Fancy Bear, a threat actor linked to Russia's military intelligence service (GRU). This sophisticated malware campaign targets Microsoft 365 users, aiming to steal...