credential theft

A new browser-based threat dubbed the “Cookie-Bite” attack is capturing the cybersecurity community’s attention, raising major concerns over the integrity of authentication within cloud environments like Microsoft Azure, Microsoft 365, Google Workspace, AWS, and others. The discovery, recently...

Microsoft's March and April 2025 Patch Tuesday updates have revealed and addressed a troubling development in cybersecurity: the rapid weaponization of a "less likely to be exploited" NTLM hash-leaking vulnerability, CVE-2025-24054, alongside other critical zero-day flaws emerging in both...

Microsoft's Patch Tuesday updates in March 2025 unveiled a significant security challenge tied to the legacy NTLM protocol widely used across Windows environments. Despite Microsoft's rating of the vulnerability CVE-2025-24054 as "less likely" to be exploited, threat actors demonstrated their...

In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...

A Tale of Two Breaches: Microsoft and Apple Patch Rapidly Exploited Vulnerabilities When Microsoft released its batch of security updates on March 11 during Patch Tuesday, few in the broader security community could have predicted just how quickly threat actors would weaponize one particular...

Few threats in cybersecurity are as persistent and adaptable as phishing, and the hospitality sector has long been a lucrative target for cybercriminals driven by the promise of valuable credentials, financial data, and the prospect of high-impact fraud. One of the latest campaigns, meticulously...

If you’ve already started mentally composing your next big idea in Outlook, you might want to hit “Save as Draft” for a moment—there’s a new cyberattack in town, and it’s got your Microsoft 365 credentials written all over it... possibly in Cyrillic. A New Breed of Phishing: Sophisticated Social...

Microsoft 365 account holders, it’s time to clutch your credentials like your last stick of office coffee—hackers have orchestrated another clever plot, this time through everyone’s favorite messaging apps. If you thought WhatsApp and Signal were just for family chats and cryptic office banter...

Once upon a time in the bustling land of corporate IT, passwords roamed freely through Windows networks, blissfully unaware that NTLM—the venerable but rather creaky gatekeeper of authentication—was about to get a rude awakening courtesy of modern cybercriminals. The NTLM Elephant in the Room...

If you’ve ever wondered whether the relics of IT’s past can come back to haunt you, look no further than NTLM authentication—a sort of ancient curse that’s less Indiana Jones and more Office Space. Windows still ships with this timeworn authentication protocol enabled by default. While it was a...

When Microsoft stamped its latest security vulnerability as low risk, they probably didn’t expect hackers to treat it like Black Friday at a bug bazaar. Turning "Low Risk" into Worldwide Mayhem: The Unlikely Rise of CVE-2025-24054 On March 11—just another Patch Tuesday in corporate IT...

Red teams have a new trick up their sleeve. In an era when Microsoft fortifies credential theft defenses and Endpoint Detection and Response (EDR) systems evolve at breakneck speed, attackers are shifting away from classic payload-based methods. Enter RemoteMonologue—a highly innovative...

In an alarming turn of events for Windows users everywhere, a new zero-day vulnerability has emerged, affecting all versions of Windows 11, Windows 10, and Windows Server. This vulnerability is particularly concerning as it allows attackers to steal NTLM (New Technology LAN Manager) credentials...

In today's rapidly evolving cybersecurity landscape, Microsoft 365 environments are facing a new breed of sophisticated attacks that exploit one of the most trusted authentication methods—OAuth. Recent investigations have revealed that threat actors are leveraging fake OAuth applications...

Windows users and IT professionals need to take extra caution as attackers continuously refine their phishing playbook. Recent reports reveal that sophisticated adversaries are leveraging vulnerabilities in OAuth 2.0 redirection flows to target Microsoft 365 environments. In these OAuth-themed...

Let’s dive into a cybersecurity issue that should have every Windows 11 user and enterprise administrator on high alert. Researchers have recently uncovered a sinister exploitation of IBM i Access Client Solutions (ACS), an essential tool for managing IBM i systems, which attackers have cleverly...

Cybersecurity experts and enthusiasts, take a seat—this one’s a ride into the cutting-edge of cybercrime. A newly identified Adversary-in-the-Middle (AiTM) phishing kit dubbed “Sneaky Log” has been making waves in the underground cybercrime market. This innovative kit is specifically targeting...

Technology sure is a double-edged sword—a phrase perfectly illustrated by recent reports that hackers have misused Microsoft’s Azure OpenAI services. This isn’t your typical ransomware or phishing attack; this is a direct exploitation of some of the most advanced generative AI tools on Earth. If...

In a chilling revelation by Microsoft, hackers breached its Azure OpenAI services, bypassing safeguards to weaponize its generative AI tools for creating "harmful and offensive content". Azure OpenAI, designed to integrate OpenAI’s transformative AI technologies like ChatGPT and DALL-E into...

In a chilling demonstration of how well-coordinated phishing campaigns can wreak havoc, attackers recently targeted corporate Microsoft Azure environments by wielding malicious DocuSign PDF files. These attacks, according to Palo Alto Networks' Unit 42, aimed at infiltrating European automotive...